[mjg59]

I only know what "identity" means in this case because I've read the SDK docs. There's any number of things that phone identity could mean other than IMEI.

(Before you accuse me of just wanting to restrict what people can do with their devices, I'm on the board of directors of the Free Software Foundation - I am very, very interested in ensuring that ultimately end-users are able to do whatever they want to do with things that they own. But that's not incompatible with the OS being designed to do its best to ensure informed consent for whatever an ap wants to do)

[izacus]

Of course, but is there even a way to phrase this better? Google could (and probably should) write "allows access to IMEI", but I'm not sure that adds a lot of informational content.

Don't get me wrong - I think this is still a severe problem. The fact that Google made a half-arsed solution where apps can just target older API and get away without asking for permission is horrible. The fact that apps can extort users with "give us contacts or I won't run" is also horrible.

But I'm out of ideas on how to fix this without giving control over to a single huge corporate entity which will rather lock you out of your own device than to deal with slight possibility of and kind of liability :/

[mjg59]

My understanding is that iOS doesn't give apps access to the IMEI - it gives them a tracking identifier that users can disable. Having the OS empower users feels like a better solution than obfuscating what information you're giving up to apps.

[izacus]

Android has it as well - you either have the "Advertising ID" which behaves the same way as the iOS one (requires no permission on either OS) or ANDROID_ID (also requires no permission).

Both are reset with factory reset, but apps still for some reason demand tracking via IMEI.

[pwg]

> Both are reset with factory reset, but apps still for some reason demand tracking via IMEI.

Because from the marketers perspective, a fixed, constant, identifier of a particular phone beats out one that can change periodically. There's more tracking and big-data possibilities from the fixed never changing IMEI value. So that is what they want.

[Aissen]

Except you probably want the reset anyway, since most normal people don't factory reset unless the phone changes owner.

[pwg]

What I personally would want is no way for any advertiser to ever send any ad to my phone in any way, ever.

But given that I'll not likely ever reach that point, I'd settle for those advertisers not receiving any unique identifier from my phone that allows them to know anything more than "ad X was sent to an anonymous phone".

[pwg]

> Google could (and probably should) write "allows access to IMEI",

That works perfectly for us technical minded folk.

For the vast majority of the Android user base (the 99% who are not us technical folk), that is just as opaque a description as "access phone state". They will simply have no idea what an IMEI is, nor will they have any idea of the implications of allowing an app to have access to the IMEI.

The one difference is that warnings to those users could be phrased as "do not allow apps access to your IMEI because ...", which they might understand (eventually) without needing to know what an IMEI happens to be.