Privacy is a growing concern for many people, businesses and governments worldwide. People are demanding privacy enhancements, governments and regulatory bodies are responding with legislation (e.g. GDPR, CCPA) and industry is reacting in kind.
The rapidly developing technology, mobile device and privacy landscape is of particular interest to many. A recent and positive step forward is the enhanced permission requirements that are necessary to access unique device identifiers on Android based mobile operating systems (Android 10 and up).
This positive step forward, however, may have an unexpected impact on the App, Analytics and Mobile Network Operator ecosystems as TAC and IMEI were not independently accessible. We’re happy to highlight that DeviceAtlas has developed and submitted a “contribution”, that is now live in Android 10, that separates TAC (a data point that is not a unique device identifier) from IMEI (a unique device identifier).
Continue reading to learn how this contribution further enhances end user privacy with minimal industry effort, while also creating many benefits including a high-value cross-ecosystem connection that respects personally identifiable information (PII). But first, let's briefly take look at IMEI and TAC.
What is IMEI?
IMEI, International Mobile Equipment Identity, is a unique device identifier used by GSM networks for various purposes including identification of valid devices. As the IMEI identifies unique devices it can potentially be used to identify an individual and, therefore, can be considered PII.
IMEI is a 15-digit number that consists of the Type Allocation Code (TAC), Serial Number and a Check Digit – learn more about the IMEI format from the GSMA’s IMEI Allocation and Approval Process, here.
What is TAC?
Unlike IMEI, TAC does not identify a unique device. TAC is the first eight digits of the IMEI and identifies a particular device model (e.g. SM-G973F). TACs are issued to manufacturers by the GSMA for each unique model. Similar to device model, TAC, as a single data point, does not contain PII.
There are many use cases for TAC including device authentication, mobile network optimization and app troubleshooting.
The DeviceAtlas Android Contribution For Accessing TAC
Prior to the DeviceAtlas contribution to Android 10, access to the TAC on Android devices was only available by requesting and parsing the IMEI. The getIMEI() TelephonyManager method would be used to return a String, if appropriate permission has already been granted, where the TAC would then be derived.
DeviceAtlas identified an opportunity to enhance privacy with minimal impact to industry and end users. In 2018, DeviceAtlas developed and submitted an Android contribution that subsequently went live in Android 10. A simple method, getTypeAllocationCode(), is now available for developers to return a device’s TAC. This enables developers and companies to continue to leverage TAC but now in a manner that:
- reduces privacy related risk;
- increases efficiency (by reducing necessary compliance requirements as a result of capturing PII); and
- displays enhanced consideration for end user privacy.
Additionally, Android based operating systems (including variants that use the Android Open Source Project) are, and will continue to require, enhanced user permissions to access unique device identifiers. Access to IMEI requires Read_Phone_State permissions, this access request is concerning to users and is now not a necessary request if TAC information is what is required. As the device’s TAC cannot be used to uniquely identify a device, the DeviceAtlas contribution can be used to return the TAC without the unnecessarily restrictive Read_Phone_State permission.
Enhanced Privacy With Minimal Effort
By separating TAC from IMEI in Android 10 and beyond, we believe that we have and will enable more businesses to reduce the amount of PII data that they collect. With over 2.5 billion active Android devices in the world, most likely heading towards Android 10, this functionality improvement will have quite significant benefits. We believe the small adjustment to code will help businesses reduce risk, increase efficiency and enable greater demonstrable compliance with privacy regulation. All this with no impact on their TAC use cases.
Learn more about how businesses in the mobile network operator ecosystem can leverage TAC data for use cases such as enhanced analytics, troubleshooting and network optimization, here.
A High-Value Cross-Ecosystem Connection That Respects PII
In addition to the App ecosystem gaining simple access to an additional unique device model identifier, the added functionality enables a cross-ecosystem connection that respects PII. Historically, the App ecosystem has been a silo, which limits insights and performance enhancement opportunities. As connected devices move freely between different ecosystems, a unique identifier can prove valuable to businesses and their end users. The App ecosystem can now leverage TAC, in a manner that respects privacy, to create a cross-ecosystem connection to the Mobile Network Operator ecosystem (or any other ecosystem using TAC as an index key).
Learn more about how DeviceAtlas enables cross-ecosystem connections in a manner that respects PII.
Another High-Value Afilias Technologies Limited Contribution
Here at Afilias Technologies Limited, a wholly owned subsidiary of Afilias PLC and developers of the DeviceAtlas and DeviceAssure products, we deliver market leading solutions to industry and unrivalled expertise to industry standards.
Our partnerships and involvement with leading industry bodies (e.g. International Telecommunication Union, Global System for Mobile Communications, Interactive Advertising Bureau) along with our contributions to open web standards (e.g. “Editors” of 3 open standards with World Wide Web Consortium, contributors to Internet Engineering Task Force) and open source projects (e.g. Android Open Source Project) enables us to help ensure that industry and end users of connected devices leverage best-in-class solutions and standards.