Question When Unity starts on Android, it's collecting android_id, can we disable it?

GiverDP · Apr 8, 2022

Hi dear Unity,

Recently we had an issue, the 3rd party platform review our Unity game and they found when Unity starts, it's collecting android_id which is not allowed before user agree with the privacy policy. But we can't control it, since Unity is collecting the android_id when it starts up.
We tried to manually disable Unity Connect Settings with the UnityConnectingSettings.asset file, to change the UnityConnectSettings m_Enabled value to 0. And when Unity starts it will not collect the android_id.

I'm wondering if there is proper way to stop Unity collecting android_id when it starts up.

JeffDUnity3D · Apr 8, 2022

GiverDP said: ↑

Hi dear Unity,

Recently we had an issue, the 3rd party platform review our Unity game and they found when Unity starts, it's collecting android_id which is not allowed before user agree with the privacy policy. But we can't control it, since Unity is collecting the android_id when it starts up.
We tried to manually disable Unity Connect Settings with the UnityConnectingSettings.asset file, to change the UnityConnectSettings m_Enabled value to 0. And when Unity starts it will not collect the android_id.

View attachment 1035146

I'm wondering if there is proper way to stop Unity collecting android_id when it starts up.
Click to expand...

Your approach is correct, you can confirm using Charles Proxy. You can also disable all services in the Services window, or do it via scripting https://docs.unity3d.com/ScriptReference/Analytics.Analytics-enabled.html .

GiverDP · Apr 11, 2022

JeffDUnity3D said: ↑

Your approach is correct, you can confirm using Charles Proxy. You can also disable all services in the Services window, or do it via scripting https://docs.unity3d.com/ScriptReference/Analytics.Analytics-enabled.html .
Click to expand...

With the link you posted it doesn't work, I already tried it.

What I mean is there anyway we can disable the whole Unity Services through code, because Unity analytics enabled is only disable Unity analytics, but there is still something trying to collect android_id. So we can only manually disable UnityConnectSettings service through the .asset file?

AcidArrow · Apr 11, 2022

JeffDUnity3D said: ↑

Your approach is correct, you can confirm using Charles Proxy. You can also disable all services in the Services window, or do it via scripting https://docs.unity3d.com/ScriptReference/Analytics.Analytics-enabled.html .
Click to expand...

I think the problem is that Unity is reading it anyway, even if it doesn’t transmit it.

GiverDP · Apr 11, 2022

AcidArrow said: ↑

I think the problem is that Unity is reading it anyway, even if it doesn’t transmit it.
Click to expand...

Yeah, exactly.

GiverDP · Apr 11, 2022

AcidArrow said: ↑

I think the problem is that Unity is reading it anyway, even if it doesn’t transmit it.
Click to expand...

I just want to prevent Unity to read it. So there will no rejection on the 3rd party Android platform when they review the build we submit.

JeffDUnity3D · Apr 11, 2022

GiverDP said: ↑

I just want to prevent Unity to read it. So there will no rejection on the 3rd party Android platform when they review the build we submit.
Click to expand...

I'm not sure what you mean by "read it but not send it". Google is only concerned about data that is collected and sent over the wire. There is no privacy concern if nothing leaves your phone. If services are not enabled, we would not be sending any data. To confirm, use Charles Proxy to see what data may be collected. Examine the capture to confirm. If you are not sure, please send me the .chls file in a private message and I will take a look https://support.unity.com/hc/en-us/articles/115002917683-Using-Charles-Proxy-with-Unity

GiverDP · Apr 12, 2022

JeffDUnity3D said: ↑

I'm not sure what you mean by "read it but not send it". Google is only concerned about data that is collected and sent over the wire. There is no privacy concern if nothing leaves your phone. If services are not enabled, we would not be sending any data. To confirm, use Charles Proxy to see what data may be collected. Examine the capture to confirm. If you are not sure, please send me the .chls file in a private message and I will take a look https://support.unity.com/hc/en-us/articles/115002917683-Using-Charles-Proxy-with-Unity
Click to expand...

What I mean is Unity is accessing android_id when Unity game is running on Android device. The privacy concern is not from Google. It's from Chinese platform such as Huawei, Xiaomi. Charles Proxy can't see the data which is not be sent through API. I already sent you .chls file in another thread.

JeffDUnity3D · Apr 12, 2022

GiverDP said: ↑

What I mean is Unity is accessing android_id when Unity game is running on Android device. The privacy concern is not from Google. It's from Chinese platform such as Huawei, Xiaomi. Charles Proxy can't see the data which is not be sent through API. I already sent you .chls file in another thread.
Click to expand...

Sorry, "reading but not sending" is not a thing. There isn't such a concept. "Who" is reading it? Let's say it's a Chinese store. How do they know that it is occurring if it's not sent? Your Charles capture did not contain the android_id. If you are concerned that it is being sent, then disable all services. Again, there is no concept of "reading but not sending". If the store is aware of some sort of access to the android_id, then "something" alerted them to this fact. If it's not being sent via HTTP and not visible in Charles Proxy, then another communication option would be via sockets. This could be viewed by using WireShark.

JeffDUnity3D · Apr 14, 2022

Here is one possibility. There is the chance that the store review is inspecting your binary, decompiling and finding code that perhaps does "read" certain phone attributes, but is not actually used or executed at runtime. So no data is actually being sent over the wire during game play. But the store might be concerned that later, you as the developer, can remotely enable that code and start sending the data. This could either be from unintentional legacy Unity code that perhaps we have missed, or from an imported asset. Unless that code is remotely enabled, there is no collection of data.

nholdDET · Apr 28, 2022

Well, they could also run it on a custom\injected java runtime or android lib to detect if certain fields \ API is called as an automated test. So are you confirming that the setting means Unity makes no API call to android_id with that setting off?

JeffDUnity3D · Apr 28, 2022

nholdDET said: ↑

Well, they could also run it on a custom\injected java runtime or android lib to detect if certain fields \ API is called as an automated test. So are you confirming that the setting means Unity makes no API call to android_id with that setting off?
Click to expand...

What setting are you referring to? Please provide your Charles capture to rule out anything sent over the wire (most likely).

mcarriere · Aug 28, 2023

JeffDUnity3D said: ↑

What setting are you referring to? Please provide your Charles capture to rule out anything sent over the wire (most likely).
Click to expand...

Jumping in here to say we're looking for a solution for this too. There are submission tools that seemingly detect any programmatic access -- not transmission -- of the Android ID, and you fail submission if this occurs prior to the user accepting a privacy policy.

Search Unity

Question When Unity starts on Android, it's collecting android_id, can we disable it?

GiverDP

JeffDUnity3D

Unity Technologies

GiverDP

AcidArrow

GiverDP

GiverDP

JeffDUnity3D

Unity Technologies

GiverDP

JeffDUnity3D

Unity Technologies

JeffDUnity3D

Unity Technologies

nholdDET

JeffDUnity3D

Unity Technologies

mcarriere

Search Unity

Unity ID

Useful Searches

Question When Unity starts on Android, it's collecting android_id, can we disable it?

Unity Technologies

Unity Technologies

Unity Technologies

Unity Technologies

Unity Technologies