Remove code retrieving Hardware id

[chao2zhang]

trafficstars

SystemObserver is retrieving android.provider.Settings.Secure.ANDROID_ID. This seems to be violate User Data Privacy

Your app collects or links persistent device identifiers (e.g., IMEI, IMSI, SIM Serial #, etc.) | Persistent device identifiers may not be linked to other personal and sensitive user data or resettable device identifiers except for the purposes of Telephony linked to a SIM identity (e.g., wifi calling linked to a carrier account), and Enterprise device management apps using device owner mode.

This is a related change for segment SDK, announced in the documentation.

Note: From 4.10.1, Segment no longer collects the Android ID to comply with Google’s User Data Policy.

[jf-branch]

Hi @chao2zhang, I apologize for the delayed response, the Branch Product, Engineering, and Legal teams are discussing this further. We will have a formal stance and update shortly.

[chao2zhang]

Is this going to be resolved by https://github.com/BranchMetrics/android-branch-deep-linking-attribution/pull/974/? SystemObserver still seems to be invoked with that PR.

[jf-branch]

Hi @chao2zhang, that is correct. After further review, Branch is in compliance with Google's User Data Policy, as we do not link persisted device identifiers to other personal and sensitive user data, however, we drop it at point of ingestion server side. We understand server side handling is not enough, and therefore, that PR incorporates logic where we will no longer collect the SSAID when we have a valid GAID, however, when we are unable to collect the GAID, we will collect the SSAID, and that is in accordance with Google's User Data Policy.