General way to identify you or your device
What information the app (and therefore the operator of the app) has about your device depends on the permissions the app have and the Android version installed on your devices (Google makes it harder to gain access to phone identifiers with ever release).
The most important ways to identify your device are:
- Telephone number (depends on the SIM card, requires READ_PHONE_STATE permission)
- IMEI (hard coded in your phone, requires READ_PHONE_STATE permission)
- Android-ID (a random number generated on first start of the device, factory-reset clears it. Since Android 8 every app sees a different but static Android-ID)
- Google Advertising ID (randomly generated, can be re-generated in Google settings)
- List of active accounts on your device (requires GET_ACCOUNTS permission)
Of course for online-services there exists various indicators that may indicate that only one device is used such as the IP address you use (especially relevant if IPv6 is used), and of course your usage. If two accounts are used from the same IP address but are never online at the same time this another good indicator.
Some those identifiers may change if you use a second user profile on your device, others will stay the same. In conclusion the only way to totally avoid getting detected as one user is to use two devices that use different accounts for every stored account (especially the Google account).
The slowly app has the following permissions:
android.permission.ACCESS_COARSE_LOCATION android.permission.ACCESS_FINE_LOCATION android.permission.ACCESS_NETWORK_STATE android.permission.ACCESS_WIFI_STATE android.permission.CAMERA android.permission.INTERNET android.permission.READ_APP_BADGE android.permission.READ_EXTERNAL_STORAGE android.permission.RECEIVE_BOOT_COMPLETED android.permission.RECORD_AUDIO android.permission.USE_FINGERPRINT android.permission.VIBRATE android.permission.WAKE_LOCK android.permission.WRITE_EXTERNAL_STORAGE com.anddoes.launcher.permission.UPDATE_COUNT com.android.vending.BILLING com.android.vending.CHECK_LICENSE com.google.android.c2dm.permission.RECEIVE com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE com.htc.launcher.permission.READ_SETTINGS com.htc.launcher.permission.UPDATE_SHORTCUT com.huawei.android.launcher.permission.CHANGE_BADGE com.huawei.android.launcher.permission.READ_SETTINGS com.huawei.android.launcher.permission.WRITE_SETTINGS com.majeur.launcher.permission.UPDATE_BADGE com.oppo.launcher.permission.READ_SETTINGS com.oppo.launcher.permission.WRITE_SETTINGS com.sec.android.provider.badge.permission.READ com.sec.android.provider.badge.permission.WRITE com.sonyericsson.home.permission.BROADCAST_BADGE com.sonymobile.home.permission.PROVIDER_INSERT_BADGE me.everything.badger.permission.BADGE_COUNT_READ me.everything.badger.permission.BADGE_COUNT_WRITE
As you can see none of the afore-mentioned permissions are present. But I am not very familiar with some of the permissions. Thinking of how I would implement suc a check I see two additional possibilities:
com.android.vending.* allow to talk to the Play Services and identify your "license" - mainly this is for checking on in-app purchases, but even free apps without in-app purchases are managed by the Google Play Store and therefore get a license. may be this allows to identify if an the app is installed on two devices with the same Google account?
WRITE_EXTERNAL_STORAGE can be used by the app to write an identifier somewehere on your internal storage. This file can even survive if you execute delete Sloly's app storage and cache and therefore can be used as permanent identifier of your device.