Cisco Cisco AnyConnect Secure Mobility Client v3.x Release Notes
11
Release Notes for Cisco AnyConnect Secure Mobility Client 3.0.x for Android Mobile Devices
New Features in AnyConnect 3.0.09073
Mobile Posture Device ID Generation
The algorithm to generate mobile posture Device IDs on Android changed in AnyConnect 3.0. If you
have DAP rules defined that use Device IDs generated from previous versions of AnyConnect, they will
have to be updated to bind to the newly generated Device IDs.
have DAP rules defined that use Device IDs generated from previous versions of AnyConnect, they will
have to be updated to bind to the newly generated Device IDs.
AnyConnect 3.0 generates a unique 40-byte device ID at installation time. The generated device ID is
based on the Android ID and one or both of the following values if they are available at installation time:
based on the Android ID and one or both of the following values if they are available at installation time:
•
MEID/IMEI (Mobile Equipment Identifier / International Mobile Equipment Identity)
•
MAC-ADDRESS (MAC address) Use it exactly as it appears in Settings > About > Status on the
device. It is case sensitive and requires the “:” characters if they are displayed.
device. It is case sensitive and requires the “:” characters if they are displayed.
The device ID is generated depending on the availability of these values:
Where:
•
The Android-ID is set as follows:
Android-ID = Secure.getString(context.getContentResolver(), Secure.ANDROID_ID)
•
And the
bytes To Hex String
function is:
String bytesToHexString(byte[] sha1rawbytes) {
String hashHex = null;
if (sha1rawbytes != null) {
StringBuffer sb = new StringBuffer(sha1rawbytes.length * 2);
for (int i = 0; i < sha1rawbytes.length; i++) {
String s = Integer.toHexString(0xFF & sha1rawbytes[i]).toUpperCase();
if (s.length() < 2) { sb.append("0"); }
sb.append(s);
}
hashHex = sb.toString();
}
return hashHex;
}
Note
If neither the MEID/IMEI nor MAC-ADDRESS values are retrievable at installation time, a random
number is used with the
number is used with the
Android-ID
to generate the device-ID.
Generated device IDs can be viewed after the initial AnyConnect application launch from the
AnyConnect Diagnostics -> Logging and System Information -> System -> Device Identifiers screen,
or inside the AnyConnect log in the device_identifiers.txt file.
AnyConnect Diagnostics -> Logging and System Information -> System -> Device Identifiers screen,
or inside the AnyConnect log in the device_identifiers.txt file.
In AnyConnect 2.5, the MEID/IMEI is used as the device ID. If the MEID/IMEI is not available,
AnyConnect will try to use the MAC-ADDRESS. If this value is also not available, AnyConnect
installation fails.
AnyConnect will try to use the MAC-ADDRESS. If this value is also not available, AnyConnect
installation fails.
Available values
Generation Algorithm
If both values are retrievable at
installation time:
installation time:
device-ID = bytesToHexString(SHA1(Android-ID + MEID/IMEI +
MAC-ADDRESS))
If only the MEID/IMEI is
retrievable at installation time:
retrievable at installation time:
device-ID = bytesToHexString(SHA1(Android-ID + MEID/IMEI))
If only the MAC-ADDRESS is
retrievable at installation time
retrievable at installation time
device-ID = bytesToHexString(SHA1(Android-ID +
MAC-ADDRESS))