I've consulted
https://developer.android.com/training/articles/user-data-ids.html and it seems like the only plausible approach is to obtain ANDROID_ID through a JNI call and assume the application calling into our SDK has
READ_PHONE_STATE permission. Is the recommended approach? The confounding factor is that we also ship a set of native command line tools that accompany our SDK (used from the adb shell). How would such an executable obtain READ_PHONE_STATE permission in this case?
Ugh. Technically possible, but ugly hack follows.
Create a long running service in your app that can get the magic ID (and put up the long running notification.)
Have it listen on a socket to respond to requests from the command line tools.
Have the command line tools request the ID from the long running service.
Alternately have your SDK save the magic ID somewhere your command line apps can read (preferably with some
permission or encryption or something at the time they do the license registration?)
Both are horrid (ID resets on factory reset, and keeping the file safe is a bother) but if you have to ship, you have to ship.