FakeID™

NONE OF OUR APPS CONTAIN THIRD-PARTY ADVERTISING.

Sometimes giving personal data to a website is a good idea (you want the goods you ordered to arrive at your real postal address, right?). But sometimes that data is used in less appealing ways: to track you; to sell you things; or, if stolen from a legitimate site, to commit crime in your name.

Personal data is also often used as a supplementary password to your accounts - only you, and people you trust, know your real date of birth, right? Unfortunately, not once you tell a web site...

Annoyingly, many web sites ask for more personal data than is strictly required to fulfil their side of your relationship. Sometimes you can omit the requested information, but, more often than not, entering information is mandatory. Entering fictitious identity data is one way to go, but it can quickly become unmanageable if that data needs to be recalled at a later date.

This is where FakeID™ can help. FakeID™ combines a pass phrase with a web domain name (e.g. "google.com") to generate and 'store' domain-specific fictitious identity data. You can customise the subset of fields that apply to each web domain within the app. Fields values can be seen on screen (to be manually typed into a web form on any device), or copied to the clipboard (to be pasted into a web form on the device where FakeID is running).

FakeID™ Security Strengths
- The first line of defence is the security of the Android platform itself. No other app or process can access the data inside FakeID™.
- FakeID™ neither requests, nor stores, any real identity data. The app has no idea who you really are.
- FakeID™ does not really store any fictitious identity data either. All values are generated 'on the fly' and are never stored in a database that can be compromised.
- All values are generated using a combination of a pass phrase (that only you know) and the domain name of the web site that the values apply to. Values are unique to each web domain, making it much harder to track you across multiple domains.
- Your pass phrase is encrypted for storage on your device.

FakeID™ Security Weaknesses
- For the sake of speed, you are NOT required to enter your pass phrase each time you use the app. This means that anyone who has physical access to your device can see the fictitious identity data 'stored' therein. To mitigate this risk you may choose to clear (or change) your pass phrase before exiting the app. A future version of FakeID™ may offer additional pass phrase/app access management options.
- If you enter the same pass phrase and web domain names on a second device running FakeID™, the same fictitious identity data will be generated. This is great if you have multiple devices, or change devices, but it also means that it is important to keep your pass phrase secret.

Can I Trust FakeID™?
- As stated above, FakeID™ neither requests, nor stores, any real identity data. The app has no idea who you really are.
- Android apps can only gather and share information (willingly or otherwise) with your express permission. Android ensures that the app does not know anything about you (e.g. your location), and ensures that the app can not communicate with any third party (e.g. via the Internet, SMS, etc.). A bonus of the latter is no AdMob ads either!
- FakeID™ requests two Android permissions: the ability to read files from, and write files to, your device's file system. These permissions facilitate the back-up/restore mechanism.

Where did FakeID™ come from?
FakeID™ was developed for personal use by a pair of developers at xayin.com who wanted to protect their children as they developed their online identities. The app was so successful that we've decided to release it to the wider World at no cost and with no third party ads.