From dc4f2ed73c7d3d1a5e068427ecdcb1d8a416b625 Mon Sep 17 00:00:00 2001
From: Tomiche Max <tomiiiche@gmail.com>
Date: Tue, 20 May 2025 18:32:25 +0200
Subject: [PATCH 1/3] feat(SPRI004#challenge2025): Usage of
 TelephonyManager#getDeviceId() is now considered as a code smell

---
 CHANGELOG.md                                  |  2 +-
 .../java/io/ecocode/java/JavaCheckList.java   |  8 ++--
 .../checks/social/privacy/TrackingIdRule.java | 48 +++++++++++++++++++
 .../android/java/ecocode_java_profile.json    |  3 +-
 .../io/ecocode/rules/java/SPRI004.html        | 18 +++++++
 .../io/ecocode/rules/java/SPRI004.json        | 17 +++++++
 .../files/social/privacy/TrackingIdCheck.java | 34 +++++++++++++
 .../ecocode/java/JavaRulesDefinitionTest.java |  6 +++
 .../social/privacy/TrackingIdRuleTest.java    | 31 ++++++++++++
 9 files changed, 162 insertions(+), 5 deletions(-)
 create mode 100644 android-plugin/src/main/java/io/ecocode/java/checks/social/privacy/TrackingIdRule.java
 create mode 100644 android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.html
 create mode 100644 android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.json
 create mode 100644 android-plugin/src/test/files/social/privacy/TrackingIdCheck.java
 create mode 100644 android-plugin/src/test/java/io/ecocode/java/checks/social/privacy/TrackingIdRuleTest.java

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 74adcae6..6838d4d7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,7 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 ### Changed
-
+- SPRI004: Add rule to avoid use of Tracking Id using TelephonyManager#getDeviceId()
 - The embedded Groovy language analyzer was reconfigured to scan only `.gradle` files since it is the files we are interested in for
   the Android project configuration rules.
   The associated language is named `Groovy (Gradle)` instead of just `Groovy`.
diff --git a/android-plugin/src/main/java/io/ecocode/java/JavaCheckList.java b/android-plugin/src/main/java/io/ecocode/java/JavaCheckList.java
index 5dd2f46d..cc6cd6fb 100644
--- a/android-plugin/src/main/java/io/ecocode/java/JavaCheckList.java
+++ b/android-plugin/src/main/java/io/ecocode/java/JavaCheckList.java
@@ -26,10 +26,11 @@
 import io.ecocode.java.checks.environment.leakage.*;
 import io.ecocode.java.checks.environment.optimized_api.BluetoothLowEnergyRule;
 import io.ecocode.java.checks.environment.optimized_api.FusedLocationRule;
-import io.ecocode.java.checks.environment.power.SaveModeAwarenessRule;
 import io.ecocode.java.checks.environment.power.ChargeAwarenessRule;
+import io.ecocode.java.checks.environment.power.SaveModeAwarenessRule;
 import io.ecocode.java.checks.environment.sobriety.*;
 import io.ecocode.java.checks.social.privacy.GoogleTrackerRule;
+import io.ecocode.java.checks.social.privacy.TrackingIdRule;
 import org.sonar.plugins.java.api.JavaCheck;
 
 import java.util.ArrayList;
@@ -50,9 +51,10 @@ public static List<Class<? extends JavaCheck>> getChecks() {
         return Collections.unmodifiableList(checks);
     }
 
-    public static List<Class<? extends JavaCheck>> getJavaSocialChecks(){
+    public static List<Class<? extends JavaCheck>> getJavaSocialChecks() {
         return Collections.unmodifiableList(Arrays.asList(
-                GoogleTrackerRule.class
+                GoogleTrackerRule.class,
+                TrackingIdRule.class
         ));
     }
 
diff --git a/android-plugin/src/main/java/io/ecocode/java/checks/social/privacy/TrackingIdRule.java b/android-plugin/src/main/java/io/ecocode/java/checks/social/privacy/TrackingIdRule.java
new file mode 100644
index 00000000..2e6bfff1
--- /dev/null
+++ b/android-plugin/src/main/java/io/ecocode/java/checks/social/privacy/TrackingIdRule.java
@@ -0,0 +1,48 @@
+/*
+ * ecoCode Android plugin - Provides rules to reduce the environmental footprint of your Android applications
+ * Copyright © 2020 Green Code Initiative (contact@ecocode.io)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package io.ecocode.java.checks.social.privacy;
+
+import io.ecocode.java.checks.helpers.SpecificMethodCheck;
+import org.sonar.check.Rule;
+import org.sonarsource.analyzer.commons.annotations.DeprecatedRuleKey;
+
+/**
+ * For some use cases, it might be necessary to get a unique device identifier by a call to TelephonyManager#getDeviceId()
+ * (returns IMEI on GSM, MEID for CDMA).
+ * However, this raises privacy concerns and it is not recommended.
+ * Alternatively, you may use android.provider.Settings.Secure.ANDROID_ID.
+ */
+
+@Rule(key = "SPRI004")
+@DeprecatedRuleKey(repositoryKey = "ecoCode-java", ruleKey = "SPRI004")
+public class TrackingIdRule extends SpecificMethodCheck {
+
+    private static final String ERROR_MESSAGE = "Avoid using TelephonyManager#getDeviceId() due to privacy concerns.";
+    private static final String METHOD_NAME = "getDeviceId";
+    private static final String METHOD_OWNER_TYPE = "android.telephony.TelephonyManager";
+
+
+    public TrackingIdRule() {
+        super(METHOD_OWNER_TYPE, METHOD_NAME);
+    }
+
+    @Override
+    public String getMessage() {
+        return ERROR_MESSAGE;
+    }
+}
diff --git a/android-plugin/src/main/resources/io/ecocode/android/java/ecocode_java_profile.json b/android-plugin/src/main/resources/io/ecocode/android/java/ecocode_java_profile.json
index 088b28ef..169564bf 100644
--- a/android-plugin/src/main/resources/io/ecocode/android/java/ecocode_java_profile.json
+++ b/android-plugin/src/main/resources/io/ecocode/android/java/ecocode_java_profile.json
@@ -33,6 +33,7 @@
     "EC529",
     "EC530",
     "EC531",
-    "EC532"
+    "EC532",
+    "SPRI004"
   ]
 }
diff --git a/android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.html b/android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.html
new file mode 100644
index 00000000..8438d880
--- /dev/null
+++ b/android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.html
@@ -0,0 +1,18 @@
+<img src="http://www.neomades.com/extern/partage/ecoCode/2sur5_1x.png">
+<p>
+    For some use cases, it might be necessary to get a unique device identifier by a call to <code>TelephonyManager#getDeviceId()</code>
+    (returns IMEI on GSM, MEID for CDMA).
+    However, this raises privacy concerns and it is not recommended.
+    Alternatively, you may use android.provider.Settings.Secure.ANDROID_ID.
+</p>
+<h2>Noncompliant Code Example</h2>
+Use of: TelephonyManager#.getDeviceId()
+<pre>
+    TelephonyManager telephonyManager = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);
+    String deviceId = telephonyManager.getDeviceId()
+</pre>
+Use :
+<pre>
+    android.provider.Settings.Secure.ANDROID_ID
+</pre>
+
diff --git a/android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.json b/android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.json
new file mode 100644
index 00000000..ff4c455c
--- /dev/null
+++ b/android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.json
@@ -0,0 +1,17 @@
+{
+  "title": "Privacy: Tracking Id",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "20min"
+  },
+  "tags": [
+    "privacy",
+    "social",
+    "ecocode",
+    "android",
+    "eco-design"
+  ],
+  "defaultSeverity": "Minor"
+}
\ No newline at end of file
diff --git a/android-plugin/src/test/files/social/privacy/TrackingIdCheck.java b/android-plugin/src/test/files/social/privacy/TrackingIdCheck.java
new file mode 100644
index 00000000..47730869
--- /dev/null
+++ b/android-plugin/src/test/files/social/privacy/TrackingIdCheck.java
@@ -0,0 +1,34 @@
+/*
+ * ecoCode Android plugin - Provides rules to reduce the environmental footprint of your Android applications
+ * Copyright © 2020 Green Code Initiative (contact@ecocode.io)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package android.telephony;
+
+import android.content.Context;
+
+public final class TelephonyManager {
+
+    public void test() {
+        TelephonyManager telephonyManager = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);
+        String deviceId = telephonyManager.getDeviceId(); // Noncompliant {{Avoid using TelephonyManager#getDeviceId() due to privacy concerns.}}
+        return deviceId;
+    }
+
+    public String getDeviceId() {
+        return "fake";
+    }
+
+}
diff --git a/android-plugin/src/test/java/io/ecocode/java/JavaRulesDefinitionTest.java b/android-plugin/src/test/java/io/ecocode/java/JavaRulesDefinitionTest.java
index 91485991..dae589f7 100644
--- a/android-plugin/src/test/java/io/ecocode/java/JavaRulesDefinitionTest.java
+++ b/android-plugin/src/test/java/io/ecocode/java/JavaRulesDefinitionTest.java
@@ -52,6 +52,12 @@ private void assertSocialRuleProperties(Repository repository) {
         assertThat(googleTrackerRule.name()).isEqualTo("Privacy: Google Tracker");
         assertThat(googleTrackerRule.debtRemediationFunction().type()).isEqualTo(Type.CONSTANT_ISSUE);
         assertThat(googleTrackerRule.type()).isEqualTo(RuleType.CODE_SMELL);
+
+        Rule trackIdRule = repository.rule("SPRI004");
+        assertThat(trackIdRule).isNotNull();
+        assertThat(trackIdRule.name()).isEqualTo("Privacy: Tracking Id");
+        assertThat(trackIdRule.debtRemediationFunction().type()).isEqualTo(Type.CONSTANT_ISSUE);
+        assertThat(trackIdRule.type()).isEqualTo(RuleType.CODE_SMELL);
     }
 
     private void assertEnergyRuleProperties(Repository repository) {
diff --git a/android-plugin/src/test/java/io/ecocode/java/checks/social/privacy/TrackingIdRuleTest.java b/android-plugin/src/test/java/io/ecocode/java/checks/social/privacy/TrackingIdRuleTest.java
new file mode 100644
index 00000000..cd3c5395
--- /dev/null
+++ b/android-plugin/src/test/java/io/ecocode/java/checks/social/privacy/TrackingIdRuleTest.java
@@ -0,0 +1,31 @@
+/*
+ * ecoCode Android plugin - Provides rules to reduce the environmental footprint of your Android applications
+ * Copyright © 2020 Green Code Initiative (contact@ecocode.io)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package io.ecocode.java.checks.social.privacy;
+
+import org.junit.Test;
+import org.sonar.java.checks.verifier.CheckVerifier;
+
+public class TrackingIdRuleTest {
+
+    @Test
+    public void verify() {
+        CheckVerifier.newVerifier().onFile("src/test/files/social/privacy/TrackingIdCheck.java")
+                .withCheck(new TrackingIdRule())
+                .verifyIssues();
+    }
+}

From 3d90c24a63d44bb3bb0e1cedcbd0dc610ce605a4 Mon Sep 17 00:00:00 2001
From: Tomiche Max <tomiiiche@gmail.com>
Date: Wed, 21 May 2025 10:39:42 +0200
Subject: [PATCH 2/3] feat(SPRI004#challenge2025): Usage of
 TelephonyManager#getDeviceId() is now considered as a code smell

Update rule name
---
 .../checks/social/privacy/TrackingIdRule.java  |  2 +-
 .../android/java/ecocode_java_profile.json     |  2 +-
 .../resources/io/ecocode/rules/java/EC534.html | 18 ++++++++++++++++++
 .../resources/io/ecocode/rules/java/EC534.json | 17 +++++++++++++++++
 .../ecocode/java/JavaRulesDefinitionTest.java  |  2 +-
 5 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 android-plugin/src/main/resources/io/ecocode/rules/java/EC534.html
 create mode 100644 android-plugin/src/main/resources/io/ecocode/rules/java/EC534.json

diff --git a/android-plugin/src/main/java/io/ecocode/java/checks/social/privacy/TrackingIdRule.java b/android-plugin/src/main/java/io/ecocode/java/checks/social/privacy/TrackingIdRule.java
index 2e6bfff1..04569c45 100644
--- a/android-plugin/src/main/java/io/ecocode/java/checks/social/privacy/TrackingIdRule.java
+++ b/android-plugin/src/main/java/io/ecocode/java/checks/social/privacy/TrackingIdRule.java
@@ -28,7 +28,7 @@
  * Alternatively, you may use android.provider.Settings.Secure.ANDROID_ID.
  */
 
-@Rule(key = "SPRI004")
+@Rule(key = "EC534")
 @DeprecatedRuleKey(repositoryKey = "ecoCode-java", ruleKey = "SPRI004")
 public class TrackingIdRule extends SpecificMethodCheck {
 
diff --git a/android-plugin/src/main/resources/io/ecocode/android/java/ecocode_java_profile.json b/android-plugin/src/main/resources/io/ecocode/android/java/ecocode_java_profile.json
index 169564bf..128c33ad 100644
--- a/android-plugin/src/main/resources/io/ecocode/android/java/ecocode_java_profile.json
+++ b/android-plugin/src/main/resources/io/ecocode/android/java/ecocode_java_profile.json
@@ -34,6 +34,6 @@
     "EC530",
     "EC531",
     "EC532",
-    "SPRI004"
+    "EC534"
   ]
 }
diff --git a/android-plugin/src/main/resources/io/ecocode/rules/java/EC534.html b/android-plugin/src/main/resources/io/ecocode/rules/java/EC534.html
new file mode 100644
index 00000000..8438d880
--- /dev/null
+++ b/android-plugin/src/main/resources/io/ecocode/rules/java/EC534.html
@@ -0,0 +1,18 @@
+<img src="http://www.neomades.com/extern/partage/ecoCode/2sur5_1x.png">
+<p>
+    For some use cases, it might be necessary to get a unique device identifier by a call to <code>TelephonyManager#getDeviceId()</code>
+    (returns IMEI on GSM, MEID for CDMA).
+    However, this raises privacy concerns and it is not recommended.
+    Alternatively, you may use android.provider.Settings.Secure.ANDROID_ID.
+</p>
+<h2>Noncompliant Code Example</h2>
+Use of: TelephonyManager#.getDeviceId()
+<pre>
+    TelephonyManager telephonyManager = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);
+    String deviceId = telephonyManager.getDeviceId()
+</pre>
+Use :
+<pre>
+    android.provider.Settings.Secure.ANDROID_ID
+</pre>
+
diff --git a/android-plugin/src/main/resources/io/ecocode/rules/java/EC534.json b/android-plugin/src/main/resources/io/ecocode/rules/java/EC534.json
new file mode 100644
index 00000000..ff4c455c
--- /dev/null
+++ b/android-plugin/src/main/resources/io/ecocode/rules/java/EC534.json
@@ -0,0 +1,17 @@
+{
+  "title": "Privacy: Tracking Id",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "20min"
+  },
+  "tags": [
+    "privacy",
+    "social",
+    "ecocode",
+    "android",
+    "eco-design"
+  ],
+  "defaultSeverity": "Minor"
+}
\ No newline at end of file
diff --git a/android-plugin/src/test/java/io/ecocode/java/JavaRulesDefinitionTest.java b/android-plugin/src/test/java/io/ecocode/java/JavaRulesDefinitionTest.java
index dae589f7..2f169ec9 100644
--- a/android-plugin/src/test/java/io/ecocode/java/JavaRulesDefinitionTest.java
+++ b/android-plugin/src/test/java/io/ecocode/java/JavaRulesDefinitionTest.java
@@ -53,7 +53,7 @@ private void assertSocialRuleProperties(Repository repository) {
         assertThat(googleTrackerRule.debtRemediationFunction().type()).isEqualTo(Type.CONSTANT_ISSUE);
         assertThat(googleTrackerRule.type()).isEqualTo(RuleType.CODE_SMELL);
 
-        Rule trackIdRule = repository.rule("SPRI004");
+        Rule trackIdRule = repository.rule("EC534");
         assertThat(trackIdRule).isNotNull();
         assertThat(trackIdRule.name()).isEqualTo("Privacy: Tracking Id");
         assertThat(trackIdRule.debtRemediationFunction().type()).isEqualTo(Type.CONSTANT_ISSUE);

From 8b0076af176d389658c513bd832e53e4046cc495 Mon Sep 17 00:00:00 2001
From: Tomiche Max <tomiiiche@gmail.com>
Date: Wed, 21 May 2025 11:04:39 +0200
Subject: [PATCH 3/3] feat(SPRI004#challenge2025): Usage of
 TelephonyManager#getDeviceId() is now considered as a code smell

Delete bad files
---
 .../io/ecocode/rules/java/SPRI004.html         | 18 ------------------
 .../io/ecocode/rules/java/SPRI004.json         | 17 -----------------
 2 files changed, 35 deletions(-)
 delete mode 100644 android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.html
 delete mode 100644 android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.json

diff --git a/android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.html b/android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.html
deleted file mode 100644
index 8438d880..00000000
--- a/android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.html
+++ /dev/null
@@ -1,18 +0,0 @@
-<img src="http://www.neomades.com/extern/partage/ecoCode/2sur5_1x.png">
-<p>
-    For some use cases, it might be necessary to get a unique device identifier by a call to <code>TelephonyManager#getDeviceId()</code>
-    (returns IMEI on GSM, MEID for CDMA).
-    However, this raises privacy concerns and it is not recommended.
-    Alternatively, you may use android.provider.Settings.Secure.ANDROID_ID.
-</p>
-<h2>Noncompliant Code Example</h2>
-Use of: TelephonyManager#.getDeviceId()
-<pre>
-    TelephonyManager telephonyManager = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);
-    String deviceId = telephonyManager.getDeviceId()
-</pre>
-Use :
-<pre>
-    android.provider.Settings.Secure.ANDROID_ID
-</pre>
-
diff --git a/android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.json b/android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.json
deleted file mode 100644
index ff4c455c..00000000
--- a/android-plugin/src/main/resources/io/ecocode/rules/java/SPRI004.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-  "title": "Privacy: Tracking Id",
-  "type": "CODE_SMELL",
-  "status": "ready",
-  "remediation": {
-    "func": "Constant\/Issue",
-    "constantCost": "20min"
-  },
-  "tags": [
-    "privacy",
-    "social",
-    "ecocode",
-    "android",
-    "eco-design"
-  ],
-  "defaultSeverity": "Minor"
-}
\ No newline at end of file