Actually sometime back CM rejected patches that would allow you to prevent apps from collecting the device ID (which is obviously quite privacy invasive). I still run CM, but boy do I wish an open-source distribution would spring up that actually respects the phone's owner.
If I remember correctly the patch was rejected due to technical reasons, i.e. rejecting the device ID collection would cause the app to FC (force close) or render it unusable in most cases.
You could try something like LBE Privacy Guard (https://market.android.com/details?id=com.lbe.security) which does let you deny permissions to installed apps, try denying the device ID to apps and see how many of them continue to work. I have, and not many do.
The first submitted patch (of the saga) returned a randomly generated ID (which wouldn't cause crashes). It was rejected in order to "not upset app developers". I can see why Google would never accept such a patch into mainline, but such a status-quo kowtow by an 'independent' project astounds me.
I'll have to look into LBEPG and see if it actually fixes this. I had poked around a bit and it seemed painful to implement this kind of functionality in an app, but perhaps they've found a way (or are playing some really invasive games with system libraries).
Strange. I've used LBE Privacy Guard to block the device ID to loads of apps and have never seen it cause a force close. Doesn't it use per app device id forgery anyway?
