How unique is UUID4 if generated on devices and not servers?

Question

This question answers it in a general sense and it doesn't specify on what will happen if the UUID generation is not centralized.

I recently saw an architecture where all the devices (1M+ ios and android) were generating UUID4 keys(using their own generator functions/library) and those keys when synced were marked unique on the server's database. I fear that since around a million devices will try to generate locally, the chances of collision will be higher than described in the question above.

I've used centralized UUIDs before but new to this type of distributed system, so I'm taking the analogy of a prime number generator, running in parallel on different environments, which will make the end result not prime/unique. Please correct me if my understanding is wrong.

Also, please share any good articles on gotcha's and using UUID in distributed environments.

Edit: This answer related to Python UUID generation talks about collisions and using UUID1 and not UUID4. I'm wondering if there's any documentation which will confirm this wrt randomness on android and ios devices. Moreover, how should I calculate/estimate the probability of such collisions.

Answer 1

The whole point of a UUID is it is just that - universally unique.

A UUID is generally based on things like the device's MAC address and timestamp among possibly other things. A million devices generating several UUIDs per second won't have any collisions, ever.

Unless Apple or Google screwed up their implementation for generating UUIDs, you have nothing to worry about.

Again, the whole point of UUIDs is that you don't need a central, single server generating all of the IDs.

Many of the answers to the question you link contain references to details about UUID algorithms. And that question really has nothing to do with UUID generation being centralized.

Update - since the focus is on UUID4, here is an excerpt from the Wikipedia article about the probability of duplicates for UUID4:

To put these numbers into perspective, the annual risk of a given person being hit by a meteorite is estimated to be one chance in 17 billion,[4] which means the probability is about 0.00000000006 (6 × 10−11), equivalent to the odds of creating a few tens of trillions of UUIDs in a year and having one duplicate. In other words, only after generating 1 billion UUIDs every second for the next 100 years, the probability of creating just one duplicate would be about 50%.

However, these probabilities only hold when the UUIDs are generated using sufficient entropy. Otherwise, the probability of duplicates could be significantly higher, since the statistical dispersion might be lower. Where unique identifiers are required for distributed applications, so that UUIDs do not clash even when data from many devices is merged, the randomness of the seeds and generators used on every device must be reliable for the life of the application. Where this is not feasible, RFC4122 recommends using a namespace variant instead.

Based on my experience with iOS, iOS is using UUID4. Given the above, I'm not worried about any collisions.