My game uses silent login with device id (+random string) and google linking.
I have a question regarding the device id flow. Is it true that I can just guess some device ids and try to log in (or create a bot that does the same)?
That is highly insecure, or am I missing something?