Skip to content

ufConf.conf - The Update Factory configuration file for Android


The ufConf.conf file determines how your devices communicate with the Update Factory platform. Below, we define the various parameters and provide examples to ensure proper syntax.


The essential parameters will be provided to you after your registration with Update Factory.



The tenant is essentially your customer account. It is provided to you upon registration with Update Factory. You can define the tenant parameter like this:



The url defines which service on Update Factory that your devices will be connecting to.



The controllerId is a unique identifier for each device. This Id will be how you differentiate between more than one device on Update Factory.

A best practice is to include an unique device identifier, like a MAC address or a serial number, as part of the controllerId. However the controller id string format has no particular requirement and including a substitutions is not mandatory.

The following example shows how to include the eth0 MAC address in the controller id:


The following example shows how to include the Android ID in the controller id:



Substitutions are a handy way to use device information in the controller ID. Substitutions are supported only in the controllerId parameter.

The syntax is ${<scheme>:<scheme-specific-part>}. Two <scheme> are supported:

  1. file: the expression ${file:<path-to-file>} is replaced with the first line of the file (<path-to-file> indicates the file to use);
  2. property: the expression ${property:ANDROID_ID} is replaced with the device's Android ID.


SELinux Security Framework may block read access to some files to the UF Android Client Service.

For more information about SELinux on Android see the official documentation.


The ANDROID_ID value is used as fallback value for invalid substitutions (invalid scheme, file not found, empty file, app doesn't have the permissions to read the file, etc).


The gatewayToken is a common/shared 32 alphanumeric character security-token that can be used as a layer of security for all of your devices. Also, with Update Factory, you use the gatewayToken as a first authentication for your device, see also: targetToken.



If you intend to use only the gatewayToken for authentication, this scenario should only be used for development purposes.


You can enable the use of, and generate the gatewayToken in the System Config section on Update Factory. Check the option: Allow a gateway to authenticate and manage multiple targets through a gateway security token


The targetToken is a unique 32 alphanumeric character security-token that is generated for each unique device.


There are 3 different options to generate targetTokens for devices in Update Factory:

  1. Under: Deployment > Targets > choose the + icon. Once you complete the form, you can look in the target container at the bottom, and retrieve the Security Token for the device that you just created.
  2. Under: Deployment > Targets > choose the bulk upload icon, next to the + icon, and then immediately choose: "Bulk Upload". The Bulk Upload feature requires that a file in csv format be prepared in this manner:


  3. Update Factory has implemented a more efficient procedure for authentication which incorporates also the gatewayToken to be used as a first authentication.


This option requires the following to be enabled in System Config:

  • Allow targets to authenticate directly with their target security token
  • Allow a gateway to authenticate and manage multiple targets through a gateway security token

It also requires that the updateFactoryServer parameter is set to true in the Client config.

Simply define the gatewayToken in your ufConf.conf and connect your device(s). Once you can see the device(s) under Deployments > Targets, it now has retrieved it's unique targetToken. At this point, you can then disable under System Config the option "Allow a gateway to authenticate and manage multiple targets through a gateway security token".

Now, the device(s) will authenticate using only the targetToken.


apiMode allows third party applications to provide dialog messages when the Update Factory update process requires feedback from the Android device. For example, this can be used when an update requires user confirmation on the device.

To let the UF Client Service handle the authorization dialog set apiMode=false; when using third party integration set apiMode=true.


When using the UF Service API Reference Implementation it is recommended to set this to true.



The enable parameter defines whether the Update Factory client service is active or inactive. Typically, this is set to true.



The Update Factory server uses a different procedure (with respect to hawkBit), to provide the targetToken back to the client. Setting this to true, enables the function in the client to retrieve the targetToken from the Update Factory server. If set to false, then the client will communicate as expected by a hawkBit server.

Typically, this will be set to true.



Android id is an unique id of the device generated by the Android system. To see the Android ID of an Android device you can use the adb utility like this:

adb shell getprop net.hostname


For more information about Android ID see the official documentation.

ufConf.conf examples

ufConf.conf with all parameters



If the file /sys/class/net/eth0/address exists (file that contains the mac address of eth0) the controllerId used by the android service will be something like device-21:8f:43:04:53:ab otherwise the controllerId used by the android service will be device-${property:ANDROID_ID} e.g. device-32c173321a2a2e31

For more information about the Substitutions feature see the Substitutions section.

ufConf.conf with minimal parameters



gatewayToken can be replaced with the targetToken

ufConf.conf file location

The ufConf.conf must be loaded in your Android device here: /sdcard/UpdateFactoryConfiguration/. You can use the adb utility like this:

adb push ufConf.conf /sdcard/UpdateFactoryConfiguration/ufConf.conf


In UF Android Client Service ≥ v1.5.0 the ufConf.conf will be ignored after the first time a configuration is provided via the Third-Party Integration API. This behaviour is implemented to prevent possible configuration changes through the use of ufConf.conf.

Events and Machine States

Be sure to take a look at our documentation on the various machine states or events when your device(s) are in communication with Update Factory. This information can be helpful for debugging or troubleshooting.


Kynetics - Update Factory

Kynetics Technical note on Update Factory

Kynetics Slideshare