chore(legal): Add note about how users are identified on Mobile (#13465)

Adds explanation on how users are identified on Mobile, and for which
purpose.

---------

Co-authored-by: Bruno Garcia <[email protected]>

Author: 2 people

docs/security-legal-pii/security/mobile-privacy.mdx

@@ -13,7 +13,11 @@ Sentry collects only the data that you configure to be sent to Sentry. This is t
 
 ### Does that data include any personally identifiable information (PII)?
 
-Data collected by Sentry does not, by default, include any PII. However, you can augment the data sent to Sentry with additional context and metadata, including user names, email addresses, or by attaching files such as logs or crash reports.
+By default, Sentry uses randomly generated IDs as [described below](#does-sentry-use-the-device-id-to-identify-a-user). You can also augment data sent to Sentry with additional context and meta data, including user names, email addresses, or by attaching files such as logs or crash reports. This data, alone or in combination with other data, may constitute PII if it identifies, directly or indirectly, an individual.
+
+### Does Sentry use the device ID to identify a user?
+
+No. Sentry on Mobile doesn't use device ID such as `Secure.ANDROID_ID` and `advertisingIdentifier` on iOS. Instead, it uses IDs which are randomly generated per device, per app, and per installation, and therefore can't be used to identify a single device across application installations. When an application is reinstalled, a new ID is generated. Since these IDs are solely used to provide approximate statistical information as part of the application monitoring service, it serves that purpose. It's required, for example, for [Crash Free Session and User Rates](/product/releases/health/#crash-free-sessionsusers), as well as to indicate the [impact of issues based on number of events vs affected users](https://docs.sentry.io/product/issues/issue-details/#trends--aggregates).
 
 ### What does Sentry do with the data it collects?
 
@@ -27,7 +31,7 @@ Yes, Sentry is a third-party partner whose code (SDKs) you integrate in your app
 
 ### What do I need to disclose to Apple?
 
-You would need to disclose all types of data you are collecting through your app, including data you are sending to Sentry. In the example above, this could include “Contact Info” or “Identifiers”, but don’t forget to include any other categories of data that you are collecting or have configured the SDKs to send to Sentry.
+You would need to disclose all types of data you are collecting through your app, including data you are sending to Sentry. In the example above, this could include “Contact Info” or “Identifiers”, but don't forget to include any other categories of data that you are collecting or have configured the SDKs to send to Sentry.
 
 ### How does Sentry use my data?
 
@@ -45,7 +49,7 @@ No. Sentry doesn't require [`IDFA`](https://en.wikipedia.org/wiki/Identifier_for
 
 ### Does Sentry collect any PII from children?
 
-By default, Sentry does not collect any PII from children. However, if your app is targeted to children and you configure Sentry to collect PII, then Sentry would collect the elements that you’ve designated. You would remain responsible for obtaining any appropriate parental consents with respect to the PII you collect from your users and subsequently send to Sentry. You would also remain responsible for declaring your app’s target age group to Google Play.
+By default, Sentry does not collect any PII from children. However, if your app is targeted to children and you configure Sentry to collect PII, then Sentry would collect the elements that you've designated. You would remain responsible for obtaining any appropriate parental consents with respect to the PII you collect from your users and subsequently send to Sentry. You would also remain responsible for declaring your app's target age group to Google Play.
 
 ### Do Sentry SDKs cause my app to contain ads?