Apple Cuts Developers Off from iOS Device ID Numbers

| News

Apple has reportedly removed an application programming interface (API) from the iOS software development kit (SDK) that gave developers access to the unique device identifier (UDID), a piece of information that allowed developer to anonymously track users across multiple apps.

Citing unnamed developers, Dan Frommer reported the move by Apple, which may be an effort by the company to boost privacy protections for its iOS customers. Some developers had reportedly been using this API as a way to track users without requiring their consent to do so.

Privacy has been of increasing concern in recent months, as the U.S. Congress and federal regulators have been questioning and examining data collection techniques being used by smartphone makers. If Apple removed this API in an effort to boost privacy, it could have been a preemptory move by the company to make regulatory and legal restrictions unnecessary.

Thanks to iStockphoto for some images.

Locking up the iPhone

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

8 Comments Leave Your Own

ibuck

With companies (and governments) compiling dossiers on each of us and trading that sometimes stealthily and deceptively acquired info with others, it’s good to hear about privacy rights winning some battles. Thanks to the Electronic Frontier Foundation, and others of their ilk, for their campaigns to protect our privacy and safety.

gnasher729

Since nobody can find my name from the UDID, Apple probably na?vely assumed that my privacy was protected. What they didn’t realise was that advertisers don’t actually care who I am, but they care that I’m the guy who did X and who did Y and who did Z and so on and so on and the can connect that information through my UDID.

Now the company behind Angry Birds will for example know how many points I get in Angry Birds and how long I play it and nothing else. And hopefully even companies that release a dozen games won’t know that the same person owns several of the games.

leah

They really shouldn’t be privy to any of my info just because I purchased their game. How long I play, what my score is…ect is my private business. If you want to collect data on me ask permission. I purchased a game from the developer- end of transaction.

rjackb

Good move on Apple’s part. Applications should not be able to track devices. That’s privacy 101.

gnasher729

They really shouldn?t be privy to any of my info just because I purchased their game. How long I play, what my score is?ect is my private business. If you want to collect data on me ask permission. I purchased a game from the developer- end of transaction.

You have to really get your head round about what privacy means. With UDID, they don’t know how many points _you_ have, they know how many points someone with a certain UDID has. However, since the same UDID was used in many places, they could gather a lot of information about the same UDID and connect the dots.

Without UDID, they can still know how many points someone with a certain number has, but every application uses different numbers, so there is no connection that can be made.

Dean Lewis

No connection until someone figures out your UDID, and then suddenly everyone knows you purchased frilly underwear.

gnasher729

No connection until someone figures out your UDID, and then suddenly everyone knows you purchased frilly underwear.

Nobody would know what for example a person named Dean Lewis did. Currently somebody would know that the same UDID was used to play Angry Birds and buy frilly underwear. So you might get appropriate inappropriate adverts in some ad supported game.

However when someone “figures out your UDID”, that would be one application. They couldn’t make connections to other apps that haven’t figured it out. And you can be sure that finding a way to identify a device after Apple removed the capability would get your app banned very, very quickly and your developer account cancelled.

John Dingler, artist

Any kind of civilian or gov. tracking should be opt-in.

Log-in to comment