Apple reportedly rejecting apps that access UDIDs

Posted:
in General Discussion edited January 2014


As part of a more stringent ruleset regarding customer privacy, Apple has reportedly started rejecting apps which access UDIDs in a practice that will become de rigueur for all review teams.



Citing developer claims, TechCrunch on Saturday reported that Apple has quietly been denying offending app submissions in an effort to ultimately deprecate all UDID access.



A UDID, or unique device identifier, is basically a serial number that a mobile network uses to identify mobile devices like the iPhone and iPad. The 40-character alphanumeric string is not replicated on any other device, making it an ideal form of tracking which is currently used by ad companies, analytics firms and app testing systems.



In August 2011, Apple warned software makers that the company would be killing off UDID access with iOS 5, suggesting that developers begin work on app-specific tracking mechanisms. Removing the feature effectively ends OS-wide user tracking and forces developers to create their own proprietary opt-in identification systems.



The move seems to be in response to mounting concern over privacy issues from Congress and the public. Earlier this week, two U.S. congressmen sent letters to Apple and 33 developers asking questions regarding information collection practices.



According to Andy Yang, CEO of app marketing and monetization platform PlayHaven, a number of developers have seen their apps denied over the past week during Apple's review cycle. Apple reportedly has two review teams actively rejecting UDID-accessing apps with all ten teams expected to follow suit in the coming weeks.



“This is definitely happening,” Yang said. “In the next month or two, this is going to have an impact on all ad networks and apps using advertising. Everybody’s trying to make their own choices about what to use instead.”





Example of an iPad UDID as found in iTunes. | Source: Apple







Ad companies using UDID data to target specific audiences have yet to decide on a comparable alternative, though some are experimenting with MAC addresses and OpenUDID.



“Everyone’s scrambling to get something into place,” said Victor Rubba, CEO of Canadian development company Fluik, “We’re trying to be proactive and we’ve already moved to an alternative scheme.”



Media scrutiny of information gathering systems in iDevices began in April 2011, when it was learned that Apple's previous generation iOS 4 regularly logged location data from iPhones and iPads. The issue came to a head in February when it was revealed that the Path social networking app was uploading users' address book data to its servers without first asking permission. As a result, Apple promised to update its mobile OS to require user permission for apps to access certain data sets.







[ View article on AppleInsider ]

«13456789

Comments

  • nagrommenagromme Posts: 2,834member
    Could Game Center help, if expanded beyond just games? A method based on your AppleID, not your hardware?



    (For real purposes, I mean... not ad tracking, if I had my choice!)
  • applecationapplecation Posts: 146member
    Good move, Apple
  • asciiascii Posts: 5,363member
    Good. I would be quite happy if all apps on the App Store were paid-for software (or just free) with no ad-supported ones.
  • alienzedalienzed Posts: 393member
    I'm not sure I see the difference between using a MAC address and a supposed UDID, I mean, neither one specifically identifies a person, just the device itself right? Are they just trying to get the developpers to have people 'sign up'? Otherwise I don't see the point in this move.
  • entropysentropys Posts: 405member
    Some game developers use the UDID as an identifier if you want to go for the high score, without registering. Some developers are happy to do it as it means they don't have to develop anything more complicated that a rudimentary database using the UDID. Some people may not want to register but happy to post up a high score (yeah, I know).



    Of course, replace your phone for any reason and you have to start again.



    Game centre etc. are better, more secure options for this purpose.
  • monstrositymonstrosity Posts: 2,075member
    Should be opt-in, not removed altogether.
  • hezetationhezetation Posts: 674member
    Quote:
    Originally Posted by monstrosity View Post


    Should be opt-in, not removed altogether.



    Apple wants to take some of the legal scrutiny off themselves. Developers were warned, iOS 5.1 is now here, Apple has been plenty lenient with this.



    Apple has learned over the years you can't wait for everyone to catch up, some developers won't even begin addressing this until they have no other choice.
  • jowie74jowie74 Posts: 540member
    Quote:
    Originally Posted by hezetation View Post


    Apple wants to take some of the legal scrutiny off themselves.



    That and Apple really hate the likes of Flurry and want to make their jobs more difficult.
  • relicrelic Posts: 4,735member
    This is a great, move thank you Apple. Although it's very simple to deactivate apps from accessing the UDID in Android I would also like Google and Microsoft to do the same thing. It's good security practice.
  • Quote:
    Originally Posted by AppleInsider View Post


    As part of a more stringent ruleset regarding customer privacy, Apple has reportedly started rejecting apps which access UDIDs in a practice that will become de rigueur for all review teams.




    Good start. There is currently a lot of media hysteria about ad tracking companies. Apple can take the moral high ground by enforcing stringent rules which protect users' anonymity. They can be known as the "safe" device maker if they play their cards right.



    They have at least two opportunities for good PR at present:



    They could be the leader in humane working conditions among CE manufacturers; and

    They could be the leader in protecting users' privacy.



    This can be the "new Green".
  • asdasdasdasd Posts: 4,295member
    Bad move. Pissing about 90% of devs off.
  • ajmasajmas Posts: 525member
    Quote:
    Originally Posted by alienzed View Post


    I'm not sure I see the difference between using a MAC address and a supposed UDID, I mean, neither one specifically identifies a person, just the device itself right? Are they just trying to get the developpers to have people 'sign up'? Otherwise I don't see the point in this move.



    On their own neither is associated to a person, but once you have logged in for a service they can associate the two. Then with other applications that don't require login they can make a certain correlation. They can even start linking account relationships based on this ID.



    Preventing access to MAC address would useful too.
  • tallest skiltallest skil Posts: 40,279member
    Quote:
    Originally Posted by asdasd View Post


    Bad move. Pissing about 90% of devs off.



    Why? Why do they need access to my UDIDs?
  • automaticftpautomaticftp Posts: 28member
    Quote:
    Originally Posted by Tallest Skil View Post


    Why? Why do they need access to my UDIDs?



    For more targeted advertising.
  • ajmasajmas Posts: 525member
    Quote:
    Originally Posted by Tallest Skil View Post


    Why? Why do they need access to my UDIDs?



    Exactly. Not 'pissing off' users and congressmen is probably higher on their list of priorities. If the developer is actining as a low life, then I am sure we can afford to lose them?
  • wizard69wizard69 Posts: 11,670member
    Quote:
    Originally Posted by Tallest Skil View Post


    Why? Why do they need access to my UDIDs?



    Frankly any developer that would complain at this point is either too stupid or out of touch to be developing for iOS anyways. I mean really everywhere you look there are articles about congress, consumer groups and Joe Blow demanding that all of these security issues be taken care of. If a developer is so far gone that he can't see the writing on the wall then tough luck for him.



    I really don't see how any rational person could be supporting developers here. The transgressions have been significant and on going, it isn't like just one developer screwed up here. So yeah the question is why do they need access. I think once people understand the wider issues they will realize just how bad accessing the UDID is, especially when coupled with tracking of individuals.
  • abeliefsystemabeliefsystem Posts: 572member
    The deal with free apps is advertising.



    This simply means developers will find it harder to make money and it is likely Apple are using this opportunity to gain more monetary control.
  • asdasdasdasd Posts: 4,295member
    Quote:
    Originally Posted by ajmas View Post


    Exactly. Not 'pissing off' users and congressmen is probably higher on their list of priorities. If the developer is actining as a low life, then I am sure we can afford to lose them?



    What's low life about it. A standard dev would use the device ID to tell where users hit in the app, and generally this information is separate from the login info. It can also - at it's most primitive - tell how many users are using the app on any one day, and tell legit users from non-legit. That is: you have 100k downloads and 150k users. There is no privacy at all associated with the UDID. It tells nothing private on its own, and Apple get that data in other ways anyway - as do google where you are continually logged in - so the cost is to devs not using iAds etc. apple is taking this info all the time for their own purposes.
  • anantksundaramanantksundaram Posts: 16,915member
    Quote:
    Originally Posted by asdasd View Post


    Bad move. Pissing about 90% of devs off.



    Those developers can piss off.
  • asdasdasdasd Posts: 4,295member
    Quote:
    Originally Posted by wizard69 View Post


    Frankly any developer that would complain at this point is either too stupid or out of touch to be developing for iOS anyways. I mean really everywhere you look there are articles about congress, consumer groups and Joe Blow demanding that all of these security issues be taken care of. If a developer is so far gone that he can't see the writing on the wall then tough luck for him.



    I really don't see how any rational person could be supporting developers here. The transgressions have been significant and on going, it isn't like just one developer screwed up here. So yeah the question is why do they need access. I think once people understand the wider issues they will realize just how bad accessing the UDID is, especially when coupled with tracking of individuals.



    Nobody can track where you are without asking. That's separate from a UDID, it's a location request.



    Does iADS use UDID?
Sign In or Register to comment.