or Connect
AppleInsider › Forums › General › General Discussion › Apple reportedly rejecting apps that access UDIDs
New Posts  All Forums:Forum Nav:

Apple reportedly rejecting apps that access UDIDs

post #1 of 179
Thread Starter 
As part of a more stringent ruleset regarding customer privacy, Apple has reportedly started rejecting apps which access UDIDs in a practice that will become de rigueur for all review teams.

Citing developer claims, TechCrunch on Saturday reported that Apple has quietly been denying offending app submissions in an effort to ultimately deprecate all UDID access.

A UDID, or unique device identifier, is basically a serial number that a mobile network uses to identify mobile devices like the iPhone and iPad. The 40-character alphanumeric string is not replicated on any other device, making it an ideal form of tracking which is currently used by ad companies, analytics firms and app testing systems.

In August 2011, Apple warned software makers that the company would be killing off UDID access with iOS 5, suggesting that developers begin work on app-specific tracking mechanisms. Removing the feature effectively ends OS-wide user tracking and forces developers to create their own proprietary opt-in identification systems.

The move seems to be in response to mounting concern over privacy issues from Congress and the public. Earlier this week, two U.S. congressmen sent letters to Apple and 33 developers asking questions regarding information collection practices.

According to Andy Yang, CEO of app marketing and monetization platform PlayHaven, a number of developers have seen their apps denied over the past week during Apple's review cycle. Apple reportedly has two review teams actively rejecting UDID-accessing apps with all ten teams expected to follow suit in the coming weeks.

“This is definitely happening,” Yang said. “In the next month or two, this is going to have an impact on all ad networks and apps using advertising. Everybody’s trying to make their own choices about what to use instead.”


Example of an iPad UDID as found in iTunes. | Source: Apple


Ad companies using UDID data to target specific audiences have yet to decide on a comparable alternative, though some are experimenting with MAC addresses and OpenUDID.

“Everyone’s scrambling to get something into place,” said Victor Rubba, CEO of Canadian development company Fluik, “We’re trying to be proactive and we’ve already moved to an alternative scheme.”

Media scrutiny of information gathering systems in iDevices began in April 2011, when it was learned that Apple's previous generation iOS 4 regularly logged location data from iPhones and iPads. The issue came to a head in February when it was revealed that the Path social networking app was uploading users' address book data to its servers without first asking permission. As a result, Apple promised to update its mobile OS to require user permission for apps to access certain data sets.



[ View article on AppleInsider ]
post #2 of 179
Could Game Center help, if expanded beyond just games? A method based on your AppleID, not your hardware?

(For real purposes, I mean... not ad tracking, if I had my choice!)
post #3 of 179
Good move, Apple
post #4 of 179
Good. I would be quite happy if all apps on the App Store were paid-for software (or just free) with no ad-supported ones.
post #5 of 179
I'm not sure I see the difference between using a MAC address and a supposed UDID, I mean, neither one specifically identifies a person, just the device itself right? Are they just trying to get the developpers to have people 'sign up'? Otherwise I don't see the point in this move.
post #6 of 179
Some game developers use the UDID as an identifier if you want to go for the high score, without registering. Some developers are happy to do it as it means they don't have to develop anything more complicated that a rudimentary database using the UDID. Some people may not want to register but happy to post up a high score (yeah, I know).

Of course, replace your phone for any reason and you have to start again.

Game centre etc. are better, more secure options for this purpose.
It's the heat death of the universe, my friends.
Reply
It's the heat death of the universe, my friends.
Reply
post #7 of 179
Should be opt-in, not removed altogether.
post #8 of 179
Quote:
Originally Posted by monstrosity View Post

Should be opt-in, not removed altogether.

Apple wants to take some of the legal scrutiny off themselves. Developers were warned, iOS 5.1 is now here, Apple has been plenty lenient with this.

Apple has learned over the years you can't wait for everyone to catch up, some developers won't even begin addressing this until they have no other choice.
post #9 of 179
Quote:
Originally Posted by hezetation View Post

Apple wants to take some of the legal scrutiny off themselves.

That and Apple really hate the likes of Flurry and want to make their jobs more difficult.
post #10 of 179
This is a great, move thank you Apple. Although it's very simple to deactivate apps from accessing the UDID in Android I would also like Google and Microsoft to do the same thing. It's good security practice.
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
When I looked up "Ninjas" in Thesaurus.com, it said "Ninja's can't be found" Well played Ninjas, well played.
Reply
post #11 of 179
Quote:
Originally Posted by AppleInsider View Post

As part of a more stringent ruleset regarding customer privacy, Apple has reportedly started rejecting apps which access UDIDs in a practice that will become de rigueur for all review teams.

Good start. There is currently a lot of media hysteria about ad tracking companies. Apple can take the moral high ground by enforcing stringent rules which protect users' anonymity. They can be known as the "safe" device maker if they play their cards right.

They have at least two opportunities for good PR at present:

They could be the leader in humane working conditions among CE manufacturers; and
They could be the leader in protecting users' privacy.

This can be the "new Green".
post #12 of 179
Bad move. Pissing about 90% of devs off.
I wanted dsadsa bit it was taken.
Reply
I wanted dsadsa bit it was taken.
Reply
post #13 of 179
Quote:
Originally Posted by alienzed View Post

I'm not sure I see the difference between using a MAC address and a supposed UDID, I mean, neither one specifically identifies a person, just the device itself right? Are they just trying to get the developpers to have people 'sign up'? Otherwise I don't see the point in this move.

On their own neither is associated to a person, but once you have logged in for a service they can associate the two. Then with other applications that don't require login they can make a certain correlation. They can even start linking account relationships based on this ID.

Preventing access to MAC address would useful too.
post #14 of 179
Quote:
Originally Posted by asdasd View Post

Bad move. Pissing about 90% of devs off.

Why? Why do they need access to my UDIDs?

“The only thing more insecure than Android is its userbase.” – Can’t Remember

Reply

“The only thing more insecure than Android is its userbase.” – Can’t Remember

Reply
post #15 of 179
Quote:
Originally Posted by Tallest Skil View Post

Why? Why do they need access to my UDIDs?

For more targeted advertising.
post #16 of 179
Quote:
Originally Posted by Tallest Skil View Post

Why? Why do they need access to my UDIDs?

Exactly. Not 'pissing off' users and congressmen is probably higher on their list of priorities. If the developer is actining as a low life, then I am sure we can afford to lose them?
post #17 of 179
Quote:
Originally Posted by Tallest Skil View Post

Why? Why do they need access to my UDIDs?

Frankly any developer that would complain at this point is either too stupid or out of touch to be developing for iOS anyways. I mean really everywhere you look there are articles about congress, consumer groups and Joe Blow demanding that all of these security issues be taken care of. If a developer is so far gone that he can't see the writing on the wall then tough luck for him.

I really don't see how any rational person could be supporting developers here. The transgressions have been significant and on going, it isn't like just one developer screwed up here. So yeah the question is why do they need access. I think once people understand the wider issues they will realize just how bad accessing the UDID is, especially when coupled with tracking of individuals.
post #18 of 179
The deal with free apps is advertising.

This simply means developers will find it harder to make money and it is likely Apple are using this opportunity to gain more monetary control.
post #19 of 179
Quote:
Originally Posted by ajmas View Post

Exactly. Not 'pissing off' users and congressmen is probably higher on their list of priorities. If the developer is actining as a low life, then I am sure we can afford to lose them?

What's low life about it. A standard dev would use the device ID to tell where users hit in the app, and generally this information is separate from the login info. It can also - at it's most primitive - tell how many users are using the app on any one day, and tell legit users from non-legit. That is: you have 100k downloads and 150k users. There is no privacy at all associated with the UDID. It tells nothing private on its own, and Apple get that data in other ways anyway - as do google where you are continually logged in - so the cost is to devs not using iAds etc. apple is taking this info all the time for their own purposes.
I wanted dsadsa bit it was taken.
Reply
I wanted dsadsa bit it was taken.
Reply
post #20 of 179
Quote:
Originally Posted by asdasd View Post

Bad move. Pissing about 90% of devs off.

Those developers can piss off.
post #21 of 179
Quote:
Originally Posted by wizard69 View Post

Frankly any developer that would complain at this point is either too stupid or out of touch to be developing for iOS anyways. I mean really everywhere you look there are articles about congress, consumer groups and Joe Blow demanding that all of these security issues be taken care of. If a developer is so far gone that he can't see the writing on the wall then tough luck for him.

I really don't see how any rational person could be supporting developers here. The transgressions have been significant and on going, it isn't like just one developer screwed up here. So yeah the question is why do they need access. I think once people understand the wider issues they will realize just how bad accessing the UDID is, especially when coupled with tracking of individuals.

Nobody can track where you are without asking. That's separate from a UDID, it's a location request.

Does iADS use UDID?
I wanted dsadsa bit it was taken.
Reply
I wanted dsadsa bit it was taken.
Reply
post #22 of 179
Quote:
Originally Posted by anantksundaram View Post

Those developers can piss off.

90% of devs can piss off? Excluding Apple which obviously has access to the UDID?
I wanted dsadsa bit it was taken.
Reply
I wanted dsadsa bit it was taken.
Reply
post #23 of 179
Quote:
Originally Posted by Tallest Skil View Post

Why? Why do they need access to my UDIDs?

I've found that if asdasd thinks it's a bad idea, it's most likely a very good one.
post #24 of 179
Quote:
Originally Posted by alienzed View Post

I'm not sure I see the difference between using a MAC address and a supposed UDID, I mean, neither one specifically identifies a person, just the device itself right? Are they just trying to get the developpers to have people 'sign up'? Otherwise I don't see the point in this move.

I think Apple will restrict access to the MAC address too.
post #25 of 179
Quote:
Originally Posted by Automaticftp View Post

For more targeted advertising.

Honestly I think the people involved in the advertising world are just full of themselves. I do not respond to advertising at all. Even the crap that gets mailed to me every other day goes into the trash can before I even re-enter the house. There is little value in buying consumer goods on somebody else's schedule. Especially electronics where the deals always get better in a few weeks down the road.

If anything this seems to be the type of thing desperate people do. I have to wonder if there are any controlled studies on the value of consumer tracking in the modern world. By the way studies by independent scientist, not the jerks running these companies.
post #26 of 179
Quote:
Originally Posted by Automaticftp View Post

For more targeted advertising.

Ah, well, I'd like to join in ascii's views on the matter, then.

Quote:
Originally Posted by asdasd View Post

A standard dev would use the device ID to tell where users hit in the app

Where as in location? No. You have a modal popup asking for access to Location Services. You have no right to circumvent that to find out where I am.

Where as in what type of device? The app can know that based on the function calls that fire when the app is opened. You don't need to be looking up my UDID for that.

Quote:
It can also - at it's most primitive - tell how many users are using the app on any one day

So have a 10kb data packet sent out to the dev when the app opens.

Quote:
and tell legit users from non-legit.

Ah, see, that's about the only reason I can imagine having a use for that. It's not like it would do anything, though. You can't stop the pirates from actually using the app.

“The only thing more insecure than Android is its userbase.” – Can’t Remember

Reply

“The only thing more insecure than Android is its userbase.” – Can’t Remember

Reply
post #27 of 179
Quote:
Originally Posted by anonymouse View Post

I've found that if asdasd thinks it's a bad idea, it's most likely a very good one.

Apple - who are probably using the UDID all the time in iOS for their own purposes. They certainly do it in the profiles.

They also allow access to your contacts list without a confirmation, a far greater security risk.
I wanted dsadsa bit it was taken.
Reply
I wanted dsadsa bit it was taken.
Reply
post #28 of 179
There are many other reasons to put free apps on the App Store.

Theses include things like personal interest in a subject. The desire to get an app out there without the complexity of running a business. If your business is hardware the App Store is the way to distribute the software. In fact I'd have to say there are a great deal of free apps on the App Store that have nothing to do with advertising.

Quote:
Originally Posted by aBeliefSystem View Post

The deal with free apps is advertising.

This simply means developers will find it harder to make money and it is likely Apple are using this opportunity to gain more monetary control.

That is baloney! I'm pretty sure Apple wouldn't have even bothered if it wasn't for bad developer behavior and the very public inspection of the privacy issues involved.
post #29 of 179
Quote:
Originally Posted by asdasd View Post

Nobody can track where you are without asking. That's separate from a UDID, it's a location request.

Does iADS use UDID?

If you believe that then you are very gullible.
post #30 of 179
Quote:
Originally Posted by wizard69 View Post

Honestly I think the people involved in the advertising world are just full of themselves. I do not respond to advertising at all. Even the crap that gets mailed to me every other day goes into the trash can before I even re-enter the house. There is little value in buying consumer goods on somebody else's schedule. Especially electronics where the deals always get better in a few weeks down the road.

If anything this seems to be the type of thing desperate people do. I have to wonder if there are any controlled studies on the value of consumer tracking in the modern world. By the way studies by independent scientist, not the jerks running these companies.

I agree about 98%. I do occasionally look at offers that I receive in the mail. Plus, the mail is a good way to get telemarketers to leave you alone. Just tell them to mail you something and you'll look at it. They almost never do.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #31 of 179
Quote:
Originally Posted by asdasd View Post

Bad move. Pissing about 90% of devs off.

Oh poor developers who gives a shit, just suck it up like the rest of of the people do.

Which of us is the fisherman and which the trout?

Reply

Which of us is the fisherman and which the trout?

Reply
post #32 of 179
Quote:
Originally Posted by Tallest Skil View Post

Ah, well, I'd like to join in ascii's views on the matter, then.

Where as in what type of device? The app can know that based on the function calls that fire when the app is opened. You don't need to be looking up my UDID for that.

.

No , where in the app. Without someway to differentiate the hits you can't tell much. 10,000 calls to a Webservice? How many per device? If 90% of the calls are from 10% of devices that tells you something ( what it tells is app dependent ).

The solution, offhand, is to generate a GUID per user and store in iCloud so it isn't lost in reinstalls, or use a guid in a local db, which would be destroyed in a reinstall. The latter isn't perfect but it gives pretty much the same info as a UDID, the difference is that that GUID us lost per reinstall while a UDID is lost with a new device. Neither is really user tracking, the fact that the solution is easy shows that Apple is playing to the congressional pea gallery.

There are far greater concerns with mobile devices that this, and as we have already seen both apple and the carriers track location when triangulating using Udids, the carriers continue to do this even if Apple has "stopped". All Apple is doing here, since it is continuing to track is use privacy concerns to curtail ads competition.
I wanted dsadsa bit it was taken.
Reply
I wanted dsadsa bit it was taken.
Reply
post #33 of 179
Quote:
Originally Posted by wizard69 View Post

If you believe that then you are very gullible.

Lol. Ok, you are right. External devs can't track where you are without requesting permission. Apple and the carriers can.
I wanted dsadsa bit it was taken.
Reply
I wanted dsadsa bit it was taken.
Reply
post #34 of 179
Quote:
Originally Posted by asdasd View Post

Yes but you are an idiot who barely understand what you are posting about, and always supports Apple - who are probably using the UDID all the time in iOS for their own purposes. They certainly do it in the profiles.

The problem isn't what Apple does with the UDID, the problem is what the ad companies can do with it in conjunction with sales and marketing companies.
Quote:

They also allow access to your contacts list without a confirmation, a far greater security risk.

Yes which lead to some of the abuse that started this whole movement towards tighter security in iOS. The reason, the only reason as far as I can see, for the tightening of security is the abuse of current laxity in security by developers. In effect Apple has had to tighten things up due to some very nasty habits of app developers.
post #35 of 179
Quote:
Originally Posted by alienzed View Post

I'm not sure I see the difference between using a MAC address and a supposed UDID...

I don't get it either.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #36 of 179
Quote:
Originally Posted by asdasd View Post

90% of devs can piss off? Excluding Apple which obviously has access to the UDID?

I do not use a single app that has ads. It's intrusive and irritating on a mobile phone, and when on wireless, the user pays to see them. A lot of them are crap anyway.

If someone can't give us an honest-to-goodness free app, yes, they can piss off.
post #37 of 179
Dropping the land line helped a lot there. Back in the day though if one of this idiots called I would just leave the phone off the hook for awhile. They could then talk to the air until tired.

Quote:
Originally Posted by jragosta View Post

I agree about 98%. I do occasionally look at offers that I receive in the mail. Plus, the mail is a good way to get telemarketers to leave you alone. Just tell them to mail you something and you'll look at it. They almost never do.

The only thing that I respond to in the mail is the stuff I specifically sign up for. Generally these are catalogs that are good for a year or quarter. Mostly this is for work related purchases anyways. While some may look at a catalog as a marketing tool I don't see it as being in the same class as the flood of junk mail that comes constantly without being asked for.
post #38 of 179
Quote:
Originally Posted by asdasd View Post

Lol. Ok, you are right. External devs can't track where you are without requesting permission. Apple and the carriers can.


Maybe not real time but very close to it. It takes a bit of cooperation with others but it can be done.
post #39 of 179
Quote:
Originally Posted by asdasd View Post

Apple and the carriers can.

Yes, they can. If you can't see the obvious difference between them and some random app developer, I have no idea what to tell you.
post #40 of 179
Quote:
Originally Posted by alienzed View Post

I'm not sure I see the difference between using a MAC address and a supposed UDID, I mean, neither one specifically identifies a person, just the device itself right? Are they just trying to get the developpers to have people 'sign up'? Otherwise I don't see the point in this move.

UDID + your location most of the time (your home) + cookies and sites you may have visited + any information you might have shared = A unique identifier for you. Gay/Straight, Old/young, Male/Female, and so on. Soon they have a complete database about you and then sell it to advertisers to target you.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Apple reportedly rejecting apps that access UDIDs