Forgot your password?
typodupeerror
Iphone Privacy Software Apple

Many Top iPhone Apps Collect Unique Device ID 194

Posted by Soulskill
from the your-computer-is-broadcasting-a-UDID dept.
An anonymous reader writes "It looks like iPhone users are not immune to the types of data leaks recently discovered on the Android platform. Researchers looked at the top free applications available from the App Store and discovered that '68% of these applications were transmitting UDIDs to servers under the application vendor's control each time the application is launched.' The iPhone's Unique Device ID, or UDID, cannot be changed, nor can its transmission be disabled by the user. The full paper is available in PDF form."
This discussion has been archived. No new comments can be posted.

Many Top iPhone Apps Collect Unique Device ID

Comments Filter:
  • by grub (11606) * <slashdot@grub.net> on Friday October 01, 2010 @07:37PM (#33766552) Homepage Journal
    All iOS apps that ask for location info generate a permissions dialog.
    You can set a default per-app in the Location Services option screen.
  • by Anonymous Coward on Friday October 01, 2010 @07:42PM (#33766600)

    From the summary... "We also confirmed that some applications are able to link the UDID to a real-world identity."

  • by layertwo (1913436) on Friday October 01, 2010 @07:47PM (#33766634)
    "We also confirmed that some applications are able to link the UDID to a real-world identity."
  • Re:What's That? (Score:5, Informative)

    by TheGeneration (228855) on Friday October 01, 2010 @08:01PM (#33766726) Journal

    The UID identifies the iPhone within XCode. It enables things like authentication without passwords for (trivial) applications. For example if I have an app with profiles, and that app is only usable on the iPhone, there is no need for a password or login, I can just use the UID.

    Big whoop.

  • by Jazzbunny (1251002) on Friday October 01, 2010 @08:05PM (#33766752)
    You don't see the problem because you didn't read the pdf:

    For example, Amazon’s application communicates the logged-in user’s real name in plain text, along with the UDID, permitting both Amazon.com and network eavesdroppers to easily match a phone’s UDID with the name of the phone’s owner. The CBS News application transmits both the UDID and the iPhone device’s user-assigned name, which frequently contains the owner’s real name.

  • by alannon (54117) on Friday October 01, 2010 @08:09PM (#33766766)

    Incorrect. Without using Location Services (and asking permission) apps have no access to anything involving the Wi-Fi SSIDs surrounding you.

    And as for IP address...
    WARNING! Your computer is broadcasting your IP address!
    Be serious.

    Incidentally, with rare exceptions, the IP address of your phone, as assigned from your carrier, is in a private IP range. If you're connecting to a server, which will then have your public IP address, do you really feel you have any expectation of privacy, as far as the server not attempting to map your IP address to a location?

  • it's all good (Score:3, Informative)

    by somewhere in AU (628338) <alexm@findmap.com.au> on Friday October 01, 2010 @08:39PM (#33767000) Homepage

    Unique device ID doesn't violate privacy whatsoever since there is no link to your name, address, etc..

    It DOES however provide a great way of ensuring "trial" or "lite" apps handled by a server and doing what you intended in say limiting results or whatever.. it also is good for internal logs since you can refine your app by looking at how the app is used, both overall as well as individual patterns.

    You don't need GPS, personal or any other information at all to provide LOTS of benefits and an IMPROVED app once you have a access to a unique ID that doesn't involve registering username or whatever as annoying websites do.

    I think a credible business would disclose in an open way what server transactions are involved on a per-app basis and with our new server suite being rolled out I know we will provide a web page per app detailing this so it's all open and above board and the benefits given.

  • Re:What's That? (Score:3, Informative)

    by Anonymous Coward on Friday October 01, 2010 @08:57PM (#33767128)

    The summary was specific to the top FREE apps. What do you expect they are going to refund? Why are we discussing locking it to one device? They are already free for all your devices. Its about tracking, pure and simple.

  • by TrancePhreak (576593) on Friday October 01, 2010 @09:23PM (#33767262)
    The UDID is pretty long, doesn't really make for a good user name. This is an example UDID: 2b6f0cc904d137be2e1730235f5664094b831186
  • Re:What's That? (Score:3, Informative)

    by hsmith (818216) on Friday October 01, 2010 @09:56PM (#33767446)
    Well you are certainly full of it. Apple gives back their portion of refunds as well. They hold the option to NOT do that though.
  • Pandora (Score:5, Informative)

    by Culture20 (968837) on Friday October 01, 2010 @10:16PM (#33767562)
    Yeah, I noticed that with Pandora after my friend sold me his old phone (he had it wiped first). I downloaded Pandora and started screwing around with his stations because I thought they were just default stations Pandora gave me. They were basing access on the UDID.
  • Re:What's That? (Score:0, Informative)

    by macs4all (973270) on Friday October 01, 2010 @11:39PM (#33767936)

    SO they get a DID, a Mac address, an IP. They follow you around. Maybe they decide to go into various Java cache and sniff around if they can. Java cache locations aren't tough to figure out. There's more than one way to skin a cat, or a bad Java app.

    Wrong platform!

    iOS devices don't run Java ANYTHING. You're thinking of Android.

The universe does not have laws -- it has habits, and habits can be broken.

Working...