Many Top iPhone Apps Collect Unique Device ID 194
An anonymous reader writes "It looks like iPhone users are not immune to the types of data leaks recently discovered on the Android platform. Researchers looked at the top free applications available from the App Store and discovered that '68% of these applications were transmitting UDIDs to servers under the application vendor's control each time the application is launched.' The iPhone's Unique Device ID, or UDID, cannot be changed, nor can its transmission be disabled by the user. The full paper is available in PDF form."
Re:And? Care factor zero (Score:3, Informative)
You can set a default per-app in the Location Services option screen.
Re:And? Care factor zero (Score:1, Informative)
From the summary... "We also confirmed that some applications are able to link the UDID to a real-world identity."
If you read the paper... (Score:3, Informative)
Re:What's That? (Score:5, Informative)
The UID identifies the iPhone within XCode. It enables things like authentication without passwords for (trivial) applications. For example if I have an app with profiles, and that app is only usable on the iPhone, there is no need for a password or login, I can just use the UID.
Big whoop.
Re:And? Care factor zero (Score:2, Informative)
For example, Amazon’s application communicates the logged-in user’s real name in plain text, along with the UDID, permitting both Amazon.com and network eavesdroppers to easily match a phone’s UDID with the name of the phone’s owner. The CBS News application transmits both the UDID and the iPhone device’s user-assigned name, which frequently contains the owner’s real name.
Re:And? Care factor zero (Score:3, Informative)
Incorrect. Without using Location Services (and asking permission) apps have no access to anything involving the Wi-Fi SSIDs surrounding you.
And as for IP address...
WARNING! Your computer is broadcasting your IP address!
Be serious.
Incidentally, with rare exceptions, the IP address of your phone, as assigned from your carrier, is in a private IP range. If you're connecting to a server, which will then have your public IP address, do you really feel you have any expectation of privacy, as far as the server not attempting to map your IP address to a location?
it's all good (Score:3, Informative)
Unique device ID doesn't violate privacy whatsoever since there is no link to your name, address, etc..
It DOES however provide a great way of ensuring "trial" or "lite" apps handled by a server and doing what you intended in say limiting results or whatever.. it also is good for internal logs since you can refine your app by looking at how the app is used, both overall as well as individual patterns.
You don't need GPS, personal or any other information at all to provide LOTS of benefits and an IMPROVED app once you have a access to a unique ID that doesn't involve registering username or whatever as annoying websites do.
I think a credible business would disclose in an open way what server transactions are involved on a per-app basis and with our new server suite being rolled out I know we will provide a web page per app detailing this so it's all open and above board and the benefits given.
Re:What's That? (Score:3, Informative)
The summary was specific to the top FREE apps. What do you expect they are going to refund? Why are we discussing locking it to one device? They are already free for all your devices. Its about tracking, pure and simple.
Re:UDID does not identify a user (Score:4, Informative)
Re:What's That? (Score:3, Informative)
Pandora (Score:5, Informative)
Re:What's That? (Score:0, Informative)
SO they get a DID, a Mac address, an IP. They follow you around. Maybe they decide to go into various Java cache and sniff around if they can. Java cache locations aren't tough to figure out. There's more than one way to skin a cat, or a bad Java app.
Wrong platform!
iOS devices don't run Java ANYTHING. You're thinking of Android.