Slashdot Mirror

← Back to Stories (view on slashdot.org)

Many Top iPhone Apps Collect Unique Device ID

Posted by Soulskill on from the your-computer-is-broadcasting-a-UDID dept.

An anonymous reader writes "It looks like iPhone users are not immune to the types of data leaks recently discovered on the Android platform. Researchers looked at the top free applications available from the App Store and discovered that '68% of these applications were transmitting UDIDs to servers under the application vendor's control each time the application is launched.' The iPhone's Unique Device ID, or UDID, cannot be changed, nor can its transmission be disabled by the user. The full paper is available in PDF form."

5 of 194 comments (clear)

  1. What's That? by MightyMartian · · Score: 3, Insightful

    What's that? Why, I think it's the sound of the other shoe dropping!

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
    1. Re:What's That? by ceoyoyo · · Score: 3, Insightful

      And phone number.

      Unless Apple is helpfully giving out your name and address to go along with the UDID (which I very much doubt), it's just a way to see how many people are using your app.

    2. Re:What's That? by ceoyoyo · · Score: 3, Insightful

      It enables things like that IF Apple weren't looking over their shoulder. Provided the app got past the approval process in the first place, someone would undoubtedly complain to Apple. Apple would then yank the app from the store and offer everyone refunds. Oh, and as a developer when you give a refund YOU give a refund. Apple doesn't give back their 30%.

      So no, nobody's going to do anything that stupid.

  2. Is there a difference? by blair1q · · Score: 4, Insightful

    iPhone and Android. Two peas in different pods.

    The Internet is not secure.

    Your phone company is not your mommy.

    Software is more complex than humans can comprehend, and there will be holes in its behavior relative to your expectation, especially but not exclusively when you were not the one who wrote the requirements for it, but especially again when the people writing it want to leave avenues for future revenue growth.

  3. Re:UDID does not identify a user by deimtee · · Score: 3, Insightful

    So you have buttons that say "Use device ID" and "Select a Username". You don't have to actually display the ID.
    Would also give you some data about how many people care enough to create a username rather than use the UDID.
    On the server side you need to come up with a way to tie multiple devices to the one account if they use the UDID option. Possibly have a "link another device" option that has the server generate a code transmitted back to the first device, that they have to key in on the second.

    --
    I'm guessing that wasn't on their radar screen...