Apple Privacy Concerns Go To Court

An anonymous reader writes "From the article: 'Apple is being sued for allegedly letting mobile apps on the iPhone and iPad send personal information to ad networks without the consent of users.' Some of the apps listed are on the Android Market as well, but there is no mention of a similar problem for Google. One wonders if Apple could be persuaded to strip access to the unique phone identifiers from apps." A followup article with an industry lawyer suggests that this lawsuit could be the first of many as users push back against privacy intrusions by app developers and ad networks.

Finally

It's about time someone got tired of it.

Re:Finally

[sarysa]

I don't think this will go far, though. iPhone "social" games rely on UDID, as do many middleware providers. A ruling in favor of hiding the UDID will hurt a lot of non-shady companies as well as ad providers.

android asks the user for permissions

[yincrash]

that is why there is no issue with google.

Re:android asks the user for permissions

[tyger_purr]

Some people will say yes to anything that pops up. Especially if they think they must to use the app.

Re:android asks the user for permissions

[peragrin]

then why do so many android apps require internet access, and other information, even though they are just a simple game?, note pad, etc.

people are use to clicking on yes to continue because that's what they have to do to get it to work. 90% of the population also clicks through EULA's without reading the first sentence. I know I do. I can't be bothered to read it, it would take far longer to read and understand than the contents of the program are worth.

Re:android asks the user for permissions

[dreamchaser]

If you agree to something without reading it then it's your own damn fault if you don't like the outcome.

Re:android asks the user for permissions

that is why there is no issue with google.

iOS asks your permission too. AdMob (owned by Google) encourages you to gather this information by having nice variables for age sex, location, etc. Unless iAd is secretly gathering this info (which they may be, but that hasn't been apple's style), then I really don't see Apple being one of the worst offenders in this category.

Re:android asks the user for permissions

[AndGodSed]

A google could not find it, but there was a story on /. waaay back that told of a financial reward hidden in the eula of a piece of software. Only about ten people read that part of the eula to claim their money.

It was an exercise to see if people actually read the eula.

Re:android asks the user for permissions

In some countries EULA's are not legal binding contracts.

Re:android asks the user for permissions

> Some people will say yes to anything that pops up.

At some point, you can't stop people from being stupid. All you can do is provide a reasonable chance to avoid problems. If they INSIST on getting themselves in trouble by bypassing basic precautions, it's impossible to stop.

App: "Using this app means you'll be kicked in the nuts."
User: "Ok! That's fine."
App: "Whack!"
User: "OWWW! Bloody hell that hurt! Stop that!"
App: "Dude, 3 seconds ago you said it was OK!"

Seriously: that's plant-level intelligence, not human level intelligence. If people are going to act like that, they need to learn that there are consequences.

Re:android asks the user for permissions

then why do so many android apps require internet access, and other information, even though they are just a simple game?

So, get a Blackberry. Of all the things they do horribly wrong, they do get app security right.

You can get your favorite malware-wrapped-in-game app, but choose to deny it "internet" access.

I want an Android.... REALLY, REALLY want an Android, but they don't meet my paranoid security requirements.
I like being able to control what applications can actually do, and having Allow/Prompt/Deny settings for just about every security-related feature makes it easy.

Re:android asks the user for permissions

And in other countries EULA may be legal binding contracts, but there may be limits on what can be agreed upon. For example unreasonable terms may be disregarded, and there can be laws containing things that cannot be overridden.

Re:android asks the user for permissions

[smpoole7]

> then why do so many android apps require internet access, and other information, even though they are just a simple game?, note pad, etc.

Precisely. But it goes a little deeper than that to me. I have an LG Ally (with Verizon), which is a lower-priced Android phone. I don't know if this can be applied across the board, but my experience so far has been a little troubling.

Just to use the Market app, "background data" (i.e., constant access) has to be enabled. Why? Why can't that app simply "dial in," fetch the info, let me make the purchase, and disconnect? I keep Background Data disabled on principle, and yet: the You Tube app continually updates. I don't need Skype on my phone, but it's always re-enabling itself, and constantly "pings" the Intertubez.

Most troubling of all to me is the Backup Assistant. (Do a Google on "disable backup assistant" and you'll see I'm not the only one who hates that thing.) Some of us don't *like* the concept of "cloud" computing. I realize that Google loves it, and in retrospect, I should have thought of that before trading my Blackberry for an Android-based phone. But I don't want my personal data stored on a computer somewhere in Alta Vista or Atlanta. That's MY personal data, and I don't want anyone else to have access to it.

Which raises the question: WHY is Verizon/Android so anal about that Backup Assistant, and having constant Internet access, even when I've specifically disabled it? Call me suspicious, but it DOES make me wonder if they are farming marketable data from that stuff. (The only way to get rid of Backup Assistant, Skype and the You Tube apps, from what I've seen in the Android forums, is to "root" my phone, which will void the warranty.)

Re:android asks the user for permissions

that is why there is no issue with google.

In other news, naive fanboi trusts ad agency with private jumbo jet for execs, that sells personal data for profit, and has a history snooping wireless networks.

Why on God's good Earth do people actually trust Google? Google makes their money from SELLING ADS for other CORPORATIONS. As an ad agency themselves, they sure have done a good job marketing themselves, wouldn't you say?

Re:android asks the user for permissions

"I keep Background Data disabled on principle, and yet: the You Tube app continually updates."

The background data flag doesn't control anything, it is a flag that apps could use figure out the wants of the user.

"The only way to get rid of Backup Assistant, Skype and the You Tube apps, from what I've seen in the Android forums, is to "root" my phone, which will void the warranty.?"

So the costs of a phone is more than you are willing to sacrifice for your privacy. But maybe the moral is that if you value your privacy, don't by a locked down phone.

Re:android asks the user for permissions

[davester666]

Um, you do know Blackberry's work, right?

Unless the company you work for coughed up a lung to run a RIM server internally, all your personal data gets routed through RIM's "cloud" in Canada [which the US gov't likes, because they don't need any pesky warrants to access the data because Canadian's are so accommodating].

Re:android asks the user for permissions

[Bigjeff5]

Any app that is ad supported requires internet access. Most of the free apps are ad supported. Most of them work just fine if you have mobile data turned off (I'm sure a few are assholes about it - I haven't come across any), but the app is still going to try to use the internet to download advertisements if the internet is accessible - ergo the "this app requires network services" type messages. Any app that auto-updates will require this as well, ads or no.

Some apps require access to the cell services in order to allow the app to handle incoming phone calls, for example. The app itself may have nothing to do with making phone calls, or intercepting phone calls, but the interruption from the phone call might cause the program to hang if handled incorrectly. So, it needs to access the cell API in order to handle the app correctly when you receive a call. Ergo "this app requires access to cell services".

The warning allows you to do a little research if it concerns you and find out if this app is ok or if it is doing some funny business.

Most people don't care.

Re:android asks the user for permissions

[contrapunctus]

the problem is that apps don't disclose everything they collect/send in the eula or in permissions screen before you install (for both iphone or android as the case my apply).

Re:android asks the user for permissions

[Bigjeff5]

You should have noticed that the web browser doesn't work without background data either.

You need a constant connection to browse the web, any idiot should know that. The market is just a fancy front-end for a website (you can actually access it on a PC, but you can only download from a phone).

As for Backup Assistant and Skype, that blows. You should go see your Verizon rep. You know you're paying $2 a month for BA right?

Re:android asks the user for permissions

[vlueboy]

I'm not sure if it was the same as what you recalled, but let me highlight the key points I found:

After four months and more than 3,000 downloads, one person finally wrote in. That person, by the way, got a check for $1,000 proving, at least for one person, that it really does pay to read EULAs

(Googled "eula cash reward" without the quotes for a link and a more in-depth article about eulas from that eula reward's maker, PCpitstop.)

Re:android asks the user for permissions

[AndGodSed]

Yep I actually think you found it. I wonder where the /. article went? Maybe it got lost when the database got nuked?

I was around back then, had a low number nick, and then got another one in the 300000 but lost the email address and the password to that one :(

*sigh*

Re:android asks the user for permissions

[vlueboy]

Me too, but it is vexing that AFAIK without owning an iPhone or Android, they do not provide a preferences screen that makes these warnings silently fail / succeed. Yahoo Widgets and Google Chrome lack that feature and I'm bothered every time I'm installing Chrome adblock, for example that "it needs to collect net data" and so on.

It's all or nothing: click "no" and there's no way to use the app with your "choices" forced down the app's throat. When did it come to that? What's next, my firewall rules uninstalling legit copies of Photoshop because I don't wanna let it phone home and check my lan for "rogue" licenses?

Re:android asks the user for permissions

[Jah-Wren+Ryel]

(The only way to get rid of Backup Assistant, Skype and the You Tube apps, from what I've seen in the Android forums, is to "root" my phone, which will void the warranty.)

I've been thinking about a business plan for a startup to sell VPN services to smartphone users. The added value is that the VPN would incorporate a transparent proxy with "deep" packet filtering in order to block or otherwise anonymize all the unnecessary privacy-invasive crap that various popular applications do. That would provide much of, if not more than, the typical privacy benefits of just rooting a phone without the effort of doing so, plus no worries about app-store policies interfering with allowed functionality (as far as affecting other apps goes). I figure we could offer a top-notch legal privacy guarantee for all the traffic we route and clean-up that would trump all of the wishy-washy non-guarantees that you get from google/apple/verizon/etc today. Still thinking about how to handle encrypted traffic though.

Re:android asks the user for permissions

Try this to remove Motorola's taint. Run ADB and type in:
pm disable com.motorola.BackupAssistanceClient
pm disable com.cequint.cityid
pm disable com.vznavigator.DROIDX
pm disable com.motorola.mynet
pm disable com.skype.android.verizon

IIRC this command (pm disable not pm uninstall) doesn't require root.

However... I HIGHLY suggest you root your phone and install an AOSP-based ROM. This is usually a matter of preference with the other brands, e.g. HTC. But Motorola turns Android into pure garbage. The 'Blur' crap alone must take up 1/2 the available memory at boot.

And while I'm suggesting things. Install an Android firewall. DroidWall is a good one.

Re:android asks the user for permissions

Oops. I missed that VZNavigator was specific to the X. Anyway... you can find out the package names by running pm list packages -f.

Re:android asks the user for permissions

[vlueboy]

Wow, thanks! I just looked for "slashdot EULA cash" and found the /. story. I google and never bother with /.'s own search system, because it doesn't work.

It's the worst thing when you're stuck with a locked out or defunct job/company e-mail and unable to destroy or update settings. I now register or replace unreachable e-mails under my oldest Yahoo account instead of, job X's domain.

Oh, I too had a 6-digit ID back in '05 that I barely use. It's sobering to see how throughout this decade the 2,3,4,5 and first quarter million 6 digit ID's have abandoned us or just stopped posting.

Now off to read!

Re:android asks the user for permissions

[vlueboy]

Have stopped posting OR re-registered, like me and lots of other /. people. Personal friends mention apathy to posting while logged in or registering. Being unable to resurrect old accounts so we can go by those old but well-known handles is another things that would come in handy to some.

Re:android asks the user for permissions

[DMUTPeregrine]

DroidWall (on a rooted phone only) makes custom iptables chains and can block apps. Pretty easy solution to have your cake and eat it too.

Rooting android phones is pretty much a pre-requisite to get all the good stuff, sadly.

Re:android asks the user for permissions

[AndGodSed]

Yeah. I wonder what percentage of the (soon to be) 2million users will be duplicate accounts for whatever reason.

I know of one guy who was able to get his details from the /. guys. Maybe I should try that...

Fun chatting with you, have a great 2011.

(Also thanks for getting the article, good reading.)

Re:android asks the user for permissions

[vlueboy]

Thanks!
You too.

Re:android asks the user for permissions

errr, read the title of this efing article, they have been sued because of that. reality distortion field MUCH?

Re:android asks the user for permissions

[smpoole7]

> You should have noticed that the web browser doesn't work without background data either.

Mine does. Works fine.

Re:android asks the user for permissions

[smpoole7]

> you do know Blackberry's work, right? ... "cloud" in Canada ...

No, I DIDN'T know that. Sigh. I shouldn't have been so naive, though.

All I want is a handy-dandy little PDA/phone with some apps that I use in my work. I text, I like to browse the Web and do a few other things. I'm not the least interested in video or even in music (no time to listen to it). Why do the companies make this so hard? :)

Re:android asks the user for permissions

[tlhIngan]

then why do so many android apps require internet access, and other information, even though they are just a simple game?, note pad, etc.

people are use to clicking on yes to continue because that's what they have to do to get it to work. 90% of the population also clicks through EULA's without reading the first sentence. I know I do. I can't be bothered to read it, it would take far longer to read and understand than the contents of the program are worth.,

That's why the Android system is a failure. UI researchers and UI developers already know this - if you put a dialog box in between the user clicking the button and accomplishing the task, the user ALWAYS dismisses it without reading. It's why UAC dialogs are a fail for general users. Every dialog and confirmation button click you impose gets dismissed without the user even clicking it. Users also don't read dialogs - error messages or anything.

The iPhone is similarly bad with push notifications - apps can produce way too many popups as well.

Users have never read a thing. Dialogs that get in the way especially.

Re:android asks the user for permissions

Unfortunately, that's what all major companies want. I specifically avoid those apps that have no reason for location data other than ads, though I do give leniency to those apps who specifically state in the app description what they use permissions for (for being open and honest)

Feel free to sell your phone and get a phone without extra apps installed -- giving you the choice. This pretty much narrows it down to a Nexus One or Nexus S. There might even a be a community build that allows you to have even finer grained control of the network connections. There may be other phones that have little shovelware installed, but you'll have to do your research then. (Nike+ for i-platform users is installed, and not removable so for those who think they are free -- you're not.)

For me, background data doesn't affect browser, so I don't know why it's been "tethered" together on certain phones.

Apple privacy policy

[sigzero]

It CLEARLY states what is or isn't being done.

UDIDs are here to stay

[Bogtha]

One wonders if Apple could be persuaded to strip access to the unique phone identifiers from apps.

Apple won't do this any time soon. They are very demanding when it comes to backwards compatibility, and even if they kept the API but gave a dummy identifier, this would break many apps. The most I can see happening is that Apple may put a clause in their guidelines. But they did that already, and got criticised for it. It's possible that they could generate a different permanent dummy identifier on a per-app basis, but this would still break several uses for the UDID.

Referring to the UDID as "personal information" strikes me as being quite inaccurate. It uniquely identifies a device, not a person. You cannot use the UDID to get any actual personal information unless the user gives that information. The only way to get personal information without the user's consent when you only have a UDID is for developers to collude; if a user gives personal information to one app that records it along with their UDID, then the developer of that app shares that information with another developer who only has the UDID, obviously that will work. But the same arguments mostly apply to things like IP addresses as well, and those aren't usually considered to be personal information.

Re:UDIDs are here to stay

[jolyonr]

There's no reason why iOS have to send the genuine UDIDs to the app developer. If the app requests a UDID for the device, iOS should generate a key that is unique for that device AND THAT DEVELOPER.

So a developer can see if a user has (for example) used the previous 'free' version of their paid app, but these keys would be meaningless to other developers.

It may still be possible for developers to find out the UDID through unauthorized means, but then the developer would clearly be breaking Apple rules and is at risk of being kicked out of the appstore.

Jolyon

Re:UDIDs are here to stay

[jolyonr]

Hate to say this, but your new iPhone is going to have a different UDID anyway. As long as your old phone is backed up and your new phone authorized to your itunes account, you shouldn't have any problems either way.

Re:UDIDs are here to stay

Referring to the UDID as "personal information" strikes me as being quite inaccurate. It uniquely identifies a device, not a person.

And pray tell, how many people will be using that device ? AFAIK for most of the devices that will be only a single person.

But you could say in the same sense that a persons name does not uniquely identify a person at all. After all, there could be several persons with the same name on this earth. And with a bit of effort you can even change it.

Even if there is only a single person with that name you could claim it only identifies (if at all) the body, not the person itself.

The problem is that it does not matter. If some kind, any kind of tag can be used to get something to a single person every time than that info is definitily "personally identifiable" to me.

Even if that phone is used between several members of the same household, that number would identify 2.6 persons (average number of persons in a houshold in Europe) outof the occupants of this whole world.

That is better than the certainty of DNA typing, and a few orders of magnitude better than what a run-of-the-mill targetting spammer needs.

Re:UDIDs are here to stay

[ToasterMonkey]

If the app requests a UDID for the device, iOS should generate a key that is unique for that device AND THAT DEVELOPER.

How in the hell would you implement that? +4 insightful.

Re:UDIDs are here to stay

[Roger+Lindsjo]

Could not every download from the app store come with the UDID? Surely apple knows which device you have and who the developer of the application is and has control of the iOS so when the UDID is requested the generated device+developer one is returned?

Re:UDIDs are here to stay

[gnasher719]

There's no reason why iOS have to send the genuine UDIDs to the app developer. If the app requests a UDID for the device, iOS should generate a key that is unique for that device AND THAT DEVELOPER.

That's mostly missing the point. If the application talks to a server and tells it that ID (which it shouldn't in the first place) then the server will recognise you under that id, from that application. They don't know which phone, or your name, but they know it is the same person and that is all that counts. What you say would only help if multiple apps on your phone talk to the same server.

Re:UDIDs are here to stay

Speaking as an app developer, there is no reason to ever use UDID in the App store that can't be done using account/password or OpenID. Provisioning for testing is the only time UDID's make sense but testing is time limited and restricted to 100 devices. Enterprise is another, but that is not what this lawsuit is about.

This is about the use of UDID's for the aggregation of users' personal information.

It is already happening.

For example, Flurry, a popular library which has a lot of developers using its API in the app store, uses AppCircle as virtual currency for the purpose of advertising. So it is very likely that if an iPhone is purchased second-hand, then that advertising profile from the first user will carry over.

Here's another example from an app developer,

Fluent Mobile Websites and Applications
When you use certain features of our website and applications, we may collect personally identifiable information from you that may include your email address and mobile phone number.

via Fluent Mobile Inc

Personally, I find it reprehensible, and I don't do it, but I continuously read about other developers doing it.

Posting Anonymously because this is Apple we are discussing about.

Re:UDIDs are here to stay

[dave562]

Maybe a simple mathematical algorithm? Each developer gets the equivalent of a "developer key" that is then combined with the UDID and a special third key that only Apple knows.

Re:UDIDs are here to stay

[adavies42]

aren't all the app-store apps cryptographically signed? hash the UDID and the app signature together, that should generate a new unique id specific to the (app,device) combination. alternatively, hash with the one of the developer's keys if you want a (developer,device) id.

Re:UDIDs are here to stay

[jeremyp]

You need to explain what you mean by "identify". I'm reasonably sure that if I gave you a random UDID you could not figure out which person the phone belonged to. That's what I normally understand by "identify".

The UDID is of no use unless you have some other information to go with it e.g. an email address, a geolocation etc.

Re:UDIDs are here to stay

[Sam+Douglas]

It's the same as with Facebook applications. Alone, the UDID is not that useful, but what if you create a database across the different apps you publish, or give the data to a third party? You can identify which apps the person uses on a regular basis and that's a fucking gold mine of information to advertisers.

Re:UDIDs are here to stay

[Netshroud]

iOS already does this for Push Notifications.

Re:UDIDs are here to stay

[lakeland]

Hardly sounds hard - the developer is encoded into the app. Do you really want me to post an algorithm? how about hash(UDID + developer name) as a first shot?

Re:DAMMIT SLASHDOT !! FIX THIS BROKEN POS !!

The odd posts are where Slashdot stores your private information that they sell to advertisers. Users only see the even posts. You have to be an advertiser to see the odd ones as well.

android is favored by the righteous

[MobileTatsu-NJG]

that is why there is no issue with google.

Re:DAMMIT SLASHDOT !! FIX THIS BROKEN POS !!

[MrAnadin]

most of the posts on /. are odd.

But you are just giving the same info

[SuperKendall]

There's no reason why iOS have to send the genuine UDIDs to the app developer. If the app requests a UDID for the device, iOS should generate a key that is unique for that device AND THAT DEVELOPER.

Why? What benefit does that give you? You would get EXACTLY THE SAME DATA you collect today, using the UDID. It would be exactly of the same use to track the user; i.e. virtually none.

Seriously, what can you do with a UDID you couldn't do with the MAC address from the phone. Should we ban those as well? How about we just ban network connections altogether?

Re:But you are just giving the same info

[MobyDisk]

You can't get the mac address of the phone over an HTTP request.

Re:But you are just giving the same info

[bazald]

If you already have an app on the device, with the right permissions, it would be trivial to look up the mac address from the device and send it out over TCP. But then I'm not an iOS developer, so maybe I'm mistaken.

Re:But you are just giving the same info

[MobyDisk]

True. I was more worried about HTML5 apps/web pages. But yeah, true apps can do whatever they want. Heck, I think they cna just pull your contact list and photos and send it if they want.

Double charge

[n_djinn]

I am just sick of essentially being double charged by advertisers. I have to pay for data access on my device, then I am paying for the data transfer that the advertisers use and with wide open throttle, they will use a lot. That to me is NOT ok

This is Apple's problem?

Is it really Apple's problem that 3rd parties do this? Is it Apple's fault because ultimately they certify the apps? Or are they suing Apple specifically for the apps Apple has produced, and then suing 3rd parties if that is successful? The UDID exists, but no 3rd party is obligated to use that information and many don't. The article is light on details.

Re:DAMMIT SLASHDOT !! FIX THIS BROKEN POS !!

Because slashdot is a great big phoney!

Even a calculator may want to phone home ...

[perpenso]

... then why do so many android apps require internet access, and other information, even though they are just a simple game?, note pad, etc ...

Apps may report non-personal info that is used only by the app developer. For example is the device a phone or tablet, what version of the OS is being used, what 3D chip? Things that a developer may find useful in order to guide further development.

Even a calculator might want to "phone" non-personal info home. I have a calculator, Perpenso Calc for iPhone and iPad. It offers scientific, statistics, hex and bill/tip functionality. An update will soon add business/finance functionality. I have *thought about* adding code that records the number of operations performed in each of these area and reporting back to a server. This info would be transmitted in annotated plain text so that anyone watching packets can verify for themselves that no personally identifiable information is being sent and that the data is as advertised. On the sever side the data would be anonymously logged, no IP addresses or anything else. The purpose of all this would be to see which calculator functionality (scientific, hex or business) is more heavily used, and to guide further development using the feedback.

Again, I have *not* done this. Its just a thought. However I think this offers an example of a non-malevolent reason for virtually any app to establish a network connection. I am eager to hear community opinions, I encourage folks to post a response. Thanks in advance.

Re:Even a calculator may want to phone home ...

I think that would be fine, although you should add a huge disclaimer in the description. Many apps that people complain about using 'unneeded' permissions don't clarify WHY they need them.

Splitting the APK in two would solve this neatly (make the stats sender an external plugin service) however this is a weakness of the market... no one is going to install 2 'apps' unless they really want the extra functionality.

Also, this seems like an area where Google could improve Android in the future. Similar to how crash reports can be sent over the Market, IMO it would be neat if they created a 'usage statistics' API for developers.

Re:Even a calculator may want to phone home ...

[perpenso]

I think that would be fine, although you should add a huge disclaimer in the description. Many apps that people complain about using 'unneeded' permissions don't clarify WHY they need them.

I am inclined to mention this in the integrated manual and the downloadable pdf manual.

Re:Even a calculator may want to phone home ...

[R3d+M3rcury]

Suggestions:

• Make it Opt-In, not Opt-Out. Allow the user to Opt-Out (or Opt-In) at any time.
• Show the user what will be sent and allow them to agree to it.

That said, this is a slippery slope. You're better off actually trying to talk to your customers and find out what they would like to see. Of course, according to Apple, they aren't your customers, they're Apple's customers. That might make this a little more difficult.

Re:Even a calculator may want to phone home ...

[lakeland]

I'm not sure, the statistics would be pretty meaningless if it were opt-in.

Overall though, I'm not convinced it's a good idea. If I were looking for a calculator on my phone / tablet, I would want to know that it has a heap of capacity which I am not using. You'd probably pick up
the day to day frustrations that using your app has by talking to people more effectively than gathering usage statistics.

For instance, imagine your app has lousy graphing capability (I don't know your app, so treat this as hypothetical). According to the statistics, you'll find your users don't use the graphing capability. If you log more than you claimed above, you might have enough to know that every user used the graphics once before giving up on it, or you might not. Either way, I'd be impressed if you could infer the root cause (wanted functionality, but what's provided sucks). A user study would pick this up quickly and accurately.

They are a bit random, you might get a few features which just one person wants - and you'll have to be careful about feature creep, leading questions etc, but those are all surmountable problems.

Another article that makes me want to hug my n900

And that is despite nokia ignoring it nearly to the point of deliberately sabotaging it, at the same time dragging their feet and mucking up its successor phone/platform. Its not that I trust them either, I'm sure some of their management is salivating about building up an "app empire" of their own to milk data from.

I can install and run any PROGRAM* I want to do just about anything the hardware is capable of. There are some limits due to closed drivers and such, but the community is still managing to work its way around some of those. The biggest closed driver offender is the battery management but usb host mode is mostly working in spite of it. There are also some limits that are more about the lack of driver completeness rather than being closed, the wlan chip is a good example of this.

I have full control over the PROGRAM* due to being root when needed, if it is particularly insidious it can be denied access to files/programs/networks/domains/etc or even lied to believe it is "online" when in fact it is safely jailed in a neat little sandbox.

Its also quite nice to be able to run a browser with ad filtering, script blocking, user agent modification and whatever else needed for control freak websites, those are becoming really popular with developers now and really annoying.
I can load the "full desktop version" of many sites much faster than someone next to me on the same network can load the dumbed down "mobile version", its amazing how much bandwidth can be saved and spurious dns queries avoided for the 50 different ad/tracking domains. I even still (mostly) eat my flash cake too! I can selectively run most embedded flash videos and avoid the rest of them, the burnt crust :)

* "app" is a iMarketing crapware buzzword. Though it does match being a bastardized incomplete version of the word application, much like the half-arsed garbage that fills the "huge library of apps" often touted by the two main platforms. Its sad they expect people to pay for some of that absolute trash AND bend over to the spyware as well.

Corrected link

[Legion303]

Why the hell is Slashdot linking to some cnet blog instead of the actual article? Is it because "anonymous reader" is a cnet shill?

http://www.businessweek.com/news/2010-12-30/apple-sued-over-applications-giving-information-to-advertisers.html

Re:Another article that makes me want to hug my n9

[kenshin33]

* "app" is a iMarketing crapware buzzword. Though it does match being a bastardized incomplete version of the word application, much like the half-arsed garbage that fills the "huge library of apps" often touted by the two main platforms. Its sad they expect people to pay for some of that absolute trash AND bend over to the spyware as well.

+1

Other Way

[SuperKendall]

You can't get the mac address of the phone over an HTTP request.

Doesn't matter. You are advocating a way for a system to obsfucate the UDID of the phone, when the developer can write code to get the MAC address of the phone and send that if they like.

But even then it still doesn't matter, because the Developer-unique UDID you are proposing means that multiple applications from that same developer can all send the same UDID to servers the developer runs. Which is exactly the same as the current situation, servers the developer runs all get the UDID. Since the developer cannot see servers the developer cannot run, it doesn't matter that the UDID is the same between developers.

Again, lay out EXACTLY what problem your system prevents. Or indeed any problem the current system even has - because there is none. There is simply no way to tie a UDID back to a person. In fact I far prefer application developers send this information to a server over collecting a username, because the UDID is totally anonymous.

Re:Other Way

[MobyDisk]

I'm not the one who proposed the system. I'm not advocating it. I just pointed out one small fact.

Ah, sorry...

[SuperKendall]

I didn't look to see that you were not the OP, sorry... but it doesn't change the point that MAC over HTTP is irrelevant.