Apple was hit this week with a fourth potential class-action lawsuit for allegedly violating the privacy of iPhone and iPad users by transmitting the devices' unique identifiers to app developers.
This latest case, brought Tuesday in U.S. District Court in San Jose, Calif. by Daniel Rodimer and nine other consumers, alleges that Apple violated federal computer fraud and wiretap laws, as well as California state laws.
Rodimer and the others allege they never authorized Apple to transmit their mobile devices' unique identifiers -- 40-digit numbers that identify individual phones -- to app developers or their affiliates. They also assert that they wouldn't have downloaded applications had they realized that developers would then be able to track their devices. In addition to Apple, the consumers also sued 11 outside companies that offer apps, including The New York Times Co., Pandora, WebMD, Yelp and Groupon.
As with the other recent privacy lawsuits against Apple, the consumers point to recent research showing that many developers have configured their apps to transmit the unique numbers associated with users' iPads and iPhones.
Last month, researchers at the Technical University of Vienna reported that more than half of the 1,400 iPhone apps they studied collected users' device IDs. Thirty-six of those apps accessed the phone's location, while five gleaned information about the users' contacts. An earlier study by Bucknell University assistant director of information security and networking Eric Smith found that 68% of the most popular iPhone apps transmitted the devices' unique numbers to outside servers owned by either the developer or an advertiser.
Apple has not yet responded to the complaints, but some observers have expressed skepticism about whether courts will allow these lawsuits to proceed. For one thing, some courts have dismissed privacy lawsuits when consumers could not show that they had been harmed by an alleged data leak. Rodimer and the other consumers allege that they are harmed on the theory their bandwidth was used when an app allegedly gleaned their devices' identifiers, but it's not clear how far that argument will get in court.
It's also uncertain whether courts will rule that transmitting a unique device number -- as opposed to a name or street address -- raises any privacy issues. The consumers argue that a device identifier can't be anonymous because it's unique. "If merged with GPS data, it provides unlimited advertising opportunities," the lawsuit alleges. But in another privacy lawsuit, a federal judge held that unique numbers like IP addresses are not personal information.
Rodimer and the other plaintiffs are represented by Joseph Malley of Dallas, who has represented consumers in privacy lawsuits against other Web companies including Facebook, NebuAd and Netflix.