Apple Cuts Off Access To Unique Device Identifers

Two years ago, Apple warned that it intended to stop allowing developers to access iPhone users' unique device identifiers.

Now, the company has given developers a firm deadline: May 1. As of that date, the App Store “will no longer accept new apps or app updates that access UDIDs,” Apple announced in a notice to developers. The company is advising developers to replace unique device identifiers -- 40-character alphanumeric strings -- with the “advertising identifiers” rolled out in iOS6.

Advertising identifiers differ in at least one critical way from unique device identifiers: Consumers can delete and reset ad identifiers.

Even before Apple's announcement about the new ad identifiers, some mobile companies rolled out their own opt-out tools. But using them wasn't nearly as easy as hitting a reset button. The tools required users to enter their devices' unique identifiers to an ad network's site. The network then kept records of which devices opted out of online behavioral advertising, and didn't serve targeted ads to those devices.

It seems likely that Apple's decision to limit access to unique device identifiers was driven by criticism the company faced for enabling developers -- as well as mobile ad networks -- to track users without first notifying them, let alone  allowing them to opt out. Two years ago, researchers at the Technical University of Vienna reported that more than half of the 1,400 iPhone apps they studied collected users' device IDs. Dozens of those apps accessed the phone's location, while a handful gleaned information about the users' contacts. Another, slightly earlier study by a Bucknell University official found that 68% of the most popular iPhone apps transmitted the devices' unique identifiers to outside servers owned by either the developer or an advertiser.

Those reports sparked a slew of bad press for Apple. They also resulted in a class-action lawsuit against Apple. That case is still pending in federal court in the Northern District of California.

Despite Apple's new policies, any ad networks determined to continue tracking users can probably find a way to do so. If those companies can't use unique device identifiers, they might be able to track users via MAC addresses, device fingerprints, or other methods that are hard for users to control. Of course, circumventing devices' privacy settings is a dubious practice at best, and illegal at worst. Still, it's worth noting that the potential for bad publicity, and even lawsuits, didn't stop companies from evading privacy settings in the past.

2 comments about "Apple Cuts Off Access To Unique Device Identifers".
Check to receive email when comments are posted.
  1. Pete Austin from Fresh Relevance, March 25, 2013 at 5:32 a.m.

    Devices don't have privacy; people have privacy. So there is only a problem with circumventing devices' privacy settings if they are also privacy settings for an individual person associated with the device, such as its owner. If Apple, or any other third party, changes settings without even consulting device owners and users, then I don't see how the resulting settings can be said to reflect the wishes of anyone except Apple management - certainly not users. For a clearer example, consider what would happen if a marketing company found a way to change these settings on Apple devices - could other marketers then ignore users' privacy on the basis that the new settings said they could? I think not.

  2. Pete Austin from Fresh Relevance, March 25, 2013 at 5:44 a.m.

    Also, "The company is advising developers to [use] the “advertising identifiers” rolled out in iOS6.". Like lots of people, I didn't upgrade to iOS6 because the Apple Maps fiasco left people unable to find my house. Will this make me untrackable?

Next story loading loading..