Apple Begins Rejecting Apps for Using the Unique Device Identifier (UDID)

[marksman]

Too bad APPLE THEMSELVES won't institute a program by which they blacklist iDevices that are stolen, leaving whoever steals a phone is required to jailbreak it and never use iTunes.

When I say stolen I mean stolen - such as I have a bona-fide police report from my local precinct with the serial number, etc., on file.

There is no reason they cannot do it - they simply choose not to do it.

There was a recent article on how phone companies could do the same thing in the US. They don't. I figure when people get roughed up (or someone's daughter or son get mauled for their piece of iCandy), that someone will eventually get mad enough to kneecap one of the execs in these companies that refuse to help shut down the black markets.

A police report is not proof of a theft. It is just proof someone claimed something was stolen. That is an impossible burden to put in apple to sort out what is legitimate and what is not.

Give me your serial number for your phone and i could easily get a police report saying it was stolen from me. It is not evidence or proof.

 

[astrorider]

I think it would be irresponsible for any app developer to not treat customer privacy issues with the utmost urgency. All app developers should have moved as swiftly as possible to replace something that is viewed as a major privacy problem for end users. Any developer didn't is negligent in knowing their business and how to manage it.

This is not any old deprecated function. It was clear what the issue was and that it was serious. Any developer who did not take that information to mean they should act as quickly as possible did a very poor job.

It clearly sends a message to the end user that the developer does not take privacy issues seriously. There are no legitimate excuses. People are right when they peg it on laziness. It was a lazy thing to use to begin with and lazy and negligent not to change it as quickly as possible.

For some perspective, you might want to read up on UDID. Below is from Apple's documentation, until the end of last year that is. To paraphrase, there's no privacy issue with UDID when used as intended.

"A device’s unique identifier (sometimes abbreviated as UDID for Unique Device Identifier) is a hash value composed from various hardware identifiers such as the device serial number. It is guaranteed to be unique for each device. The UDID is independent of the device name. For devices that use a SIM (subscriber identity module) card, the UDID is independent of the SIM card.

For user security and privacy, you must not publicly associate a device’s unique identifier with a user account.

You may use the UDID, in conjunction with an application-specific user ID, for identifying application-specific data on your server. For example, you could use a device-user combination ID to control access to registered products or when storing high scores for a game in a central server. However, if you are developing a game, you may want to instead use Game Center’s player identifier key as explained in Game Kit Programming Guide.

Important: Never store user information based solely on the UDID. Always use a combination of UDID and application-specific user ID. A combined ID ensures that if a user passes a device on to another user, the new user will not have access to the original user’s data."