Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Phasing Out Developer Access to UDIDs in iOS 5
- Thread starter MacRumors
- Start date
- Sort by reaction score
Folks, Apple aren't removing access to UUIDs, they're just deprecating them. All that "deprecation" means is that is that UUIDs are not recommended for use in new applications.
UUIDs are typically used as database keys in apps that connect to servers. So why are they being deprecated?
Because UUID's uniquely identify a device, not a user. This is problematic in several scenarios:
With iCloud, Apple now have a fairly reliable way to identify users rather than just devices. Since developers can make use of iCloud too, this is presumably the recommended way going forward. Hence the UUID deprecation.
UUIDs are typically used as database keys in apps that connect to servers. So why are they being deprecated?
Because UUID's uniquely identify a device, not a user. This is problematic in several scenarios:
- users with multiple devices. If a user has both, say, an iPhone and an iPad, and an app that runs on both of them, they want the same data to be available on both devices. Using UUID as an identifier means this doesn't work. If an app was storing some server-side data for me, this would get lost.
- devices with multiple users. iOS doesn't currently support multiple users, but maybe it will in the future. Using a user-based identifier will be needed to make this work.
- upgrades. When I upgrade my 3GS to a shiny new iPhone 5 in October, the UUID will change. If any app was storing data server-side based on only my UUID, that data would become inaccessible.
With iCloud, Apple now have a fairly reliable way to identify users rather than just devices. Since developers can make use of iCloud too, this is presumably the recommended way going forward. Hence the UUID deprecation.
Last edited:
Well this is going to screw up my app
At the time I developed my app there was no way to ask Apple what subscriptions a user had bought (you can ask Apple what once off purchases have been made for your in-app things but not what subscriptions the user had),
so to make sure a user didn't lose their subscription I associated their subscriptions to their UID on my server. That way if you deleted the app and re-installed it you could still have access to the subscriptions.
At no point did I use the UID in an attempt to track what the user did or who the user was etc.
Good thing I was planning on decommissioning the app around this time anyway.
(I should note I provided a way to share your subscriptions across different iOS devices, but that just involved entering some completely random ID into your devices that I generated as I didn't want to make the user sign up to something with a username and password)
At the time I developed my app there was no way to ask Apple what subscriptions a user had bought (you can ask Apple what once off purchases have been made for your in-app things but not what subscriptions the user had),
so to make sure a user didn't lose their subscription I associated their subscriptions to their UID on my server. That way if you deleted the app and re-installed it you could still have access to the subscriptions.
At no point did I use the UID in an attempt to track what the user did or who the user was etc.
Good thing I was planning on decommissioning the app around this time anyway.
(I should note I provided a way to share your subscriptions across different iOS devices, but that just involved entering some completely random ID into your devices that I generated as I didn't want to make the user sign up to something with a username and password)
Last edited:
So first apple is getting bitched by adding a unique device id to their api's and now you want to bitch them because of removing it? (actually it's not removed, they just discourage the future use of it)
I think you completely misunderstood what this article is talking about. They're not removing the ability for developers to authorize specific UDIDs to install beta OS's (because they kinda need that ability for legitimate purposes). What they're doing is removing the ability to (or at least making it against the rules to) use the UDID as a means for apps to keep track of a specific user. Instead the developer has to create their owns means of user identification (such as a username/password or something along those lines).
Deprecation is the first step towards removal though. I'd be very surprised if it wasn't marked "removed" in iOS 6. That gives devs a year or so to move away before problems start.
While true...
issue one surely isn't a big show stopper, most people only have one phone and while it won't link to their usage on other devices, you can still build up enough of a profile.
Issue two as you mentioned is a non event now and for the foreseeable future.
Issue three for most users is only an issue every 24 months (fairly standard phone contract length) and I imagine it wouldn't take long to build up a decent profile again.
There is the second hand market which could skew things a bit but I doubt too many devices see a large number of users and I'm sure developers could make data time dependant so that the older data has less influence on any ads etc which would also reflect peoples taste or interests evolving over time anyway. If so you'd build up profiles generally based on the new user anyway as old data is made less relevant.
There is a big issue for any service that uses the UID for automated logins or whatever however and not just ad tracking.
I do totally agree though that there are better ways and I'm glad to see the UID being depreciated for development purposes. That said, while it is available it is a pretty good way to track users usage without requiring them to log into other services. Not perfect, but far from bad as long as you assume that the device will at some point see a new user, evem if its only after two years of use.
Exactly, and I don't want to be tracked unless I give specific permission (by logging in to something). Why advertisers or other apps developers think they have the right to covertly follow me around is beyond me.
So you're saying you're all for being profiled by ad networks without your consent!? Really!? This is exactly why Apple wants this abuse stopped. It's nonconsensual use of my information and an invasion of my privacy.
And where exactly is your proof that Apple uses the UDID for anything other than what it is meant for? Again, Apple doesn't need your UDID, even for its iAD ads. They already have information on you from other sources that you gave them. Google does the exact same thing... You create an account for a Google service and they have your information that they can use to target ads at you, they do not have to share this information with anyone else... How is that different from what Apple is doing? I can't remember ever seeing another ad network post ads all over Google's services.
Also, the UDID is tied to a hardware device, not a person, trying to link the two means a possibility of your data being merged with someone who later owns that device after you no longer own it.
Sorry, but tough **** for OpenFeint. As a gaming network their only course of keeping track of users should be through a voluntary account creation and login by the user who's interested. This applies to EVERYTHING. If I'm interested in the service, I'll sign up for it!
I've only been coding since 1981, starting with BASIC, then 6502 Assembly, then MC68000 Assembly, DOS Batch files, Pascal, C, C++, SmallTalk, Objective C, Javascript, PHP, UNIX Shell scripting, etc... First on an Apple II, then IBC PC, AT&T System V System, Classic Mac OS, Mac OS X, WWW, iOS.
Uh the last time I checked, I've never been able to do a straight copy of code from one language to another across platforms... code across languages is not syntactically the same and API's across platforms are not the same either. You cannot transfer code from one language/platform into another without making changes.
Last edited:
The "old way" was a guaranteed unique identifier for a device. The "new way" is a identifier that may or may not be unique, local to that specific install of the app. If the user deletes and reinstalls the app, you get a new identifier.
The new iCloud APIs can help link data to specific users, but without the UDID there is no way to link data to a specific device. A solution to this would be for Apple to expose a hash of the UDID and the app's bundle ID. This would give developers an adequate replacement without stepping on privacy.
The new iCloud APIs can help link data to specific users, but without the UDID there is no way to link data to a specific device. A solution to this would be for Apple to expose a hash of the UDID and the app's bundle ID. This would give developers an adequate replacement without stepping on privacy.
Would something like this work.
Hi, I don't know much about how targeted Ads actually work but if I was building a system which would track users across Apps the first thing to come to mind would be this.
* Each App generates a random ID of some kind.
* Each time an App is launched and there is an internet connection it sends my database that ID.
* The database stores the IP address of where that ID came from.
I know the IP address will change pretty often, but there must be some level of stability in the IP address so that if a user closes one App and opens another one within, say 30 minutes, the address should be the same.
I don't think it would be that difficult to then scan through this database and calculate the most likely correlation between the different App IDs, and therefore which users are running those Apps.
If this did work you could also track the user when they went into mobile safari and looked at a page you were also tracking.
Anyone with actual knowledge of such systems who can say if that would work?
Hi, I don't know much about how targeted Ads actually work but if I was building a system which would track users across Apps the first thing to come to mind would be this.
* Each App generates a random ID of some kind.
* Each time an App is launched and there is an internet connection it sends my database that ID.
* The database stores the IP address of where that ID came from.
I know the IP address will change pretty often, but there must be some level of stability in the IP address so that if a user closes one App and opens another one within, say 30 minutes, the address should be the same.
I don't think it would be that difficult to then scan through this database and calculate the most likely correlation between the different App IDs, and therefore which users are running those Apps.
If this did work you could also track the user when they went into mobile safari and looked at a page you were also tracking.
Anyone with actual knowledge of such systems who can say if that would work?
Couldn't agree more. But you forgot to tell him to Get Off Your Lawn
I think he means that, maybe the Android API does provide access to the UDID, so all the cross-platform middleware solutions that are so popular these days (Appcelerator, etc.) likely have been exposing this functionality as one of their "least common denominator features", and they no longer can, either 'breaking' those frameworks (which is not the case since the phasing out doesn't seem to be immediate?) or forcing him to hand-code a fix into the Objective-C code that is spit out.
In any case, I believe 'write once, run everywhere' is BS in resource constrained devices like mobile. Each platform has been built on different design trade-offs and has different philosophies behind the design and implementation of its APIs. If you can get away with a cross-platform IDE, you'd better be making a web app.
You still are failing to get it.
Apple runs its own Ad company. iAds.
Apple is able to and sure as hell does collect all those user metrics that other companies collect using UDID. Now Apple does not need to use the UDID to link it all up. They have easier access to other ID that in someways are even worse than UDID because it links even more of your life. They get all the same data that the UDID were giving others plus they can add in the other devices which is not something everyone else can do. If you think Apple is not doing that then you are truly deluding yourself.
Apple is changing the rules to make it even more difficult for competitors to gather useful data. They say they were collecting very useful data with the UDID so they locked it out making it even harder.
This doesn't matter, our apps use device fingerprinting to identify unique devices within a household.
Oh wait, we're not evil. We don't need any of this information. We don't even request users to create an account to use our apps. Heck, all our apps are free - and ad-free.
We're just in it for the fun of using modern technology and enjoying it while we're at it. There are other ways of monetizing a product than having the user be the product, or having the user pay.
Oh wait, we're not evil. We don't need any of this information. We don't even request users to create an account to use our apps. Heck, all our apps are free - and ad-free.
We're just in it for the fun of using modern technology and enjoying it while we're at it. There are other ways of monetizing a product than having the user be the product, or having the user pay.
You are amazing.How is this bad for consumers? Or are you just upset that those poor, little ad companies that are just struggling to make a buck can no longer profile us as deeply and sell our information to the highest bidder?
Lawsuits over the location data issue most likely.
Even though that data never went anywhere it did stir up talk about other things like the UDID. This is likely a preemptive move to shut down any suits before they can start
----------
Exactly. My game can drop a cookie into your phone to track you in my system. Perhaps even linked to a user name. Like I know that game center user mjtomlih is player 12345 in my game. Even if you wipe your phone when you log into game center my system can check the player number system and drop thar cookie on your new setup as if you never left.
But I can't turn my info over to someone that is gathering up info about apps and see that you also play tiny tower, angry birds, have the Netflix app etc
----------
You can bet that any app that supports iOS 5 won't be approved if it is still using UDID.
And it is likely that Apple will move within the next year to force all apps to use iOS 4 if not 5.
How is this bad for consumers? Or are you just upset that those poor, little ad companies that are just struggling to make a buck can no longer profile us as deeply and sell our information to the highest bidder?
So you want it so only Apple can offer ads and use there much larger resources to dig the deepest into your life? It also means fewer free apps.
I think it is funny so many of you put blind trust in Apple. I trust Apple a hell of a lot less than I trust Google and I do not trust Google that much.
The part that you are ignoring is that Apple has our information. iAd has nothing to do with it. We choose to give Apple our information in exchange for their services. Explicitly. Apple has a published privacy policy that I am aware of. What's the privacy policy of the random free app that you downloaded a month ago?
The question isn't Apple OR some other ad company. The question is whether you want just Apple or Apple AND random ad companies tracking you.
Which speaks to your bias and not any real precedent.