iPhone Apps Collect Unique Device ID

Discussion in 'iPhone' started by ericinboston, Oct 2, 2010.

  1. ericinboston macrumors 68000

    Joined:
    Jan 13, 2008
    #1
    A very interesting (and scary!) article and PDF whitepaper on this huge privacy concern. Interesting that it has not shown up on Macrumors.

    -Eric


    http://apple.slashdot.org/story/10/10/01/2154231/Many-Top-iPhone-Apps-Collect-Unique-Device-ID

    "It looks like iPhone users are not immune to the types of data leaks recently discovered on the Android platform. Researchers looked at the top free applications available from the App Store and discovered that '68% of these applications were transmitting UDIDs to servers under the application vendor's control each time the application is launched.' The iPhone's Unique Device ID, or UDID, cannot be changed, nor can its transmission be disabled by the user. The full paper is available in PDF form."
     
  2. LinMac macrumors 65816

    Joined:
    Oct 28, 2007
    #2
    Why is this scary?

    Your UDID is a device ID not a personal ID for you. Many applications require you to register for services which requires you to give personal information.

    Some Android applications were sending back GPS information to advertisers and collecting phone numbers as unique identifiers. This is nothing, but FUD trying to collect viewers.
     
  3. uneek1 macrumors regular

    Joined:
    Jun 18, 2009
    #3
    Yea, I couldn't really care less if a company has my phone ID.
     
  4. ericinboston thread starter macrumors 68000

    Joined:
    Jan 13, 2008
    #4
    Did either of you read the article or the PDF? It's far far beyond just the UDID.

    The apps (that they are referring to) have your real name, and your email, and your geo location from your iphone, as well as your browsing history, and a few other items. Hence this is a privacy concern.

    Until Apple gives the users the power to shut this off and/or clear our own cookies/cache/tracking mechanisms, this is a big privacy concern.

    Read the PDF...it's not that long.

    -Eric
     
  5. MicroApple macrumors regular

    Joined:
    Jul 26, 2010
    #5
    Sorry may I call *************

    UDID is NOTHING PERSONAL.

    For an app to get your GeoLocation, you must approve it...

    As to the bolded part, you can clear cookies, and deleting an app clears any databases and all files with it. In the white paper, it states ABC's app creates a cookie for 20 years. Did Google Gmail, Yahoo, Amazon, MacRumors all create cookies for around 90 years. Why? Cookies can't have an unlimited time frame, so when a user selects remember me, they put in a ridiculously long amount of time so that they will never get logged out.

    "Figure 8: The ABC News app stores the tracking cookie in its application directory,
    not the Safari Cookies folder."


    WTF?! is this ********. Who wrote this paper 5 monkeys and you? An app saved cookies to its app directory and not the safari cookie folder because its not allowed to. And how is saving a cookie ON YOUR PHONE dangerous? Its not even submitting that info. It's saving it for you NOT for them.


    "By setting cookies that don’t expire for several years, companies are able to
    continue to tracking individuals’ data for extended periods of time"


    Last time I checked, cookies were a block of text, not a piece of executable code that can track your every move. This is ********, if this is true than Google is doing the same thing by planting 90 year cookies on your computer, and so can any website so why are you attacking apps.

    "While there is no direct evidence that this data is[/B] being used to physically track iPhone users, it would be trivial to
    implement such a system using a combination of UDIDs and time-stamped IP addresses. The correlation of this
    data with a GeoIP library14 would allow an iPhone user’s approximate physical location to be tracked in real time.
    The iPhone’s hard-wired preference for local wireless networks over cellular data enhances this tracking ability, as
    the phone will only use the cell network for data when it has no wifi connectivity. While GeoIP lookups on cellular
    phone networks generally do not often provide useful location data, lookups on Wifi hot spots are often remarkably
    precise."


    While there is no direct evidence the United States was involved in 9/11 many conspiracy theorists believe there is a direct correlation between it and the United State's obsession with war. Hmm... I read it in a white paper, IT MUST BE TRUE!!!
    First of all no one would ever want to do this, and even they did want to do this, web pages can do the exact same thing can't they now? MacRumors takes your IP everytime you visit a page, meaning it could technically track you. IP tracking is crap, you can't find anyone with it unless you feel like searching around 5 blocks for the person your looking for and then realizing by the time you did it they would have moved somewhere else. And this also requires the app to be open. I don't know many people you keep a game, or an app (thats not GPS, Music, Movie related) open while on the move do you?

    "Figure 11: Examples of applications requesting the iPhone's GPS coordinates during startup
    Figure
    Figure 12: The ABC News app transmits data back to remote servers. In this case, local content, such as
    weather is returned."


    Wow first they dare to ask me permission for my GPS location, and then those damn criminals return me relevant content about my community. Why haven't these people been locked up yet.

    "Since Apple has not provided a tool for end-users to delete application cookies or to block the
    visibility of the UDID to applications, iPhone owners are helpless to prevent their phones from leaking this
    information."


    You want to delete cookies which don't do anything, and aren't even submitted to the server? Go ahead there is a way, it is very simple actually, I can't believe this intelligent writer of this whitepaper couldn't figure it out. Delete the ******** app if you don't trust it enough to keep cookies.
    Oh and aren't we helpless to stop them from reading random numbers from our phones.


    - A Registered Apple App Developer (You sir, disappoint me)
     
  6. Apollo 13 macrumors 6502a

    Joined:
    May 29, 2010
    #6
    All these phones will have security issues. They all run an OS so to think no phone will have security problems is naive.
     
  7. rk1991 macrumors regular

    Joined:
    Dec 10, 2009

Share This Page