Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

aperry

macrumors 6502a
Original poster
Jul 12, 2008
600
33
I've restored my iPad a couple of times for various reasons. I've installed Pandora after each restore and each time it automatically loaded my account, without asking me for my username/password.

My question: How does it do this? I would guess nothing is cached, since the restore would wipe this out. So is it identifying my MAC address and automatically logging me in based on that?

That would seem odd (and insecure) to me, since I could return this device to the Apple store and then the next owner would automatically see my Pandora account.
 

aperry

macrumors 6502a
Original poster
Jul 12, 2008
600
33
Nope. Not restoring to a backup. I'm curious if anyone else has tried this.
 

Kahnyl

macrumors 68000
Feb 2, 2009
1,584
2
Some apps use your UDID like a cookie. I've restored fresh multiple times and Pandora always remembers me. I've had other apps do the same.

There was a story years ago about someone who sold their iPhone and the new buyer bought an app, opened it, and some info about the other person loaded.
 

aperry

macrumors 6502a
Original poster
Jul 12, 2008
600
33
Some apps use your UDID like a cookie. I've restored fresh multiple times and Pandora always remembers me. I've had other apps do the same.

There was a story years ago about someone who sold their iPhone and the new buyer bought an app, opened it, and some info about the other person loaded.

I figured it was something like this and I'm surprised. It seems like an obvious security hole and I don't know why they can't cache the encrypted credentials locally (which would be wiped when you restore). Obviously Pandora isn't exactly a mission critical app, but they do have passwords on accounts for a reason.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.