Apple Begins Rejecting Apps That Access UDID, Sends Some Devs Scrambling

[Phillip Swanson]

Way back in August of last year Apple notified developers that it would eventually stop allowing apps to access UDIDs (identification numbers unique to each iDevice). Now, Apple has started rejecting apps that access UDIDs and some developers are scrambling for a solution.

According to Tech Crunch, under pressure from lawmakers and the media Apple is moving ahead of schedule in its deprecation of UDIDs. Under normal conditions it can take more than a year to deprecate features as developers need ample time to find solutions and rework their apps.

TechCrunch reported a few weeks ago that Apple told some of the larger mobile-social devs to move away from UDIDs. But, Playhaven, a company that helps developers (more than 1,200) monetize their apps, claims that several of its customers have had apps rejected in the last week.

TechCrunch's sources claim that 2 of the 10 app review teams started rejecting apps based on their access of UDIDs this week. Next week that number jumps to 4 of 10 and so on till all 10 teams are rejecting apps that access UDIDs.

The biggest impact will be on mobile ad networks that track users from app to app and use the information to better understand how users respond to ads. But, the widespread privacy concerns associated with unfettered access to UDIDs appears to pale in comparison to developer inconveniences in Apple’s opinion.

Honestly, it’s tough to feel bad for those scrambling to implement workarounds 7 months after the planned changes were announced, especially when user privacy is involved.

Source: TechCrunch

[expl0itfinder]

Well nhl gamecenter devs, get to working. It always kinda scared me when i saw that big ole number in an app aside from cydia

[klouud]

wouldn't identifying UDIDs help crack down on piracy?

[DnBKiD521]

We knew it was coming ... Or at least I did. I read this months ago and although it didn't affect me, per say; I would have had ample time to figure a solution out before today

[Anthony iPhone]

Why would such identifiable info about consumer devices be given out in the first place

[Maxime Caudebec]

Yeah UDID is way to specific. There are other methods of tracking that are not as detailed as UDID is.

A. If apple continues UDID in the next moth we will hear "oh look apple s apps are insecure the can obtain UDID

B. Oh great now apple took away something that I found useful

Both ways apple gets criticized

[Anthony iPhone]

Apples one main concern was to keep their products secure but instead and ruin that and let developers and iAds have access to info that can track our every movement. They should of never let them have that kind of info.
Apple really screwed up on that one.

[hank197857]

hooray for apple! i'm tired of having to manually delete those tracking bugs. 5.1 no longer has awd_ice. Flurry, you're next!

[swifty7]

that's why I use a firewall, i don't let apps call home.

[Lohand]

that's why I use a firewall, i don't let apps call home.

Amen Brother!

This - ModMyi.com | Firewall iP
Plus
This - ModMyi.com | Protect My Privacy

Equals no worries. Sayin...

PS Oh, and for those interested, don't be weasels. Pay for the damn firewall. RR (aka Yllier) is one of the BEST JB devs around!!

[JPili]

wouldn't identifying UDIDs help crack down on piracy?

How so?

[Eonhpi]

Glad i spoof my UDIDs

[oahz]

How so?

Some apps like Beejive starting using the UDID years ago to blacklist an iPhone from it's servers if it's connecting through a cracked version of the app. That's why there no longer exists cracked version of Beejive because once you're blacklisted, even if you purchase the app it won't work unless you email Beejive with your UDID and iTunes receipt. I'm sure there are other apps that do the same.

[trialnterror]

Good now it'll make magicjack rewrite their app! I had to wait for the iPad (New) cause my iPad 2 I messed up on and got a free number, but when the magicjack came to my house n I set it up I couldn't use it's number on my iPad 2, the dill holes (magicjack support) told me to buy a new device! Arrg! So now if the guy I sold it to wants to use a different number he can't! This is all because of the unique UDID# thanks apple! Question is now they will have to tie it some other way?

[evolution83]

SO glad this is happening. I have a social networking app that actually creates an account that is specific to your UDID; and, while I can always spoof my original, I''ll be glad I won't have to do this for the future. I'd rather be tied to an e-mail and login ID instead of my UDID.

[frogpocalypse]

How devs can make a new identifier:
Just use the WiFi MAC address. This is actually harder to spoof than the UDID in iOS5+ (at least for now)

How devs can make a new identifier that keeps the same length so they don't have to change their backend so much:
SHA1 of the WiFi MAC address

[jOnGarrett]

Apples one main concern was to keep their products secure but instead and ruin that and let developers and iAds have access to info that can track our every movement. They should of never let them have that kind of info.
Apple really screwed up on that one.

No more than Android did, I guess the only real difference is that Android apps "ask" for permissions first and you can decline.

[l4b4hn]

Glad i spoof my UDIDs

How do ya do that?

[toomas]

Amen Brother!

This - ModMyi.com | Firewall iP
Plus
This - ModMyi.com | Protect My Privacy

Equals no worries. Sayin...

PS Oh, and for those interested, don't be weasels. Pay for the damn firewall. RR (aka Yllier) is one of the BEST JB devs around!!

So are these essentially the same? Should I have one over the other or both?

[szr]

wouldn't identifying UDIDs help crack down on piracy?

The problem is, that only works if you could guarantee that someone never changes devices (whether from upgrading or getting a replacement, or have multiple devices), which you can't. Second, it's not impossible to spoof the UDID in order to fool programs. This is a practice some people have been doing with games that associate their online progress with just their UDID, instead of using a proper log-in system.

How devs can make a new identifier:
Just use the WiFi MAC address. This is actually harder to spoof than the UDID in iOS5+ (at least for now)

How devs can make a new identifier that keeps the same length so they don't have to change their backend so much:
SHA1 of the WiFi MAC address

Actually using SHA* or MD5 sums as unique identifiers is not a good idea, as they all have the potential for collisions (that is, given a large enough pool of MAC addresses, it's entirely possible for one to have the same sum as another.)