Apple steps up outreach to developers over moving away from UDIDs
In the wake of a media outcry over giving developers too much access to users’ address books, Apple looks like it is stepping up efforts to close other privacy loopholes too.
We’ve been hearing from developers today that Apple has been reaching out to some of the larger companies on its platform in the last few weeks. Apple has been asking them to move away from using UDIDs or unique device identifiers, a couple developers have confirmed to me.
UDIDs can be used like cookies to track consumers as they move from app to app. Advertising networks can use the data collected through this tracking to target consumers with ads based on their browsing habits. The difference with UDIDs is that they can’t be cleared in the way that cookies can be deleted.
An investigation from The Wall Street Journal last year found that developers were sharing UDIDs with third-party ad networks and other service providers — a potential privacy risk especially if a UDID is tied with a person’s name. Not too long after, Apple said it would deprecate UDIDs and asked developers to start creating unique identifiers that work specifically with their apps.
However, deprecating any feature is a process can take months — if not more than a year — as Apple has to give developers time to change their code base. When Apple originally announced the change in August, there were still deprecated features from iOS 3.0 that were still in use.
With what we’re hearing this morning, however, it seems like Apple wants the developer community to move faster. Developers have been telling us that Apple has reached out to them asking them to move away from UDIDs if they’re still using them in their apps or any third-party libraries.
To replace UDIDs, Apple has some functions here that can create unique identifiers from a string or from a set of raw bytes. Some developers had told us they’re replacing the UDID with the MAC Address, or Media Access Control address, an identifier that’s assigned to networked devices like smartphones or laptops. But that carries most of the same privacy risks that UDIDs do.
February 16th, 2012 at 9:10 pm
UDIDs generally are used to test the game builds on different devices. For tracking there are codes like Flurry etc. If Apple wants developers not to use the UDIDs then how are they going to check the game builds?
February 17th, 2012 at 8:53 am
You state that: “To replace UDIDs, Apple has some functions here that can create unique identifiers from a string or from a set of raw bytes.” But that link goes to a Mac OS X page. Does the same functionality exist on iOS?
February 17th, 2012 at 1:51 pm
Answer: Yes, since iOS 2.0:
https://developer.apple.com/library/ios/#documentation/CoreFoundation/Reference/CFUUIDRef/Reference/reference.html
February 19th, 2012 at 5:02 am
The absence of access to the UDID is going to harm a lot of players in the industry and relying on only some proprietary solutions or analytics firm is not going to be enough. this is why we initiated an open source project called http://openUdid.com which provides more control to developers and users and which work on iOS, Mac apps and Android
February 20th, 2012 at 1:40 am
The other functions mentioned in the article lacks the persistent nature of the UDID (“Unique Device IDentifier”). They are in fact UUID as in “Unique User IDentifier” which may be persistent within a given app, but it’s up to the developer to make it persistent. What’s more, the sandboxing approach makes it hard if not impossible to make that ID persistent across apps.
That is precisely what the industry is using the UDID for – a sort of traceable cookie, just like on the web, to measure things. And sure, the MAC address is a viable alternative, except that it is really really more sensitive than Apple’s own UDID. http://openUDID.com solves the conundrum while Apple cooks up another opt-in mechanism like it should (like GPS/push and more recently promised Address Book access).
March 25th, 2012 at 7:45 am
[...] Apple had already given developers a heads-up about the change more than six months ago when it said in some iOS documentation that it was going to deprecate UDIDs. But it looks like Apple is moving ahead of schedule with pressure from lawmakers and the media. It can take more than a year to deprecate features because developers need time to adjust and change their apps. A few weeks ago, some of the bigger mobile-social developers told me that Apple had reached out and warned them to mo… [...]
March 25th, 2012 at 8:27 pm
[...] 6ヶ月以上前からAppleはこの点についてiOS関連の文書中で、将来UDIDを無効にする予定だとしてデベロッパーに注意を喚起していた。 しかしプライバシー問題について議会やメディアの圧力が高まってきたことを受けてAppleはスケジュールを前倒ししたようだ。UDIDの利用を止めるにはデベロッパーがアプリのコードに数多くの修正を加えることが必要になるので、1年はかかるものと見られていた。数週間前、私の取材に対して有力なモバイル・ソーシャル・アプリのデベロッパーはAppleはUDIDの使用を中止するよう警告してきたと語った。 [...]
March 26th, 2012 at 3:57 pm
[...] there are still depreciated features from before iOS 5.0 in active use — so last month Apple raised the issue again, reaching out to developers to get the ball rolling on the transition away from [...]