iPhone UDID raises data privacy issues

In a recent paper, Smith said that the UDID, developed by Apple to enable application developers to identify the iPhone being used for storing application preferences or video game high scores, creates a “tempting opportunity” to use the information as a tracking agent or to correlate it with other personal information in “unintended ways”.

According to a survey conducted by the author, 68% of iPhone applications transmitted UDIDs to servers owned by the vendor or an advertising partner each time the application was launched. Furthermore, 18% of the applications encrypted their communications so that the researcher was unable to determine what type of data was being shared.

The iPhone UDID is often accompanied by information that provides the identity and location of the person using the iPhone. That information includes the user’s real name or user ID, as well as the time-stamped IP address and GPS coordinates.

“Privacy and security advocates, personal iPhone owners, and corporate iPhone administrators should be concerned that it would be feasible – and technically, quite simple – for their browsing patterns, app usage, and physical location [to be] collected and sold to unintended customers such as advertisers, spouses, divorce lawyers, debt collectors, or industrial spies. Since Apple has not provided a tool for end-users to delete application cookies or to block the visibility of the UDID to applications, iPhone owners are helpless to prevent their phones from leaking this information”, Smith warned.

The iPhone’s UDID is similar to the Pentium 3’s processor serial number (PSN), which created controversy in 1999 concerning the threat to privacy it posed, he said, adding that surprisingly the iPhone UDID has not created a similar controversy.

“Since UDIDs can be readily linked to personally identifiable information, the ‘Big Brother’ concerns from the Pentium 3 days should be a concern for today’s Apple mobile device users as well,” he said.
 

What’s hot on Infosecurity Magazine?