Almost half of iOS apps still access UDIDs, study finds


Forty-eight percent of iOS apps accessed unique device identifiers [UDIDs] in iPhones between Feb. 2012 and Dec. 2012, despite Apple warning developers to stop logging UDID data, a new study by researchers at the University of California, San Diego suggests.

The study is based on anonymous information collected via ProtectMyPrivacy, an app that detects which data other apps on an iPhone attempt to access.

Developers and social gaming platforms once relied on UDIDs (alphanumeric strings unique to each Apple device) in iOS devices to collect personal data about consumers, even building detailed profiles outlining how they use applications. Mobile advertising networks also depended on UDIDs as a campaign targeting tool, tracking consumers from app to app to determine how, when and why they respond to campaigns. Apple first warned iOS developers in August 2011 that it would limit their access to UDIDs, and on May 1, its App Store stopped accepting iOS apps and updates attempting to mine UDID data.

University of California, San Diego research indicates that even after the May 1 cutoff, around 40 percent of apps on iPhones with ProtectMyPrivacy installed still try to access a device's UDID, suggesting either that Apple is not identifying all apps that leverage UDID data or that it's letting some pass despite the rule change. "I think a lot of the apps are still [recording the UDID] just because the API is available," said Yuvraj Agarwal, who led the UCSD study with colleague Malcolm Hall. Article

Filed Under