The Register® — Biting the hand that feeds IT

Feeds

Just how will Apple restrict device-ID snooping in iOS 5?

Apple is planning to phase out unique device identifiers from iOS 5, according to documentation sent out to developers, possibly to stop people worrying about their privacy on iPhones and iPads. Apple developers have been told that the serial number will be "deprecated" in iOS 5.0 and they should "create a unique identifier …

This topic is closed for new posts.
NoneSuch
Unhappy

Each iPhone will still have

an ESN (Electronic Serial Number) which is mandated by the FCC so no great advancement in privacy here.

Chad H.
Thumb Up
Reply Icon

Indeed

You've also still got IMEIs, and MAC addresses on the WIFI adaptor.

ThomH
Reply Icon

Each iPhone will still have a UDID, too

It's just that, like the ESN is now, at some point it won't be accessible to applications. So it can't be used for tracking. So that's a privacy advancement.

Anonymous Coward
Anonymous Coward
Reply Icon

Apps can't read ESN or IMEI

> Each iPhone will still have an ESN (Electronic Serial Number) which is mandated

> by the FCC so no great advancement in privacy here.

I'm reasonably sure that apps can't read those numbers.

Apps can currently read the WiFi MAC address. Don't be too surprised if that goes away too.

ideapete
Reply Icon

The Force

Knows where U are so whasapoint

Jeremy Chappell

Exactly what it sounds like.

This is exactly what it sounds like, "deprecated" means "going away". They can't just pull it, because then applications, that used it, wouldn't work. So essentially developers get told - we're going to pull this, make sure your applications aren't using it when we do.

So a developer can track a specific instance of their application, but nothing else. So you can track your applications on someone's phone (usage data for example) but you can't tell if (as an example) you have multiple applications installed by the user.

Anonymous Coward
Unhappy
Reply Icon

Unfortunately

Unfortunately, unless you have a way of creating a unique but device-specific identifier, doesn't it also mean you cannot tell if an app install is a re-install (and thus, a single instance) or not? Seems like that is an important bit of info.

ThomH
Reply Icon

Slightly better than that

Screenshots on other rumour sites indicate that Apple's suggested replacement is to generate a UUID (aka a GUID or IID) and store that in the user defaults (Apple's anachronistically named store of user preferences, on account of their main purpose in NextStep being to specify the default parameters of new documents).

User defaults are synchronised across devices, so a developer gets to track a single ownership of their application across multiple devices.

ideapete
Reply Icon

Dosent that hurt

when U pull it without telling someone or even when U do

Anonymous Coward
Black Helicopters

@NoneSuch

@NoneSuch I think you mean IMEI.... and it's a very different thing for my mobile network to know I have a certain phone (data needed to operate the network along with the SIM/billing info and which should only be used for such) and some random developer or advertising company who's not been given explicit permission.

Kristian Walsh
Reply Icon

IMEI is the GSM term, the ESN applies to CDMA

The US has two mobile standards. GSM/3G (e.g, AT&T) and CDMA (e.g. Verizon). IMEI, like the SIM card, is a GSM concept and doesn't exist on CDMA.

Anonymous Coward
Anonymous Coward
Reply Icon

@Kristian

Not to be pedantic, but...

"3G" is a group of standards, so it has nothing to do with GSM. CDMA2000 is also 3G.

Also, CDMA does indeed support a "SIM card" (R-UIM), it's just none of the US CDMA carriers want it (for obvious reasons). So it's not a GSM concept.

RichyS
Thumb Up

Sounds like a good thing.

Sounds like a good thing to me.

The problem with universal IDs, is that once somebody has managed to attached personal data to it (e.g. registering with your name and address for a service via your iPhone), someone somewhere now has good information to attach to your UDID.

Your UDID now has some real value, and I can see the someone somewhere flogging this information to other developers/advertisers/dubious characters. UDID being trackable across all apps means a pretty good picture of usage can be built up. Forcing devs to roll their own means there will be many different methods of tracking usage, and this data is of substantially less use and value.

Charlie Clark
Reply Icon

IPv6?

All IOS devices are IPv6 capable and by default Apple doesn't enable the privacy extensions which means the Mac address is available as part of the local address.

M Gale

Translation: "We're better than Google."

How long until "phone status and identity" starts disappearing from the Android list of permissions, or gets changed to something that doesn't involve a device ID?

Still, at least the Google OS tells you when your device is going to be profiled by an app. I don't see a list of permissions anywhere in iOS.

I'm sure people will hail this as a victory for privacy or somesuch, but this still means that Apple are profiling you just as hard as Google ever will.

Phil Endecott
Reply Icon

Re: I don't see a list of permissions anywhere in iOS.

> I don't see a list of permissions anywhere in iOS.

There are a few things that Android asks about when you install an app, which iOS doesn't restrict:

- Network access.

- Battery level.

- Vibrator.

There are a few things that Android asks about when you install an app, which iOS asks about at run time:

- Location.

- Address book access (I think).

Everything else, just isn't allowed at all on iOS:

- Access to the shared filesystem.

- Change homescreen wallpaper.

- Send SMS (I think).

- Deliberately brick the device (yes really! Android apps can do this!)

- Turn WiFi on and off.

- Delete other apps.

M Gale
Reply Icon

Not... quite.

There's a lot of things that third party developers can do with an Android phone. However, Manifest.permission.DELETE_PACKAGES and Manifest.permission.BRICK are both amongst those that you need a signed key either for the device or platform to use. Basically, the only organisations with access to those permissions are going to be your phone manufacturer or Google. Joe Random Developer is not going to be able to accidentally (or purposefully) tell your device to kill itself, nor are they able to uninstall other people's packages.

Send/receive SMS, make phone calls and the others, yes. It's how people make alternative launchers, diallers and the likes.

http://stackoverflow.com/questions/3435316/how-can-i-brick-the-android-emulator

http://stackoverflow.com/questions/3476600/why-are-these-permissions-being-refused

JOKM
FAIL

Enterprise Deployment

Its going to make adhering to the apple license for enterprise deployment difficult if you can't work out which devices are accessing your corporations appstore.

JaitcH
Stop

Why do cell phone manufacturers think thet are entitlrf to data?

All customer data should be deemed private by law, including UDID and SIM information.

Jusy=t because the software and processors in smartphones have the ability to capture and transmit this data doesn't mean they have the right.

I have a simple Samsung slkider phone, in which I had the GPS module disabled, and found out that some d=collected data as mundane as the number of times the slider is operated/used is counted and held in a register.

The trouble with smartphones is that we don't know what data is captured and transmitted by anyone nor where or what the data is used for. It's bad enough having snoop software of cell systems that enables tracked cell phones usage, numbers dialled and message content, be stored and regurgitated at someones whim.

Chad H.
Thumb Down
Reply Icon

Well

If the microprocessors and software in your handset didn't transmit your IMEI, IMSI, SSN, etc, the mobile network wouldn't work.

This topic is closed for new posts.