back to article Just how will Apple restrict device-ID snooping in iOS 5?

Apple is planning to phase out unique device identifiers from iOS 5, according to documentation sent out to developers, possibly to stop people worrying about their privacy on iPhones and iPads. Apple developers have been told that the serial number will be "deprecated" in iOS 5.0 and they should "create a unique identifier …

COMMENTS

This topic is closed for new posts.
  1. NoneSuch Silver badge
    Unhappy

    Each iPhone will still have

    an ESN (Electronic Serial Number) which is mandated by the FCC so no great advancement in privacy here.

    1. Chad H.
      Thumb Up

      Indeed

      You've also still got IMEIs, and MAC addresses on the WIFI adaptor.

    2. ThomH

      Each iPhone will still have a UDID, too

      It's just that, like the ESN is now, at some point it won't be accessible to applications. So it can't be used for tracking. So that's a privacy advancement.

    3. Anonymous Coward
      Anonymous Coward

      Apps can't read ESN or IMEI

      > Each iPhone will still have an ESN (Electronic Serial Number) which is mandated

      > by the FCC so no great advancement in privacy here.

      I'm reasonably sure that apps can't read those numbers.

      Apps can currently read the WiFi MAC address. Don't be too surprised if that goes away too.

    4. ideapete

      The Force

      Knows where U are so whasapoint

  2. Jeremy Chappell

    Exactly what it sounds like.

    This is exactly what it sounds like, "deprecated" means "going away". They can't just pull it, because then applications, that used it, wouldn't work. So essentially developers get told - we're going to pull this, make sure your applications aren't using it when we do.

    So a developer can track a specific instance of their application, but nothing else. So you can track your applications on someone's phone (usage data for example) but you can't tell if (as an example) you have multiple applications installed by the user.

    1. Anonymous Coward
      Unhappy

      Unfortunately

      Unfortunately, unless you have a way of creating a unique but device-specific identifier, doesn't it also mean you cannot tell if an app install is a re-install (and thus, a single instance) or not? Seems like that is an important bit of info.

    2. ThomH

      Slightly better than that

      Screenshots on other rumour sites indicate that Apple's suggested replacement is to generate a UUID (aka a GUID or IID) and store that in the user defaults (Apple's anachronistically named store of user preferences, on account of their main purpose in NextStep being to specify the default parameters of new documents).

      User defaults are synchronised across devices, so a developer gets to track a single ownership of their application across multiple devices.

    3. ideapete

      Dosent that hurt

      when U pull it without telling someone or even when U do

  3. Anonymous Coward
    Black Helicopters

    @NoneSuch

    @NoneSuch I think you mean IMEI.... and it's a very different thing for my mobile network to know I have a certain phone (data needed to operate the network along with the SIM/billing info and which should only be used for such) and some random developer or advertising company who's not been given explicit permission.

    1. Kristian Walsh Silver badge

      IMEI is the GSM term, the ESN applies to CDMA

      The US has two mobile standards. GSM/3G (e.g, AT&T) and CDMA (e.g. Verizon). IMEI, like the SIM card, is a GSM concept and doesn't exist on CDMA.

      1. Anonymous Coward
        Anonymous Coward

        @Kristian

        Not to be pedantic, but...

        "3G" is a group of standards, so it has nothing to do with GSM. CDMA2000 is also 3G.

        Also, CDMA does indeed support a "SIM card" (R-UIM), it's just none of the US CDMA carriers want it (for obvious reasons). So it's not a GSM concept.

  4. RichyS
    Thumb Up

    Sounds like a good thing.

    Sounds like a good thing to me.

    The problem with universal IDs, is that once somebody has managed to attached personal data to it (e.g. registering with your name and address for a service via your iPhone), someone somewhere now has good information to attach to your UDID.

    Your UDID now has some real value, and I can see the someone somewhere flogging this information to other developers/advertisers/dubious characters. UDID being trackable across all apps means a pretty good picture of usage can be built up. Forcing devs to roll their own means there will be many different methods of tracking usage, and this data is of substantially less use and value.

    1. Charlie Clark Silver badge

      IPv6?

      All IOS devices are IPv6 capable and by default Apple doesn't enable the privacy extensions which means the Mac address is available as part of the local address.

  5. M Gale

    Translation: "We're better than Google."

    How long until "phone status and identity" starts disappearing from the Android list of permissions, or gets changed to something that doesn't involve a device ID?

    Still, at least the Google OS tells you when your device is going to be profiled by an app. I don't see a list of permissions anywhere in iOS.

    I'm sure people will hail this as a victory for privacy or somesuch, but this still means that Apple are profiling you just as hard as Google ever will.

    1. Phil Endecott

      Re: I don't see a list of permissions anywhere in iOS.

      > I don't see a list of permissions anywhere in iOS.

      There are a few things that Android asks about when you install an app, which iOS doesn't restrict:

      - Network access.

      - Battery level.

      - Vibrator.

      There are a few things that Android asks about when you install an app, which iOS asks about at run time:

      - Location.

      - Address book access (I think).

      Everything else, just isn't allowed at all on iOS:

      - Access to the shared filesystem.

      - Change homescreen wallpaper.

      - Send SMS (I think).

      - Deliberately brick the device (yes really! Android apps can do this!)

      - Turn WiFi on and off.

      - Delete other apps.

      1. M Gale

        Not... quite.

        There's a lot of things that third party developers can do with an Android phone. However, Manifest.permission.DELETE_PACKAGES and Manifest.permission.BRICK are both amongst those that you need a signed key either for the device or platform to use. Basically, the only organisations with access to those permissions are going to be your phone manufacturer or Google. Joe Random Developer is not going to be able to accidentally (or purposefully) tell your device to kill itself, nor are they able to uninstall other people's packages.

        Send/receive SMS, make phone calls and the others, yes. It's how people make alternative launchers, diallers and the likes.

        http://stackoverflow.com/questions/3435316/how-can-i-brick-the-android-emulator

        http://stackoverflow.com/questions/3476600/why-are-these-permissions-being-refused

  6. JOKM
    FAIL

    Enterprise Deployment

    Its going to make adhering to the apple license for enterprise deployment difficult if you can't work out which devices are accessing your corporations appstore.

  7. JaitcH
    Stop

    Why do cell phone manufacturers think thet are entitlrf to data?

    All customer data should be deemed private by law, including UDID and SIM information.

    Jusy=t because the software and processors in smartphones have the ability to capture and transmit this data doesn't mean they have the right.

    I have a simple Samsung slkider phone, in which I had the GPS module disabled, and found out that some d=collected data as mundane as the number of times the slider is operated/used is counted and held in a register.

    The trouble with smartphones is that we don't know what data is captured and transmitted by anyone nor where or what the data is used for. It's bad enough having snoop software of cell systems that enables tracked cell phones usage, numbers dialled and message content, be stored and regurgitated at someones whim.

    1. Chad H.
      Thumb Down

      Well

      If the microprocessors and software in your handset didn't transmit your IMEI, IMSI, SSN, etc, the mobile network wouldn't work.

This topic is closed for new posts.

Other stories you might like