Last week Apple started rejecting apps that access the Unique Device Identifier (UDID). Developers knew this was coming, but no date had been set for the official rollout. If you've found yourself wondering what the heck a UDID is, or if this change is going to affect you in any way, we've got the answers.
Photo by Marco Arment.
The UDID is a unique alphanumeric number attached to your iOS device. Every single iPhone, iPad and iPod Touch has one. It's pretty simple to track down your own. Attach your iPhone to iTunes, click on the Summary tab, then click on serial number, and it changes to the UDID number. The Wall Street Journal revealed that apps often send your UDID to several databases without your knowledge, and since then the privacy of app usage has been in the spotlight. Up until iOS 5, your UDID was freely available to developers, but Apple warned that after iOS 5.1 was released, it would start rejecting apps that collected this number. The first big confirmation that the rejection process has started came last week when Tweetbot was rejected. Apple has begun to enforce the rules.
But does any of this matter to the casual user? Let's start by taking a look at what information apps had before, what they have now, and what they'll have to do to work around the new rules.
The Main Use of UDID in Most Apps Was to Track Data
The main reason behind Apple's blocking of apps that access your UDID is that, up until now, apps have collected the number without permission from the user. Since each number is unique it means developers and ad networks can verify that you own an app based on that number. Let's take a look at how that information was often used.
The UDID means nothing on its own. Think of it like a driver's licence number without any other info. However, when it's put into a database it can be used to track app statistics. This tracking data is the crux of how ad networks work.
A number of ad services (usually used for free apps) track the data and other apps you have installed on your iPhone based on your UDID and they use that data to target ads. Your number can be stored in a database and the database cross-references the other apps you have installed. For instance, if you have a particular game installed, a shopping app and a few newspaper apps, ad companies can market to you in more specific ways.
Depending on how the database works, your UDID might also be attached to a username, password and social network login. If that information is being sent unencrypted it could be easy to access this information. It's technically just a number, but if it's put together with a database of other information it becomes the glue that holds all that information together.
It's also a way for developers to track your usage of their apps, set up game networks and store a few simple settings. For instance, a UDID might be linked to a set of notification settings or as verification for login information. It's also used in place of login information for a number of multiplayer game networks. If you've ever played a multiplayer game that didn't use Game Center and you didn't need to create a profile, it might have been utilising your UDID.
Are Users Even Going to Notice a Change?
The only change you'll notice is a few minor inconveniences with apps. For instance, in Tweetbot's case, it's a simple push notification setting:
Why did we use UDIDs? We used them only for our push notification services in order to be able to match up a given device to its push notification settings. This allowed us to restore push notifications settings after Tweetbot was deleted and re-installed. With this new change in place this is no longer possible, if you delete and re-install Tweetbot you'll have to setup your push notification settings again.
Most other apps rely on UDID to track equally insignificant data or as a kind of user token to verify settings. Ad networks, however, are a completely different story. As mentioned above, ads that track purchases across multiple devices are the primary uses for UDID. For the user, this change could mean you'll be asked to agree to give your ID away when you download ad-supported apps. It also means some apps may require you to create new login information since they can't access your device's number.
However, with the integration of iCloud and Game Center, settings configurations like the one mentioned above for Tweetbot shouldn't be an issue. Most apps are able to store settings in iCloud and save your data that way. As a user you probanly won't notice much of a change in the core functionality of any apps. But if you are asked for access to your UDID and you care about privacy, take a second to consider if you want to hand that information over or not.