UDID identifiers could be used to link iPhones to their users. Photo: Cult of Mac
Apple has long been outspoken about the measures it goes to to keep your iPhone secure, but new documents leaked by whistleblower Edward Snowden demonstrate how the British spy agency GCHQ was able to carry out “realtime tracking of target iPhones” — by compromising users’ computers.
Rather than directly targeting the iPhones, GCHQ agents focused their attack on the computers with which the iPhones were synchronised, enabling them to access much of the data stored on the handset. The method took advantage of flaws in Apple’s UDID (unique device identifier) system, which issued a unique code for every iPhone, linking it with its owner.
The iPhone tracking report was handed over by Snowden to a group of nine journalists — including Laura Poitras, the filmmaker behind the acclaimed documentary Citizenfour.
In the words of Apple itself, iOS 7 is the biggest change to their mobile operating system since the introduction of the original iPhone back in 2007. It’s more functional then ever, it’s prettier than ever: it’s the very definition of digital design purified and clarified down to the very basics of form merged with function.
Understandably, that means that many people are tempted to install it on their devices, either by forking over $99 for an Apple developer account or paying five or ten bucks to someone online to register your UDID for you.
We know it’s hard to wait, but you really shouldn’t do it. Here’s why.
Apple has warned developers for nearly a year that apps should not use UDIDs, and that they will be rejected in the future. A deadline has finally come on UDID apps, as Apple just announced they will reject any apps that use UDIDs starting on May 1st.
Another stipulation on Apple’s deadline, is that all apps must support the iPhone 5’s 4-inch display too. Here are the full notes on the deadline:
Apple has been historically fickle about how it lets marketers and developers track iOS users through apps downloaded from the App Store. After all of the privacy concerns were raised about the UDID device identifier back in 2011, a better solution never presented itself.
Apple eventually introduced its own Advertising Identifier for iOS device tracking purposes, but marketers still favored the unique, permanent nature of the UDID. The UDID worked so well because it was a device-specific identifier that could never be changed. Athough developers were technically banned from using the UDID to track iOS devices more than a year ago, many, many apps still use the deprecated method today.
Apple is reportedly starting to reject apps that use web cookies to track user activity in iOS. Could this mean a reinvigorated push towards the Advertising Identifier again?
It seems Apple’s problematic new Maps app was discouraging a lot of people from upgrading to iOS 6, the Cupertino company’s latest software. But now that Google Maps is official available as a native iOS app, there’s nothing to stop users from finally performing the upgrade. In fact, its arrival boosted iOS 6 adoption by 29%.
Apple released iOS 6.1 beta 3 to registered developers yesterday, but unless your iOS device’s unique identification number (UDID) is registered with Apple’s developer program, you can’t install it. But don’t worry, we can tell you everything that’s new in this version, including some changes to iCloud setup and Passbook sample cards, new mobile-cellular data options, and more.
With iOS 6, Apple has officially deprecated the UDID as a valid means for advertisers to track app users. The UDID functioned sort of like a Social Security Number for your iPhone, allowing advertisers and third parties to track your behavior across multiple apps… a troubling privacy concern for many. But UDID tracking also had many beneficial advantages, like allowing developers to troubleshoot crashing apps and the like, which inspired some third-parties when their many companies started releasing their own alternatives to UDID.
Apple wasn’t going to leave advertisers and developers without an alternative to use in their apps, though. New in iOS 6 is two new IDs: IDFA and IDFV. Yes, both IDs still track you, and the IDFA is specifically used by advertisers to collect data on you. But the good news is that this tracking can easily be turned off, and it’s much less invasive than the UDID.
But just because you’re the leader of the Free World doesn’t mean you’re not susceptible to AntiSec hacks too. The UDID for President Obama’s iPad may or may not have been among the more than 1 million UDIDs the AntiSec leaked this morning from the FBI’s databases.
You have to wonder if they felt a storm coming, as today, the hacking group AntiSec has released more than 12 million UDIDs that they managed to recover from an infilitrated FBI laptop. And your device ID — along with everything you did with the iPhone, iPod touch or iPad associated with it — might just be one of them.
iOS 6 beta 3 has been available to registered developers for a matter of hours, and already the software has a tethered jailbreak courtesy of the iPhone Dev-Team. Like previous beta jailbreaks, however, this will not install Cydia on your device.