Apple reportedly rejecting apps that access UDIDs

By AppleInsider Staff

As part of a more stringent ruleset regarding customer privacy, Apple has reportedly started rejecting apps which access UDIDs in a practice that will become de rigueur for all review teams.

Citing developer claims, TechCrunch on Saturday reported that Apple has quietly been denying offending app submissions in an effort to ultimately deprecate all UDID access.

A UDID, or unique device identifier, is basically a serial number that a mobile network uses to identify mobile devices like the iPhone and iPad. The 40-character alphanumeric string is not replicated on any other device, making it an ideal form of tracking which is currently used by ad companies, analytics firms and app testing systems.

In August 2011, Apple warned software makers that the company would be killing off UDID access with iOS 5, suggesting that developers begin work on app-specific tracking mechanisms. Removing the feature effectively ends OS-wide user tracking and forces developers to create their own proprietary opt-in identification systems.

The move seems to be in response to mounting concern over privacy issues from Congress and the public. Earlier this week, two U.S. congressmen sent letters to Apple and 33 developers asking questions regarding information collection practices.

According to Andy Yang, CEO of app marketing and monetization platform PlayHaven, a number of developers have seen their apps denied over the past week during Apple's review cycle. Apple reportedly has two review teams actively rejecting UDID-accessing apps with all ten teams expected to follow suit in the coming weeks.

“This is definitely happening,” Yang said. “In the next month or two, this is going to have an impact on all ad networks and apps using advertising. Everybody’s trying to make their own choices about what to use instead.”


Example of an iPad UDID as found in iTunes. | Source: Apple

Ad companies using UDID data to target specific audiences have yet to decide on a comparable alternative, though some are experimenting with MAC addresses and OpenUDID.

“Everyone’s scrambling to get something into place,” said Victor Rubba, CEO of Canadian development company Fluik, “We’re trying to be proactive and we’ve already moved to an alternative scheme.”

Media scrutiny of information gathering systems in iDevices began in April 2011, when it was learned that Apple's previous generation iOS 4 regularly logged location data from iPhones and iPads. The issue came to a head in February when it was revealed that the Path social networking app was uploading users' address book data to its servers without first asking permission. As a result, Apple promised to update its mobile OS to require user permission for apps to access certain data sets.