Congress and the UDID


More than six months ago, Apple announced to developers that they would begin phasing out apps that use a device’s UDID. But recent pressure from both the media and Congress has seen Apple jump ahead of schedule with this change and start rejecting apps from their App Store.

For those of you who do not know, the UDID, or unique device identifier, is a string of numbers unique to every Apple device. App developers and publishers can use the UDID to track who uses their app and what action they have taken. In addition to this seemingly harmless, and some would argue, vital analytical data, some UDIDs are also being passed on without the consent of the user to various third-party ad networks to create a marketing profile of user habits and preferences, to optimize the placement of advertising.

Apple under fire

It is this third-party data sharing that has placed Apple under scrutiny from a variety of sources. Trouble began back in December of 2010, when a Wall Street Journal investigation discovered that 56 out of the 101 popular smartphone apps were transmitting a phone's unique ID to third-party sources, 47 were transmitting the phones location in some way and five sent personal details to outsiders, including age, gender and other personal details.

Apple has also made some other very public blunders, most notably approving apps for sale in the App Store that violated privacy guidelines by uploading the users’ contact details to the developers’ servers.

Today, the U.S. Federal Trade Commission released a set of recommendations for Congress on the collection and use of consumer personal data. The Federal Trade Commission made it clear that it is concerned about comprehensive tracking of users’ online activities and wants to see “privacy by design” in all apps and web services.

When you combine this set of recommendations with the fact that four days ago, two U.S. House Representatives sent letters to 34 sellers of social apps for Apple Inc.’s mobile devices inquiring how they collect and use consumer data–it is no surprise that Apple stepped up the phasing out of UDID’s.

So what’s so good about the UDID?

* Advertising is a major source of revenue for the app market and the UDID is essential for monitoring the conversion loop and understanding how users react to advertising.

* For developers, the UDID can be used to authenticate which devices and users are allowed access to a beta version of an app, prior to its official release.

* The UDID also provides a reliable way to identify a user between applications without requiring some form of registration or login. For gaming apps, it is very useful in the deployment of scoreboards and anti-cheat systems.

The solution 

For the moment, developers are going to have to stay as flexible as possible and support a variety of ID systems until one universal solution is in place. Some development firms are looking at the MAC address of the Wi-Fi module as a solution to the problem, but this remains unstandardized and shares unique information in much the same way as the UDID, and does not really solve the issue.

Many developers, who already have a tenuous relationship with Apple, say that Apple should update their devices allowing users to generate a random UDID code and associate that code with an iTunes account, granting both optional anonymity of the user and reliable tracking for the developer.

But right now, the problem does not look like it is going to be solved at Apple’s end. Some developers are overcoming the approval process by asking their users for permission before collecting the UDID, much in the same way that Facebook and Android makes it developers show a permissions dialog when a consumer first installs an app. This is tentatively being labeled as a “Band-Aid solution.”

Accurate tracking and conversion analysis has undoubtably made the web a better place. This data allows for healthy competition and without it, it’s harder for a start-up to successfully allocate their marketing dollars. The mobile app market is thriving right now and Apple needs to do everything in its power to preempt problems like this in the future and level out the playing field.