I don't understand
Why should I be concerned a developer knows my UDID? What is the threat to me? Someone please enlighten this naive fool.
A large number of applications that run on Apple's iOS collect serial numbers that uniquely identify the hardware device, according to a study that warns the practice could compromise users' privacy. Apple bills the UDID, or Unique Device Identifier, as a tool for developers to identify iPhones, iPads, and iPod touches when …
The idea is that I can know your UDID and any other personal information you might enter in the app. Then when you use another app with the same UDID, that developer will already know it and ask for some more little bits about you to add to our database, because, as is widely know, there is a large network of evil app developers that make 99% of the applications in the App Store. We all share this data amongst each other and eventually, we have enough on you to steal your identity and get a home loan in your name, so we can build an underground lair, put "lasers" on the moon and hold the UN ransom for ONE HUNDRED BILLION DOLLARS!
Either that, or you'll get some more precisely targeted ads
Seriously, this has been going around ever since cookies were introduced. I can't for the life of me figure out why people think their privacy is invaded when a soul-less algorithm knows some of their likes and dislikes.
Can all those concerned please post some real-life, practical exploits? Either that or STFU.
Cookies are invasive enough but the data they provide is far from complete.
On a smartphone the data that is accessible is far greater, more accurate and more current. Your addresses, your numbers dialled, etc. are all available to the deviant App writer, as well as the contents of certain documents.
All these snippets can add up to a treasure trove which can be used for reasons you know nothing of and without your approval.
One of the most revealing sets of data is your GPS location, far more useful than the cell you are connected to or the WiFi signals that are within range. Using cell identities for location is very inaccurate give the varying cell sizes and vagaries f radio transmission.
If you are happy walking around like Lady Godiva < http://en.wikipedia.org/wiki/Lady_Godiva > with all your secrets open to view by persons unknown, relax and ignore concerns many other people have.
Meanwhile, I will happily continue to use my 7 year-old Mitsubishi cell phone, which makes great calls and e-mails, but can't detect where it is but provides great privacy.
The secret to real privacy is to have most everything out in the open. Let them build up an apparently complete picture of your lifestyle, doing all the mundane boring shit that people do day to day.
Then, when you want to go off grid to assassinate the president, no-one will realise until it's far too late.
"Meanwhile, I will happily continue to use my 7 year-old Mitsubishi cell phone, which makes great calls and e-mails, but can't detect where it is but provides great privacy."
...but it's worth saying again here: man, do I love my dumbphone. I'll stick with my trusty four year-old Samsung, thanksverymuch. Hell, this little sucker doesn't even send email.
The only people who can track your location are the cell companies and distributors of GPS apps. Apple VERY tightly controls app vendors who connect to the GPS API (as well as other restricted APIs) and further all these companies have to be US based and are subject to US PII data collection and storage laws.
Can the government get your GPS locations? sure, with due process alone, not even a warrant. Know what? that's a pretty big hurdle. Getting your location data from a cell company is easy, sure, for a cop at a dedicated system with the right software, an open case number, and permission from his budget office (because its expensive). Cops don;t jsut look someone up willy nilly, that data is audited by external agencies and privacy groups alive, not to mention IA and their own boss. Touching that data without cause for an active case can get a cop put in jail for years (and it has happened). They're VERY cautious about accessing such data. They don't look up their coworkers wives locations to see if they're cheating like you see on TV... Besides, if a cop wants to find you, they already have your home and work address, that of your kids schools, immediate family, your bank, PO box, and more. If they could not get a GPS or tower lock on you, they'de just wait for you somewhere they know you'll be. Thats why tracking data requires no warrant today (it still requires due process, and if that process if not follwoed, its still completely inadmissible, and illegal to have collected).
There's so fucking much protection against authority abusing your data in this country its absurd. Police departments get hit for million dollar fines for simply accessing what they should not. Its not a slap on the wrist, it;s cops being ripped from their families, thrown in prison, careers ruined, bad shit, on top of county or city budgets taking massive hits. They do NOT permit unauthorized access to your cell phone, GPS, or other data without a damned good and well documented reason on an open case.
That said, without that tower location service, and with your insistence on using old phones that don't support it, good luck getting quick help from 911 when your car is in a ditch... those same cops who you make it mor difficult (but far from impossible) to trace won;t be able to find you when you;re dying either.
Oh, and as for all the nut jobs who think they're tracking all your GPS movements, purchases, and mroe, and catalogging that in some giant data mining system to cross reference the activity of every american: HaHaHaHa. Do some math assholes. Currently (last I checked) State Farm had the largest privately owned data center in the world. Tens of Billions per year spent of data systems and server, to store nothing more than your policy elections, property information, payment history, and claims filed. That's it... Less than 1MB of data typically per policy holder, and that's the largest single datacenter in the world not owned by a government. The IRS dwarfs that, and they only contain your tax records. They had a grand idea a few years ago to centralize all the public school records in a national database; guess what, just your kids grades and other school documentation was more data than any system conceived could be built to support. Do you really think a database of every call, transaction, and just your within 5 mile accurate location on a 15 minute interval could possibly be stored, let alone find a CPU big enough to MINE it??? Then there's the nodes to actually collect the data, and the software costs on integrating into literally thousands of distinct and custom systems? IT IS NOT POSSIBLE WITH ANY KNOWN TECHNIOLOGY.
I know the government isn't monitoring you for 2 very real reasons: 1, it;s not possible, not at any price that could be hidden (orders of magnitude of our total military anual spending) and 2 I work in many, many governemnt datacenters and ISPs as a security contractor and systems analyst and no such connections exist, other than do do a single data lookup (and get charged per transaction), with maximum numbers of look ups per period of time possible over that connection.
You may have heard numbers like the LA county police performed some 80,000 cell location lookups just with one phone company in a year. Wow, that sounds bad, until you find out that those 80,000 lookups were for about 250 individuals... since each individual snapshot-in-time lookup is a) charged for and b) only valid for that split time, and c) not real-time, it just displays it on the screen. They got billed more than $500 per click too. ...and that data was audited and made public.
YOU ARE NOT BEING WATCHED (unless there's a reason for it, in which case, trust me, it's MUCH better to be found easily and go willingly, and explain things, and be found to be innocent, than hunted and fight the system. If they have evidence they believe points at you, and you believe it doesn't, get a lawyer and ride the system.
Really, think about it, all the KNOWN criminals still on the street we don't have the money and manpower to hunt down and they would give a shit about you WHY exactly?
1st, they have to code against the API to get data such as your call history, and they better have a damned good explanation for apple as yo why they're using it, and more so why they're transmitting it.
Next, if they're collecting PII, they're covered under SAS and other federal regulation (and likely state laws as well). They're a BUSINESS. They collect that data for business purposes. Their personal information is on file with apple (including bank account information), and they're very easy to track down by authorities if they abuse PII laws.
finally, the vast majority of UUID use in iDevices is simply to allow access to an online service for identified purchasers of the app. They don't need your personal data to know you bought it, just your UUID. However, they could jsut as easily use the SIM code, MAC address, phone number, serial number, or any other code they simply MAKE UP. Even if you create your own username and password, guess what, that's a code to store PII by!!! If they have to authenticate, they have a code to use for you.
The government restricts using national or state identifiers, and credit account information, as account IDs with 3rd parties. You can't use my DL number, SSN, license plate, or a bunch of other restricted codes because that also might give access to an alternate data system. However, a mundane unique ID like an address, e-mail, phone number, serial number, etc is not in use by a bank or agency and is thus acceptable to use for ID purposes.
Yes, this information can be used to locate you. They can do the same simply by looking up your property tax records (which are PUBLIC RECORD MATERIAL!) You can ditch a device if you've had an identity theft issue, changing the UUID, change your accounts, cancel your accounts, and more. Your GPS data is only shared if you LET it be shared (you;re prompted by each app, but more over, Apple VERY strictly monitors who uses the GPS APIs and even more tightly if those apps also send data as well as receive it from the internet. All these companies are back checked, and trust me, as an IT analyst, the government is all up in their shit with system and security audits. Call history data is not accessible on the iPhone by 3rd party apps (except VoiP apps that maintain their own call history, but they already not only have that in their servers, they're required by LAW to keep that data).
... and WHO CARES if a company knows where I am? and has my address and a few phone numbers. They can't share that data without my permission. Do you really think some company that developed an apple app, went through a background check as a dev, gave apple their contact information and bank routing data, is really doing to steal your PII just to do what, contact you?
If you;re putting your GPS data on a social site, that's your problem. If a 3rd party company who has a GPS app tracks that data, apple would have confirmed they had a damned good reason to do so. If apple finds out they're keeping data needlessly (as they have in the past) they drop the dev, stop payment on due funds, and report them to authorities (as they have done). Since all US distributed apps are US based companies with US based servers, we're so rediculously protected by outr own laws this is really a non-issue. It;s not credit card data, it;s not SSNs, its generic data that in many cases is already of public record or not restricted by the US Office of Budget Management.
>just your UUID. However, they could jsut as easily use the SIM code, MAC address, phone number, serial number, or any other code they simply MAKE UP.
Yep they could just as easily make one up, but using a unique ID associated with your hardware and the subsequent activity DB assembled has a lot more value to third-party miners than the dollar-fifty less 30% in App Revenue.
> they better have a damned good explanation for apple as yo why they're using it
How pray tell will Apple know whats contained in an encrypted call home? Interesting contrast to Android moans of previous weeks, where the supposed security experts just had to look at the permissions requested by an App on install. Inorder to find out what info is shared on iOS you have to resort to packet sniffing, though in this research it seems even that didn't provide the answers with several popular Apps due to crypto.
"Meanwhile, I will happily continue to use my 7 year-old Mitsubishi cell phone, which makes great calls and e-mails, but can't detect where it is but provides great privacy."
Well, if you think that, then you're an idiot. Your dumbphone -- or more importantly, your network operator -- always knows where you are.
In the UK, this data is stored an is accessible by Plod, local authorities, and pretty much anyone else under dubious NuLab legislation. IIRC the total requests (not necessarily location based data, but requests for information nevertheless) for one network of which I have some knowledge is around 15,000 every single month.
Frankly, I'd rather some two bit developer knows some anonymous information about me, rather than my operator knowing who I am, where I live, my credit card and bank details, who I call, who calls me, where I am all the time my phone is on, /and/ will hand all this over to some random punter in my local council at the drop of the hat.
But yeah, good luck with your crappy Mitsubishi cell phone.
So you don't have to speculate about how smartphones work. No, apps do NOT have access to "your addresses, your numbers dialled [sic], the contents of certain documents, your GPS location" etc. Apps on the iPhone are sandboxed and have extremely limited access to personal information.
@"Why should I be concerned a developer knows my UDID"
That is exactly like saying, why should people be concerned about loss of privacy? The simple answer is because loss of privacy gives others more power to abuse us for their gain. The whole point of spying is what they can then do with that knowledge either themselves or by selling it to others who can exploit that knowledge ultimately providing them with a means of manipulation and coercion against us, plus when combined with ever more law changes it provides a selective way to punish targeted groups the governments want to manipulate.
You become a product the corporations sell to governments in return for corporate profits and corporate concessions from the governments.
Yet there has always been very good reasons why throughout history, people all around the world have tried very hard to protect their privacy, liberty and freedom from state interference. Fail to learn from history and we walk right back into the same problems again, only this time, with the power of ever better technology, the state is becoming more powerful than at any time in history and yet the people in power have shown countless times how their kind cannot just be trusted with ever increasing power. Their actions have to be policed or they become part of the problem. Yet they are amassing more power than at any point in history.
But then AC I'm sure you know this. At this point, your ignorance simply isn't plausible, so either you are a troll, a moron, or a PR/marketing sock puppet Shill. Whatever the case, your kind are the enemy within society who work and manipulate against the rest of us for your own gain.
"But then AC I'm sure you know this. At this point, your ignorance simply isn't plausible, so either you are a troll, a moron, or a PR/marketing sock puppet Shill. Whatever the case, your kind are the enemy within society who work and manipulate against the rest of us for your own gain."
Jesus, switch to decaf before you hurt yourself.
True - but a phone is always going to lead to an individual; a MAC address is the same for any logged-on user. Granted, that's quite possibly the same person each time but I don't know if *any* software houses store personal data (e.g. your latest BMI-busting diet performance, gaming preferences and the like) against something as variable as a MAC address. For one thing, your preferences wouldn't follow you from office to home PC and back...
In this case, Mac appear to be promoting this as a personal identification key and I suspect data stored against it will contain some useful things to know if you're suitably-minded to abuse them.
Fail - but I imagine the intention was to create a useful way for remote data to be linked back to the correct device. No one could ever possibly steal it because Steve says you're not allowed to - so what's the harm? Okay, that last bit was a joke.
The vast majority of computers are used by a single individual, or a family. Either way, PII associated with a machine address will lead you to an individual wither at a home, business, or if on a wireless network a remote location. PCs are more likely to be used by more than 1 person, but a laptop, PDA, phone, tablet, e-bookl reader, etc, are almost allways personal devices. More over, it;s NOt the person using it that we care about, it;s the ACCOUNT of the primary user we care about. Thats exactly the point, if I DID pick up your device, and it was unlocked, i might theoretically gain access to your PII. We're not worried about THEM having your PII (that's not even restricted, let alone illegal, it;s only restricted in how they store it, and how they share it, not in its collection in general), we're worried about other people having access to it. That's already covered by a whole slew of state and federal data protection laws. We don;t need a new one.
Besides, you need an account on someone's system. Whether they use a machine ID, or a username and password ,guess what, there's still PII behind that account ID. So long as they're not using an account ID that is also valid for other PROTECTED data (SSNs, bank accounts, etc), the Office of budget management doesn't care. To be precise, your home and work addresses, e-mail, and phone number are NOT EVEN PII! They're PUBLIC RECORD unless you have them redacted (and they;re only redacted from the records you specify, not universally, and not all records can be redacted).
The use of the UUID by vendors is a simple and reliable system for allowing a paid-for app to access a server for content while blocking illegitimate installations. A user and password is equally usable, but is far more complicated to implement and has it;s own security implications (worse since even most IT admins don;t follow proper cross-service account security practices and re-use user names and passwords all over the place). A UUID is tied to a device, not a person like a SSN or licence plate or tax ID. If there is a breach, simply replacing the device (which under federal law would be at the expense of the violating company, not you), and the UUID is now unique again. Take away this ID, and they'll use another one. If you force them to make one up, then changing the device does NOT change the association, and that's worse.
Do you understand the results of implementing this ban on using IDs? They'll make up another one, and it will be less secure and more tied to you personally.
The PDF mentions Twitter, Amazon and facebook by name. I didn't see others called out.
But these apps are USELESS for their intended purpose without identifying information. Twitter is where you post YOUR thoughts for the world -- or your four thousand intimate friends, anyway -- to see. Amazon exists for the sole purpose of sending books, televisions or MP3s to you, in exchange for some sensitive financial info & permission to draw on the accounts. You don't want to be ID'd when you link in? Why link in, then?
Come back with some more questionable examples of apps that want to track you. Every one of these, the user would refuse to use if the app DIDN'T track you.
Keep the comments coming, all sounds good to me. This does feel like a weak article, at best - and buried in the paranoia is a nice comparison to the data android leaks, which to my mind looks rather more comprehensive!
Do keep writing these though reg, it's important we stay vigilant as this is an emerging threat - these devs are chip chip chipping away looking for revenue based on selling databases of personal information, esp in the mobile sphere.
We salute your vigilance.
"these devs are chip chip chipping away looking for revenue based on selling databases of personal information, esp in the mobile sphere"
Yes, and after that we're coming for your children. Then your pets.
You have a choice, you can have free stuff and give up some private data. Or you can pay for shit.
That's what it amounts to in crude economic terms. Facebook (e.g.) sells your data because you don't pay them. Period.
Err , no - a MAC address is not unique - I have three PCs and an ADSL modem, all with the same MAC address, which, while it changes from time to time, is of the general structure 00000000000x, where x is a hex value.
Tell me your MAC address and I'll happily use it on the internet - after all, you're the one who bought the machine with that address registered to it, so why would I worry?
From the source paper : "Since our study focused on applications which are available free of charge, it was not surprising to find that a large portion of the UDID leakage we observed was directly tied to advertisements and advertising networks."
Yes. Naturally. If you do not wish to swap actual money for stuff, you are going to end up swapping something else that has value. Few things are truly free, and certainly not when they're ad supported.
Like the Andorid scare paper that we saw last week, I'd have a lot more time for the numbers if there had been a proper selection of apps.
Likewise, most of his actual privacy concerns seem to involve private data sharing by third parties who already know who I am, long lived cookies and network interception.
None of those are platform bound, though. The cookie thing is interesting, in that the ABC app he's singled out is quite deliberately avoiding the usual cookie handling mechanism, presumably in order to dodge having it's cookie deleted. The reason that there is no access to "application cookies" is that applications are supposed to use the global storage mechanism, which is amenable to a (rather coarse IMO) acceptance policy and can be deleted.
There is of course no method to enforce this, and I doubt there can be as long as the app can read the incoming HTTP stream. This will always be a possibility if the app is allowed local storage, it could still save any old shit it wants.
I wouldn't be at all surprised to see Apple start waving the banhammer again, they're particularly sensitive to people blaming them for nasty shit that third parties do, but then again, how do you actually police what an app sticks in local storage ?
Cue the haters, who have no doubt already dribbled pointless ill informed bile all over the comments just while I've been typing this.
The operating system should not return the unique ID of the handset directly, but something hashed against the application developer's key, in such a way that every application gets a unique and constant ID for the handset their application is running on, but these keys are entirely different to keys that other developers would get, so no way for developer X and developer Y to share data and compare users habits.
a MAC address is just another machine ID that is unique to each device, and readily accessible... as is the SIM ID.... Either of these are just as dangerous, and are equally exposed on EVERY phone.
Face it, the UUID itself is NOT associated with a person, a person is associated to perhaps many UUIDs. The UUID can also be easily changed, by changing the device, and there is no formal notification to anyone that a UUID has been changed. Yes, on a single device, an app could choose to use the UUID as an account number of sorts, and use that ID as a database reference to where actual personal information might be stored on their servers via the app. However, that collected data can not be easily shared, and other apps will have no access to PII saved on someone else's servers. The UUID is just a convenient (and not illegal to use) ID code that can be used in leiu of making users explicitly create an account and account number (which would then be equally as traceable!).
Guess what, no matter WHAT unique ID they use for your account number, they have to have an account number to have access controls in place. If they store personally identifiable information (a combination of data identified by the Office of Budget Management that could be used to physically locate or identify an individual with accuracy), then their data centers are subject to a whole slew of federal and state regulations about PII data handling and security, how they have to notify the user of it;s collection, how they're allowed to share it, and what they have to do if they have a data leak. At least we know that apple restricts such apps to be US based for US app sales, thus ensuring US Law is protecting users of the device here (same in the EU). There are no apps in the US app store that use international based servers for storage of PII.
That said, PII is nowhere NEAR as protected as Medical, credit, banking, or other information (like SSNs). Most information considered PII is actually PUBLIC RECORD! (tax records, phone book records, real estate purchase records, and more). Things protected as strict PII are license plate, SSN, drivers license number, credit card numbers, fingerprints, signatures, genetic profile, birthdate (in combination with full name or name and place of birth), and other nationally issued ID numbers, and in some cases your IP address if its static.
Things not considered PII (but can be in certain combinations) are your registered school, number of children and ages, your age if specific, party affiliation, gender, race, city of residence, salary, job title, criminal record (as redacted).
Note specifically your ADDRESS is not considered PII. Nor is your e-mail address, nor phone number.
Further, it is in NO WAY illegal to collect or store PII. It is only "restricted" (not even illegal) to sell or trade it, or display it, without the express permission of the person, and storage of PII comes under SAS or other security regulations. Generic PII can not be used to get into your credit information (only account numbers and SSN can be, and they're further restricted under various credit protection acts in addition to being PII). The only thing PII might get you is robbed, or some hate mail, or some spam.
The UDID should be free for all evil app devs to use and to exploit to their own evil ends. Let your UDID be free! What harm will can possibly come from being uniquely identifiable??..
...right I'm just going to post this anonymously in case anybody tracks me down and exploits me evilly.....
Geez! It's not like I could sell you a game with built-in advertising where I also make money selling your personal information to people who could wait until you are a famous celebrity before they inform the world just how many different 'penis enlargement pill' ads you clicked on.
Oh wait? It *IS* like that, isn't it?
[RANT] "Do you really think a database of every call, transaction, and just your within 5 mile accurate location on a 15 minute interval could possibly be stored, let alone find a CPU big enough to MINE it???" [/RANT]
Er, the accuracy surely is irrelevant? It'll occupy the same dataspace. 500 miles, 5 miles, or 5 metres. It'll be a lat-long or equiv.
And, to get 5m resolution I could code that information in about 12 bytes. That's about 1Mb a day, recording your location every second. Unless I've dropped a point somewhere.
And, despite your tirelessly long rant, you forget that oldest and dumbest computing maxim: 640k should be enough. It might be too much data now (but I doubt it) but it's not gonna be too much next year, or the year after. Computing power is growing at a greater rate than the population, so it's likely at some point all of our activities will be tracked and stored. Like it or lump it, it's the way we're going.
Cavemen - the origin on this graph - stored virtually nothing* whereas we store lots. In the future we'll store more. Get over it. It really isn't personal. And anyway, in about 2020 your *vacuum* will count you whack off three times a day - assuming you haven't asked it to join in.
*Even cavemen stored some data, which still exists today - crude paintings on the wall. Will our data be readable in 60,000 years?