Just how will Apple restrict device-ID snooping in iOS 5? Apple is planning to phase out unique device identifiers from iOS 5, according to documentation sent out to developers, possibly to stop people worrying about their privacy on iPhones and iPads. Apple developers have been told that the serial number will be "deprecated" in iOS 5.0 and they should "create a unique identifier …
> Each iPhone will still have an ESN (Electronic Serial Number) which is mandated
> by the FCC so no great advancement in privacy here.
I'm reasonably sure that apps can't read those numbers.
Apps can currently read the WiFi MAC address. Don't be too surprised if that goes away too.
This is exactly what it sounds like, "deprecated" means "going away". They can't just pull it, because then applications, that used it, wouldn't work. So essentially developers get told - we're going to pull this, make sure your applications aren't using it when we do.
So a developer can track a specific instance of their application, but nothing else. So you can track your applications on someone's phone (usage data for example) but you can't tell if (as an example) you have multiple applications installed by the user.
Screenshots on other rumour sites indicate that Apple's suggested replacement is to generate a UUID (aka a GUID or IID) and store that in the user defaults (Apple's anachronistically named store of user preferences, on account of their main purpose in NextStep being to specify the default parameters of new documents).
User defaults are synchronised across devices, so a developer gets to track a single ownership of their application across multiple devices.
@NoneSuch I think you mean IMEI.... and it's a very different thing for my mobile network to know I have a certain phone (data needed to operate the network along with the SIM/billing info and which should only be used for such) and some random developer or advertising company who's not been given explicit permission.
Sounds like a good thing to me.
The problem with universal IDs, is that once somebody has managed to attached personal data to it (e.g. registering with your name and address for a service via your iPhone), someone somewhere now has good information to attach to your UDID.
Your UDID now has some real value, and I can see the someone somewhere flogging this information to other developers/advertisers/dubious characters. UDID being trackable across all apps means a pretty good picture of usage can be built up. Forcing devs to roll their own means there will be many different methods of tracking usage, and this data is of substantially less use and value.
How long until "phone status and identity" starts disappearing from the Android list of permissions, or gets changed to something that doesn't involve a device ID?
Still, at least the Google OS tells you when your device is going to be profiled by an app. I don't see a list of permissions anywhere in iOS.
I'm sure people will hail this as a victory for privacy or somesuch, but this still means that Apple are profiling you just as hard as Google ever will.
> I don't see a list of permissions anywhere in iOS.
There are a few things that Android asks about when you install an app, which iOS doesn't restrict:
- Network access.
- Battery level.
- Vibrator.
There are a few things that Android asks about when you install an app, which iOS asks about at run time:
- Location.
- Address book access (I think).
Everything else, just isn't allowed at all on iOS:
- Access to the shared filesystem.
- Change homescreen wallpaper.
- Send SMS (I think).
- Deliberately brick the device (yes really! Android apps can do this!)
- Turn WiFi on and off.
- Delete other apps.
There's a lot of things that third party developers can do with an Android phone. However, Manifest.permission.DELETE_PACKAGES and Manifest.permission.BRICK are both amongst those that you need a signed key either for the device or platform to use. Basically, the only organisations with access to those permissions are going to be your phone manufacturer or Google. Joe Random Developer is not going to be able to accidentally (or purposefully) tell your device to kill itself, nor are they able to uninstall other people's packages.
Send/receive SMS, make phone calls and the others, yes. It's how people make alternative launchers, diallers and the likes.
http://stackoverflow.com/questions/3435316/how-can-i-brick-the-android-emulator
http://stackoverflow.com/questions/3476600/why-are-these-permissions-being-refused
All customer data should be deemed private by law, including UDID and SIM information.
Jusy=t because the software and processors in smartphones have the ability to capture and transmit this data doesn't mean they have the right.
I have a simple Samsung slkider phone, in which I had the GPS module disabled, and found out that some d=collected data as mundane as the number of times the slider is operated/used is counted and held in a register.
The trouble with smartphones is that we don't know what data is captured and transmitted by anyone nor where or what the data is used for. It's bad enough having snoop software of cell systems that enables tracked cell phones usage, numbers dialled and message content, be stored and regurgitated at someones whim.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
