August 22nd, 2011
Apple Shuns Tracking Tool
The Wall Street Journal
Apple Inc. is advising software developers to stop using a feature in software for its iPhones and iPads that has been linked to privacy concerns, a move that would also take away a widely used tool for tracking users and their behavior.
Developers who write programs for Apple’s iOS operating system have been using a unique identifier specific to each device to gather personal data about users, in some cases creating detailed dossiers on how they use multiple apps. But Apple advised developers not to use that ID number, known as UDID or Unique Device Identifier, with a new version of the operating system that is expected to become available in coming weeks.
The company set no specific deadline for the change. But it stated on a website for developers that the feature “has been superseded and may become unsupported in the future.” It said they could still create an identifier unique to each individual application, however.
A spokeswoman for Apple didn’t respond to a request for comment.
The Apple change was reported earlier by technology blog TechCrunch.
Privacy advocates embraced the change. “I want to see how this all plays out, but at first glance, this is a really good result for consumers,” said Justin Brookman, director of consumer privacy for Washington-based Center for Democracy & Technology.
A Wall Street Journal investigation last year found that, of 101 popular apps for the iPhone as well as smartphones running Google Inc.’s Android operating system, 56 transmitted the phones’ unique device ID to other companies without users’ awareness or consent.
But the change potentially has widespread repercussions for apps, advertising networks, social game networks, analytics firms and others because it removes a way for them to easily offer their services. Advertising networks, for example, depend on the unique ID number to make sure that they’re serving relevant ads to users and to track whether they’ve responded to an ad. When apps work collaboratively with apps, they often use the UDID to share users.
Some mobile advertisers said a key question is whether the move gives Apple’s own mobile advertising service iAds an unfair competitive advantage. Simon Khalaf, chief executive of mobile app analytics company Flurry Inc. said he understands the move if Apple is trying to protect its users, but would be more troubled if it was trying to prevent applications from communicating. “It depends on what the intent is,” he said.
People familiar with the situation have said that Apple’s iAds team does not track what people do inside apps through their UDIDs. Instead the service targets ads based largely on the types of songs, videos, and apps users download through its App Store and iTunes music service. Advertisers are offered a way to reach broad categories of users, not specific individuals.
Apps or networks of apps that require users to sign up for an account would still be able to track their users to a limited extent, but “you want to do a lot of things that don’t require users to sign up,” said Sam Altman, chief executive of location-based social network company Loopt Inc.
Developers say the companies have been mulling the change quietly for weeks, discussing alternative solutions but have not spoken publicly because they had all signed non-disclosure agreements with Apple.
They say one potential way to continue to track users across apps would be to track another unique identifier, known as a Media Access Control address, which let networks interface with devices. Some of them are also looking at ways to build “fingerprints” using other data that is accessible to developers.
“This forces advertisers and ad networks to truly innovate,” said Krishna Subramanian, co-founder of mobile advertising firm Mobclix Inc., which is owned by Velti Co.
Aldo Cortesi, an independent network-security specialist based in New Zealand, who has been studying security vulnerabilities associated with UDIDs, said the move would be a good “first step”, but for users to be truly protected, Apple should offer a way for users to sign on to all apps with one username and password because new “ID mechanisms created by developers are likely to have similar privacy issues.”