Sadly, this all could have been avoided with one simple change four years ago: rather than having the UDID match the specific device, have it be hash of the app's "keychain identifier" (usually set at the company level, enabling cross-product identification) and the real UDID. Then, it doesn't matter if an app finds out the UDID it can access: it's specific to that app or company anyway, and can't be abused as it currently is.
But as the UDID was implemented poorly (and immediately overused for everything, including from server-side account keying, which Apple can't just break), they have to essentially remove it now.
I'm talking about Apple, not about developers. If Apple had returned SHA1(KeychainID + UDID) instead of just UDID when the SDK was released, then apps would never have seen the "real" UDID, and we wouldn't have this issue now. However, since Apple did not do that and they can't change the UDID now (for a variety of reasons, including various abuses of it by developers), it's too late for them to fix it now with such a simple change.
They certainly could still add a new API which does something along the lines of what you describe while still deprecating the UDID API. The only real catch is that they'd had have to do it in such a way as to make it difficult to figure out the un-hashed UDID from the value they give you. It's certainly possible to do that, though. For example, instead of hashing the UDID along with the keychain identifier, they could hash it along some other app-specific or vendor-specific info which only Apple knows and is not shared with developers.
No reverse engineering of SHA512 or other hash algorithm is necessary. Left as an exercise for the truly curious about security. (Hint, you can get the same information from much lower hanging fruit.)
Yikes. We have a version awaiting review that migrates us off udids. We need the udid for one last login before they get an oauth token. Perhaps we will get lucky and apple won't test a migration bc fresh installs don't use it. This really sucks, we were following the rules and they changed the schedule.
That's unfortunate, I hope things work out for you.
To other developers, this is an inherent risk of working under somebody else's rules. Open platforms like the web are in constant flux, but won't reject you for political/monetary reasons.
To other developers, this is an inherent risk of working under somebody else's rules.
Yes, but the alternative might be something like a cesspool of everybody squirting out their UDID either in plaintext or using encryption with an easily findable key in the app -- resulting in lots of counterfeiting of UDIDs and potentially lots of bad things enabled by that.
I hear it is only a percentage of apps being rejected so far (some percentage of the approval team being told to check/reject apps using UDID calls). So, you might make it through anyway.
This is a very good thing. The tech industry has taken privacy far too lightly, and it has the potential to be a really big deal. If a random person off the street knew what Facebook and ad networks knew about them in terms of income, product usage, et al, they'd most likely be extremely creeped out. This needs to be nipped in the bud before it has the potential to affect the entire industry.
This has one major implication: killing ad networks. Or, more specifically, killing ad targeting and CPA.
Advertising is not going away. Let's face it, people are just not willing to pay when it comes to the type of games that are popular on the iPhone. That's in large part a result of the race-to-the-bottom environment Apple created with App Store. Advertising is what makes this economy work.
Whether it's ultimately a good thing or not to kill advertising is a debate I'm not going into (tho, I'd personally err on the side of it being a good thing long term). But, good ad targeting and CPA has the effect of improving the ad experience for everybody: making more money, and seeing more relevant ads.
Admittedly, I'm biased since I'm part of a mobile advertising startup, but I think Apple fucked up here. Having a way to uniquely identify a device across apps is very important. I'd suggest creating a unique identifier on device installation, and formatting the device would reset a new identifier. I know for a fact that if we were to play by Apple's rules, and this goes through, we're going to be very hurt by this change.
This has one major implication: killing ad networks. Or, more specifically, killing ad targeting and CPA.
I for one won't be shedding any tears - as a woman that spends a lot of time on tech (and hence nominally male) websites, I am decidedly over getting ads for dating sites telling me how I'll be able to hook up with young women with no complexes...
Another classic - I hang out on some atheist sites, so of course I'm vitally interested in some Christian alpha course or what not - after all, I spend time on sites talking about religion, don't I?
The model is flawed. I find that so called targeted ads are almost entirely out of phase with my interests, almost comically so. That being the case, I'd rather not be giving unknown people the ability to more easily monitor my online behaviour.
This is completely backwards - you're complaining about untargeted ads, based only on the rough context of the page you're on.
Properly-targeted ads would know you're a) female and b) an atheist and show appropriate advertising if any was available.
Removing the UDID does nothing to prevent the type of ads you're complaining about - they work off of context, and context is always available to the ad server - but it does prevent ad targeting from getting better.
Mobile or web advertising does not rely on the ability to track users across apps or across websites. Mobile and web advertising would still exist and would still be almost as profitable without that capability.
The loss of privacy for everyone which occurs when organisations can arbitrarily track people across sites or apps at will, is too high a cost considering the tiny benefits for both the users and the advertisers.
I'm not 100% sure they already do, but will Apple continue using UDIDs in iAds? Because if they do that would grant them an incredible competitive advantage against all other ad networks...
This seems to me to be something that should have been issued as an OS-level patch.
Apple could prevent a lot of these issues by using an application-specific UDID generated by the device. Hash the UDID with a random salt generated from entropy on the device, and use it only for that app install. Developers then couldn't track you from install to install, or across their application ecosystems. Privacy issue averted.
Any existing calls that hundreds of thousands of applications make to currently get the UDID just return this application-specific one instead.
They can't patch the OS because some applications rely on the UDID being constant. For example, some games check if the scores/progress are real by storing a hash of the scores and the UDID. This allows the dev to check that the scores/progress file wasn't downloaded from internet.
Changing the UDID would make the application think that the scores were tampered with.
Are iAds popular? In 3+ years of owning an iPhone I'm not sure I have ever seen one in the wild. I've used a fair number of free apps that have ads but not a single one of them used iAds.
I think the key difference between iBooks and iAds is that there is at least some demand from users for the former - some people buy iPads to primarily use as eReaders, whereas nobody is buying iPads to look at iAds.
The UDID issue isn't about Apple controlling the ad market (though that may be a benefit). They are getting pressure from congress about the perceived privacy issues.
There are single SDK solutions like Mobile App Tracking that don't require UDID, allow the app developer to own their data, and provide a viable alternative to the current state of tracking via UDID.
"The point" is to make Congress stop yelling at Apple. Forcing developers to jury-rig something other than a system API gives them an out, rhetorically.
I find the word "jury-rigged" to be a stretch for "get the MAC address". There is no difference between the BSD API to get the MAC address and the Cocoa API to get the UDID; maybe to a software historian, but certainly not to a member of Congress: the level of explanation you are looking at there is "a mechanism supported by the vendor that returns a unique identifier for the device".
TestFlight uses a device enrollment challenge to get your device identifier, not native code. There's no native code in TestFlight - that's why it's not in the App Store and hence can't get rejected. It's just a clever use of Apple's remote provisioning capabilities (originally designed for enterprise customers).
So this change both can't and won't kill TestFlight - the only way Apple could kill TestFlight would be to change the way their enterprise provisioning and OTA installation process works, which they have no incentive to do as the process requires very explicit user permission, isn't being probed by lawmakers, and makes them that much more attractive to enterprises.
Push notifications use a device token that is separate from the UDID. An app can only get access to the device token if the user enables push notifications for that app.
I'm sorry, but this solution is very much cart before the horse. I think many people have woken up in a world where most of the "free" stuff they enjoy on a daily basis necessarily requires the ability to identify them on an individual basis. I fear people will either have to learn to live with tracking and profiling as a part of everyday life, or they will have to get comfortable with the idea of paying for more of the stuff they use.
Rejecting apps for accessing UDIDs does nothing to solve the underlying problem...
please stop spreading this false dichotomy, advertising existed before every move you made was tracked, and it was quite profitable. There is zero reason that such invasive bullshit is a requirement, period.
Are you on Facebook? Because the kind of information that you can gather about someone from a UDID pales in comparison to the kinds of information Facebook has about you. Privacy on the web was dead a long time ago...
Before every move you made was tracked, there were only a handful of companies that could deliver ads to people: a few TV stations, a few radio stations, and one local paper. The Yellow Pages. Maybe some billboards.
More competition and greater accountability (you can't really measure conversion rates for TV ads) means advertising services have to be more effective. Showing people ads for things they actually want is the best way to go about that.
Facebook et al do not owe you ANYTHING. The anti-tracking crowd seems to feel it's entitled to services while providing nothing of value in exchange. That's not how the market works. Your attention alone isn't worth much if a website can't show you ads you're likely to act on.
I don't like it either, which is why I run AdBlock and pay for things that are valuable to me - NYTimes, New Yorker, local paper, and phone (nothing sensitive on GMail so I don't care). As the saying goes, you're not the customer, you're the product.
Before every move you made was tracked, there were only a handful of companies that could deliver ads to people
Yes but that had nothing to do with tracking, it was just the nature of the medium. I would like to agree with your idea of tracking as payment, but I really can't, because:
a) Most of the time I don't have a choice. There's no option to pay them money and even if I pay them directly, they may still keep collecting tons of personal information about me on top of it.
b) It's sneaky. I don't really know what information they have and how they use it. I just have a couple of completely meaningless words from their privacy policy.
c) I don't know the price I'm paying.
The last point is the most important one. The value and the risk associated with a particular piece of information greatly depends on what other information it is combined with, but I can't control that. The company could get acquired tomorrow by some ad behemoth that knows a lot of other things about me, so the price I'm paying could change after the fact. That's not the way payment works. I have to know the price I'm agreeing to pay before I enter that contract.
c) Technically you do. It was in the privacy policy (or what was omitted from the privacy policy), and in the clause that says the privacy policy can change at any time without notice.
Deceptive, yes. Personally, I'd like to see more sites adopt privacy policies written like 37signals: http://37signals.com/privacy
If you have the option to become better at serving your customers, you do it. When you interact with a for-profit organization, they are a) extracting something of value from your or b) subsidizing the service with funds from a different business area that does.
Fundamentally, if a business owner can do something to more effectively serve his customers, he does it. If he runs a free service, those customers are advertisers.
We need to change consumer attitudes so people aren't opposed to paying for services they find valuable. When the general public is the customer instead of the product, it will find its voice more effective.
So all of this tracking is only necessary due to the web? What about retailers such as Target or Walmart? Their weekly fliers have been around longer than the web, yet they too are tracking us as much as they can in order to target their advertising. This has nothing to do with there being too many channels to choose from.
It is more likely due to the fact that advertisers have much more data available to them and much better ways to analyze that data now than they used to, so they can send these types of targeted (pregnancy ala Target) ads than they ever could before.
Advertisers in the Mad Men days would have done the same if they had the data and tech available to them back then. Don't blame them, it is their job to advertise and they are using everything in their means to make that effective.
My issue is with people saying that it's all because we're in some sort of new 'era' and that people are 'asking for it' because they are using free (+ advertising) services.
Target and Walmart are the counter-point, because they are doing the same sort of tracking on paying customers.
Advertising has always been targeted, but lately consumers have been making it more and more difficult for advertisers to do so. Compare the number of magazines, television shows, radio stations, or highway routes to the number of websites or apps available today. When most of your target demographic reads the same 5 magazines or watches the same couple dozen television shows, targeting is easy. Now that everyone has the ability to, essentially, plot their own course through consumable media and entertainment, targeting must follow suit.
First of all, service providers have to give me a choice. Even if they offer a paid subscription it doesn't automatically mean they don't store personal information about me. These things would have to be part of the contract and I haven't seen many such contracts.
Right now, I don't feel I have any other choice but to block the trackers as aggressively as possible. I hope there will be better solutions in the future, because I really want to pay for services I like.
Oh? Can I demand subscription services offer me an ad-supported version because I don't want to pay the monthly fee? After all, these service providers 'have to give me a choice'.
No one has to give you anything. Where does your sense of entitlement come from?
If you don't like the way a service is offered, your other choice is not to use it.
You seem to have missed the parent posts. I'm not saying unconditionally that service providers have to give me a particular choice. Of course they don't have to.
What I'm saying is that IF I am to choose option X that option has to be available to me, otherwise I cannot possibly choose it. And most of the time it is not available.
But as the UDID was implemented poorly (and immediately overused for everything, including from server-side account keying, which Apple can't just break), they have to essentially remove it now.