Mobile

Apple phasing out iOS UDID access to solve privacy woes

With the launch of the most recent iOS 5 beta release, Apple is now instructing third-party developers to stop using the unique device identifier (UDID) in iOS devices, which is often used to track user behavior.

The change will disrupt business for many app developers, especially for mobile ad networks and companies like Tapjoy that rely upon UDID access heavily, but it could mean the end of major privacy concerns for Apple.

It’s also a good thing for users, since they will now have to opt-in to be tracked by developers. Unlike cookies, which are used on web browsers to track user activity, Apple’s device IDs are permanent, and users can’t block their transmission to third parties.

The latest iOS 5 documentation states that Apple will be deprecating UDID access for developers, according to a report from TechCrunch last week, and it now recommends that developers create unique identifiers specific to their apps. By deprecating the feature, Apple won’t be removing it enirely in iOS 5, but it’s fair warning to developers that they won’t be able to rely on it for much longer. Apple has historically discouraged developers from relying too heavily on UDIDs, so the change could just be seen as Apple being firmer with its preexisting stance.

We’ve asked several major iOS developers about the change, but we’ve yet to receive a response from any of them. Either they’re still figuring out how they’ll approach a UDID-less world, or they’re staying mum to avoid Apple’s wrath. Apple also hasn’t yet responded to further details about the change.

At the moment, it’s unclear if Apple will still be able to access UDIDs for its own services like iAds and Game Center. That would certainly give Apple a major advantage over third-party developers, as it can track UDIDs without waiting for users to register within apps. But it’s also the sort of feature disparity that could spark an antitrust investigation by regulators.

Apple could avoid many privacy headaches by killing off UDID access entirely. The company was sued last year by a Los Angeles man specifically because UDIDs were so easily accessible by apps, and a long-running Wall Street Journal feature revealed that many apps are sharing UDIDs, along with other personal information, without users’ knowledge.

But losing access to the feature will be a major blow to developers, since it will mean they will have to start their user tracking records from scratch. And for companies like Tapjoy and Flurry, which rely heavily on UDIDs to track and promote apps, it could mean a significant change is in order. Tapjoy CEO Mihir Shah recently railed against Apple’s restrictions on pay-per-action advertising at our MobileBeat conference in July.


Mobile developer or publisher? VentureBeat is studying mobile app analytics. Fill out our 5-minute survey, and we'll share the data with you.