By design, the UDID mechanism scheme that Apple employs for iOS hardware is a unique string of letters and numbers, much like a device’s unique serial number, that is used to anonymously identify iPhone, iPod Touch, and iPad. However, security researcher Aldo Cortesi discovered a flaw that can link an iOS device’s unique UDID back to the owner, making the UDID non-anonymous and potentially exposing a user’s identity.
Cortesi found that some apps can link the UDID to a user’s Facebook profile, for example, which can expose the user’s image, and if a Facebook profile isn’t marked as private additional information can also be revealed.
Wired writes that Cortesi says that the UDID is “like a permanent, unalterable tracking cookie that can’t be changed and that the user is not aware of.”
By default, the UDID is supposed to be anonymous and is used to only identify the device. However, according to last year’s Wall Street Journal report, 56 of the 101 apps examined had transmitted the device’s UDID to other companies without the knowledge of the user.
While this flaw isn’t by itself a huge security concern, it does raise a few eyebrows about privacy.
In the past, before developer trial codes, Apple had integrated UDID into iOS to allow developers to test out apps on a limited number of hardware without having to submit the app for mass market distribution on the App Store. In doing so, Apple may have opened the doors for others to misuse or try to collect additional information related to device UDIDs.
4 Reasons Not to Install iOS 13 Beta & 12 Reasons You Should
There are some great reasons to take the iOS 13 beta for a spin on your iPhone. There are also...
Vizio M Series Quantum (2019) Review
The Vizio M Series Quantum delivers great picture quality, with deep blacks and accurate, vibrant colors that look great when...