Amid Privacy Concerns, Apple Has Started Rejecting Apps That Access UDIDs

by Blogburger on March 25, 2012

UDID

Amid extra scrutiny from Congress around privacy issues, Apple has started rejecting apps that access UDIDs, or identification numbers that are unique to every iPhone and iPad, this week.

Apple had already given developers a heads-up about the change more than six months ago when it said in some iOS documentation that it was going to deprecate UDIDs. But it looks like Apple is moving ahead of schedule with pressure from lawmakers and the media. It can take more than a year to deprecate features because developers need time to adjust and change their apps. A few weeks ago, some of the bigger mobile-social developers told me that Apple had reached out and warned them to move away from UDIDs.

But this is the first time Apple has issued outright rejections for using UDIDs.

“Everyone’s scrambling to get something into place,” said Victor Rubba, chief executive of Fluik, a Canadian developer that makes games like Office Jerk and Plumber Crack. “We’re trying to be proactive and we’ve already moved to an alternative scheme.” Rubba said he isn’t sending any updates until he sees how the situation shakes out in the next few days.

For those unaware, the UDID is an alphanumeric string that is unique to each Apple device. It’s currently used by mobile ad networks, game networks, analytics providers, developers and app testing systems, like TestFlight, for example.

Playhaven, which helps developers monetize more than 1,200 games across iOS and Android, said several of its customers had been rejected in the last week. The company’s chief executive Andy Yang says that developers should try and stay as flexible as possible by supporting multiple ID systems until there’s a clear replacement.

“This is definitely happening,” Yang said. “In the next month or two, this is going to have an impact on all ad networks and apps using advertising. Everybody’s trying to make their own choices about what to use instead.”

At least one of the apps that faced issues a week ago came from a publicly-traded, multibillion dollar company, I confirmed. But they declined to be named so as not to jeopardize their relationship with Apple.

So here’s what I’m hearing. Two of the 10 review teams started doing blanket rejections of apps that access UDIDs this week. Next week, that will rise to four the ten teams, and keep escalating until all 10 teams are turning down apps that are still using UDIDs.

This is a big deal because mobile ad networks use these ID numbers to make their advertising better targeted. Using UDIDs, mobile ad networks can track consumers from app to app to understand more about ads they respond to and apps they use most often.

“The UDID is essential for managing the conversion loop,” said Jim Payne, who runs a real-time bidding platform for mobile ads called MoPub and was early at leading mobile advertising network AdMob before it sold to Google for $ 750 million. “All the performance dollars that are spent on mobile are going to impacted by this not being there.”

At the same time, however, there are very real privacy risks tied to the widespread use of UDIDs. They’re more sensitive than cookies on the web because they can’t be cleared or deleted. And they’re tied to the most personal of devices — the phones we carry with us everywhere. Apple has been facing pressure from lawmakers in the last week about how apps can share consumer data without their knowledge. Two U.S. House representatives Henry Waxman and G. K. Butterfield sent letters to 34 iOS developers a few days ago asking about how they collect and use consumer data.

It’s still not obvious what developers will use instead. Some companies turned to the Wi-fi MAC Address, or media access control address, but it has a lot of the same privacy flaws that the UDID did. Another company Appsfire is behind an open-source solution called OpenUDID, that it hopes developers will adopt instead.

Yang and others are seeing a few developers get through approval process if they ask users for permissions first before storing their UDIDs. If so, this mirrors the approach that Facebook and Google Android take in making developers show a permissions dialog to consumers when they first install the app.

However, Yang’s not so sure that this is a good user experience or that enough consumers will say yes to make this strategy effective.

“I just don’t think the opt-in rate will be that high,” he said. “It feels like a Band-Aid solution for now.”




TechCrunch

Comments on this entry are closed.

Previous post:

Next post: