
Apple sued over spying mobile apps - zoowar
http://venturebeat.com/2010/12/28/apple-sued-over-spying-mobile-apps/
======
roc
I'm not sure why _the_ UDID would eever have been exposed to app developers.
It seems the API should offer _an_ ID that was the result of the UDID run
through some sort of hash seeded by project or at least developer cert.

~~~
ardit33
It is not. It is the Device Id that is exposed. Assuming the same user is
using the device, you can track that user across application, and
advertisement companies can get a clear picture of the user's preferences by
aggregating the data coming from all apps. Some apps have legitimate need for
the device id though.

I agree with the seeded hash of an UDID. A developer can track one user across
handsets, but two different developers can't tell form the hashed uid if it is
the same customer.

This solves both the problems of 1. developers having to implement full blown
account/login systems if their app is offering subscription services when a
simple user id would suffice and 2. not allowing the user to be tracked across
services.

I think this was just bad design from Apple.

~~~
gyardley
Advertising companies also have legitimate needs for tracking exposure to
advertising across applications. Frequency caps, for instance -- advertisers
buy inventory across multiple applications with the explicit provision that a
user won't be shown the same ad creative more than a specified number of times
in a given period.

Not having cookies accessible across applications is the true design flaw. No
one particularly wants to use the UDID for anything. Everyone would much
rather use exactly the same infrastructure used for web advertising.

------
tedunangst
"Some apps are also selling additional information to ad networks, including
users’ location, age, gender, income, ethnicity, sexual orientation and
political views."

It then goes on to list Pandora and Weather Channel as affected apps. Having
used both of them, I don't recall entering anything about my income or
political views into either. I would really like to learn of a concrete
example of an app that sold each of the above pieces of information, instead
of the current list of well known apps that once displayed an ad.

------
niclupien
It was about time!

------
nolanbrown23
It's all fear mongering as d_r says. Ironically, the WSJ app sends more data
about a user (including the UDID) then the apps referenced in the article.

Should apple change the way UDIDs are given to developers? Probably. A simple
hash of the UDID and the bundle id would get an app specific identifier but I
guarantee that there would still be the same "privacy concerns".

~~~
devindra
Author of the post here. Where exactly did you hear that the WSJ app shares
more data than the others? The WSJ included their own app in the study, and
according to them they only use the UDID internally to count users
([http://blogs.wsj.com/wtk-mobile/2010/12/17/wall-street-
journ...](http://blogs.wsj.com/wtk-mobile/2010/12/17/wall-street-journal-
mobile-reader/)). Now I realize that data isn't exactly trustworthy since
they're talking about their own app, but I've yet to see anything that
disproves it yet.

------
d_r
Here comes the fearmongering by the media. Sigh.

~~~
jdp23
How is reporting on a lawsuit "fearmongering"?

~~~
jimboyoungblood
Because the lawsuit was most likely inspired by this report by the WSJ:

[http://online.wsj.com/article/SB1000142405274870469400457602...](http://online.wsj.com/article/SB10001424052748704694004576020083703574602.html)

~~~
jdp23
And how is reporting that applications share informaiton without asking for
permission fear-mongering?

~~~
tedunangst
This article at least implies that the Weather Channel app is in some way
broadcasting my sexual orientation. It's fearmongering because they are
deliberately associating some apps that may reveal lots of info with lots of
apps that reveal some info, creating the belief in the reader that lots of
apps are revealing lots of info.

It follows the pattern of "we found a dangerous toy. your child has toys.
special report, after the break."

~~~
alexqgb
It's fear-mongering because the title of the series is 'What They Know' -
emphasis on the ominous, faceless, ever-present THEY.

Even if there's no real connection between, say, upstart advertisers and the
Black Helicopter Patrol, the framing suggests that anyone with an interest in
user data is part of a monolithic, conspiring entity that staffs the thin edge
of their Orwellian wedge with Angry Birds.

That's not to say the gist isn't interesting. But the breathless FOX FACTS
wrapper? Not helping.

