Sunday, October 3, 2010

iPhone Applications Privacy Issues! Did Apple Lie About UDID?

#iPhone #UDID And iPhone Privacy Did Apple Knew? http://snapvoip.blogspot.com/
Of course Apple knew, when it addressed Congress in July but still went ahead and told that Apple could not track or tie the UDID (Unique Device IDentifier) of Apple devices,to their owners. But it did not tell that it's developers could.
Bucknell University Network Admin and two time DefCon wardriving champ, Eric Smith tells us that a bunch od Apple iOS developers are doing just that.
He equates iOS UDID to serial number bearing Intel's Pentium III processor that made world upside down. Intel and manufacturers of pc's even developed BIOS to block Serial Numbers on those processors and Intel never did that again.
Smith selected a number of applications from "most Popular Apps" and "Top free Apps" from the Apple App Store. (You can see the report PDF for more information). He ran the applications and analyzed the data being sent out by each app.
What he found was alarming,
68% of these applications were transmitting UDIDs to servers under the application vendor’s control each time the application is launched.  Furthermore, 18% of the applications tested encrypted their communications such that it was not clear what type of data was being shared.   A scant 14% of the tested applications appear to be clean.  We also confirmed that some applications are able to link the UDID to a real-world identity.
I am to renew my contract with AT&T for the iPhone and with this info, looks like I am going to end up with another Android. The current 3GS will join the rest of my test bench phones.
I uninstalled NPR App and installed Huffington Post App

Executive summery of iPhone App Privacy investigation
 iPhone-Applications-Privacy-Issues.pdf

No comments:

Post a Comment