Apple Sets May 1 End Date for Apps that Want UDIDs

Apple has implemented a deadline for when it will reject apps that access devices’ unique device identifier numbers, or UDIDs. Apple has been phasing out the 40-character string of letters and numbers over the last year, yet according to a post on Apple’s Developers site yesterday, this appears to be the final word: Any new apps or app updates that access UDIDs will not be accepted beginning May 1.

UDIDApple has implemented a deadline for when it will reject apps that access devices’ unique device identifier numbers, or UDIDs. Apple has been phasing out the 40-character string of letters and numbers over the last year, yet according to a post on Apple’s Developers site yesterday, this appears to be the final word: Any new apps or app updates that access UDIDs will not be accepted beginning May 1.

Going forward Apple is requesting developers use the new Vendor or Advertising identifiers the company introduced in iOS 6 instead of UDIDs when it comes to tracking their users. The Advertising Identifier is essentially a number that’s unique but not tied to devices and can be reset.

The shift away from UDIDs is good news for users concerned about their privacy, but bad news for advertisers. The switch will work in tandem with iOS 6’s “Limit ad tracking” feature, a function that limits the amount of targeted advertising users see on their devices. Meanwhile, advertisers, if they haven’t yet, will have to change how they keep track of who uses what apps.

It was almost a year ago that rumors began to spread that following that Apple was starting to do “blanket rejections” for apps looking for UDIDs. That followed an announcement in the summer of 2011 that it would begin to phase out UDIDs with the release of iOS 6 in September.

Scores of UDIDs – 12 million in total – were exposed last fall when Blue Toad, a Florida based technology provider was breached. It was initially thought the FBI was involved in the leak after it was implicated by the hacktivist group Anonymous. Blue Toad eventually acknowledged it was the source, that it had fixed the vulnerability that led to the leak, and that it was working with law enforcement on an investigation.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.