Every release of iOS comes with a healthy share of new features, updates, tweaks, and the inevitable accusation that Apple is up to no good.
Case in point, last week that the latest beta of iOS 5 begins to phase out developer functionality that can be used to track individual devices.
The rest of the Mac punditry machine quickly piled on, accusing Apple of trying to shut competitors out of the iPhone market and claiming that developers will no longer be able to provide users with services like scoreboards, personalized accounts, and goodness knows what else.
There seems to be general agreement, therefore, that this change (which Apple, true to form, made in the latest beta with little fanfare) is a Big Deal. There’s also a lot of confusion, however, on exactly what a UDID is, what it does, and why it is being discontinued.
UDID, What Art Thou? -- The term “UDID” is an acronym that stands for “Unique Device IDentifier.” It’s a unique 160-bit number that is calculated by iOS based on several hardware characteristics of a device; as its name implies, each iPhone, iPad, and iPod touch has its own UDID.
Apple uses UDIDs for a number of different purposes, including sending push notifications, managing ad-hoc provisioning (which is used by registered developers and enterprise users to distribute apps outside of the App Store), and so on.
Until now, the UDID has also been available to developers, who have traditionally used it whenever it has been necessary to track individual devices — for example, to provide scoreboards, or offer additional personalized services.
There is nothing wrong with this: the UDID is not a secret and cannot be used to steal any information from the user. In fact, Apple even provides a that explains how you can find a whole alphabet soup of identifiers associated with your device.
Unfortunately, the fact that the UDID is available to every app without the user’s consent has led to an unexpected consequence: third parties, like ad networks, have been able to use it to track usage across multiple apps, thus breaking a primary tenet of iOS, that apps run in complete isolation from one another, in part to protect the user’s privacy.
Given how steadfastly Apple has defended this feature of its mobile operating system in the past, and the fact that the company for “allowing” apps to provide information to advertisers, the fact that UDIDs are going the way of the dodo shouldn’t come as a big surprise.
What Is Apple Doing? -- In hindsight, in fact, Apple’s response to this problem has clearly been in the works for a long time. Over the past few years, the company has rolled out several services that aim at providing developers with alternatives to the types of features most likely to depend on UDIDs, like scoreboards and network gaming (Game Center), ads (iAds), and so on.
Apple is now preparing for the final strike: removing access to UDIDs to thwart those parties that have happily worked around iOS’s privacy model.
Because of the potential impact on so many developers, however, Apple is going about making this change in a deliberate manner. Contrary to several reports that have found their way on to the Web, Apple hasn’t “killed” developer access to UDIDs. Rather, they have simply “deprecated” the functionality, advising developers that it’s likely that it will be removed from a future version of the operating system. To put things in perspective, Mac OS X 10.7 still includes functionality that has been deprecated since 10.2 (although my feeling is that Apple will move much more quickly in this case).
In the immediate future, therefore, nothing has changed. UDIDs are still available to developers, and apps that depend on them will continue to function without problems.
What Happens when UDIDs Disappear? -- Think of this initial move as a call to action. Apple is telling developers that it will, sooner or later, make developer access to UDIDs go away.
Those who have needed access to UDIDs for reasons that Apple sees as legitimate are likely in for some work converting their apps to the appropriate technology provided by iOS, but should otherwise have no problem providing their users with uninterrupted service and no loss of data. As a bonus, the user experience connected with these services will be uniform, resulting in fewer headaches for both users and developers.
Interestingly, even those companies that make “inappropriate” use of UDIDs are unlikely to find themselves completely in the lurch. Since there are several well-established ways of identifying any device connected to the Internet, these developers should be able to continue offering their services without having to depend on an Apple-provided identifier.
Why the change, then? I think it likely stems from two desires on Apple’s part. The first is that UDIDs are highly specific: barring a mistake in Apple’s manufacturing process, these identifiers are guaranteed to be unique — unlike the information that can be gathered through the other methods that I mentioned above. Apple is likely worried about both the perceptual and legal liability of tacitly enabling apps that track users without user-granted permission.
This also leads to Apple’s second desire: Apple wants to tout iOS as the most secure and privacy-conscious mobile operating system on the market, bar none. If developer access to UDIDs enables app usage to be tracked without user knowledge, it’s that much more difficult for Apple to make that claim.
Finally, there is a third possibility: that Apple is, in fact, trying to block third parties from encroaching on the businesses that it intends to create around technologies like Game Center and iAds. It’s not inconceivable, but given that neither iAds nor Game Center seems to be a big money maker for the company, this seems like a rather weak argument.