I'm not sure why the UDID would eever have been exposed to app developers. It seems the API should offer an ID that was the result of the UDID run through some sort of hash seeded by project or at least developer cert.
It is not. It is the Device Id that is exposed. Assuming the same user is using the device, you can track that user across application, and advertisement companies can get a clear picture of the user's preferences by aggregating the data coming from all apps.
Some apps have legitimate need for the device id though.
I agree with the seeded hash of an UDID. A developer can track one user across handsets, but two different developers can't tell form the hashed uid if it is the same customer.
This solves both the problems of 1. developers having to implement full blown account/login systems if their app is offering subscription services when a simple user id would suffice and 2. not allowing the user to be tracked across services.
Advertising companies also have legitimate needs for tracking exposure to advertising across applications. Frequency caps, for instance -- advertisers buy inventory across multiple applications with the explicit provision that a user won't be shown the same ad creative more than a specified number of times in a given period.
Not having cookies accessible across applications is the true design flaw. No one particularly wants to use the UDID for anything. Everyone would much rather use exactly the same infrastructure used for web advertising.
"Some apps are also selling additional information to ad networks, including users’ location, age, gender, income, ethnicity, sexual orientation and political views."
It then goes on to list Pandora and Weather Channel as affected apps. Having used both of them, I don't recall entering anything about my income or political views into either. I would really like to learn of a concrete example of an app that sold each of the above pieces of information, instead of the current list of well known apps that once displayed an ad.
It's all fear mongering as d_r says. Ironically, the WSJ app sends more data about a user (including the UDID) then the apps referenced in the article.
Should apple change the way UDIDs are given to developers? Probably. A simple hash of the UDID and the bundle id would get an app specific identifier but I guarantee that there would still be the same "privacy concerns".
Author of the post here. Where exactly did you hear that the WSJ app shares more data than the others? The WSJ included their own app in the study, and according to them they only use the UDID internally to count users (http://blogs.wsj.com/wtk-mobile/2010/12/17/wall-street-journ...). Now I realize that data isn't exactly trustworthy since they're talking about their own app, but I've yet to see anything that disproves it yet.
This article at least implies that the Weather Channel app is in some way broadcasting my sexual orientation. It's fearmongering because they are deliberately associating some apps that may reveal lots of info with lots of apps that reveal some info, creating the belief in the reader that lots of apps are revealing lots of info.
It follows the pattern of "we found a dangerous toy. your child has toys. special report, after the break."
It's fear-mongering because the title of the series is 'What They Know' - emphasis on the ominous, faceless, ever-present THEY.
Even if there's no real connection between, say, upstart advertisers and the Black Helicopter Patrol, the framing suggests that anyone with an interest in user data is part of a monolithic, conspiring entity that staffs the thin edge of their Orwellian wedge with Angry Birds.
That's not to say the gist isn't interesting. But the breathless FOX FACTS wrapper? Not helping.
The problem is that by acting as the sole gatekeeper for the App Store, anything that is published can be considered to carry Apple's official stamp of approval. That makes them liable for privacy violations and other legal missteps that the proprietor of a truly open platform could disclaim responsibility for.
If they want to control the platform with an iron fist, they can damn well take the bad consequences along with the good ones.
It's fear-mongering because the media is selective about what it gets huffy and indignant about.
Where's the outrage over Google's behavioral retargeting? And have you ever tried to buy an ad on Facebook? The granularity with which you can target ads is insane (or insanely awesome, depending on your perspective)
