A while back a company called RapLeaf was under the microscope of several government agencies, non-profit organizations and partners for misusing private information from multiple networks to paint a “picture” of an individual’s information (email, phone, address, interests, networks, etc). RapLeaf really upset Facebook because the Facebook User Id was one of the common points to connect information from a diverse set of sites.
There were rumors at the time Facebook was going to block App developers from having access to the User Id. Thankfully, they didn’t do that, but Apple just did. In a very similar way, Apple was upset that services were using UDID (the unique identifier of a user on the iPhone) between services and apps, primarily for advertising purpose.
The majority of iPhone / iPad app developers went into a Holy-Crap-What-Do-We-Do-Now mode this week since a lot of them use the UDID to deliver customize experience without the user having to sign in (and actually give personal identifiable information) and maintain that information across app installs (or even across apps from the same Company).
What App should have done instead is to deliver a Hash(UDID, Developer-ID) instead. Actually, the UDID should have been that by default, so app developers won’t have to do anything special. What that means is that for all apps from a single Company, the UDID stays the same, but two Apps from two different companies would not be able to match their users’ databases, thus creating a more robust solution for this problem.
Now, the solution-du-jour for this problem is to use Mac Address (the network address of the device), which is a much, much worse problem in my opinion in terms of privacy. So will Apple block sniffing of Mac Address on apps now?