iOS 5 deprecates UDID as identifier for developers, but it's not the end of the world
Reading the headlines today, you'll see the usual exaggeration of half-understood factoids bubble out from today's iOS 5 beta 6 release. Thank goodness for that NDA, huh?
As reported by our sister site TechCrunch, Apple is deprecating the use of UDIDs as unique identifiers for developers, thereby severing one of the most common ties between physical devices and the apps that need to know which specific iOS gadget they're on. It's the end of the world as we know it! Well, no, actually. Let's get to the real story here, brought to you by feedback from some iOS developers with real-world knowledge of what the implications of this change will be.
First off, let's clear up what it means for Apple to 'deprecate' this identifier. A deprecated function or software component is not yanked out immediately; it's simply been flagged by the developer of the platform (or app, command line tool, what have you) as something that will be going away in the future, eventually. While the feature remains in place for the sake of backwards compatibility, deprecation is a clear sign to all the programmers in town that they will have to move away from using this feature in the long run.
To the average person, this deprecation of developer access to UDIDs means little more than one step towards better privacy. UDIDs are far from the only way a developer could ensure "your" iPhone is, in fact, your iPhone. Using the identifier has always been a relatively easy way for developers to do this, however, and so many used it, some abused it, and the average user was never the wiser.
From the beginning, Apple has always uniquely identified its devices via UDIDs or other means, and the iPhone is no exception. There is a class called "UIDdevice" which describes the things on the iPhone, i.e., the features unique to that device. Until today, developers could have access to a users' UDIDs, and they've used them as identifiers for a lot of gaming, user info persistence and subscription systems (including some of our favorite apps). The downside of UDIDs in the past is because they're related to devices and not accounts, sometimes it's hard to have the device identifiers talk to each other. Some developers have grabbed or scraped these without user permission for marketing and other less than reputable purposes -- hence the privacy concern behind broadcasting UDIDs to third-party developers.
The utility of developers having access to the UDID is far lower than the potential for abusing it. The UIdevice class does things like telling you the battery state, system name, OS version, phone model, and so forth -- it identifies the device and the features on it. It's been helpful in terms of letting developers determine which devices run certain features better -- knowing the difference in performance between an iPhone 3G and an iPhone 4 is certainly important, especially to game developers -- but other than that, there's not much utility there.
So why isn't losing access to the UDID a big deal, at all? Any developer can always roll their own unique identifier. Apple provides a way to randomly generate one, so you never really had to use the UDID. People have been using UDIDs for various reasons -- not all of them good -- and there's not a lot of positives to UDID use other than ad-hoc app distribution (i.e., for beta testing).
Apple's deprecation of UDID access is something that's been expected for some time. MacStories' take on it aligns with our own; privacy concerns over UDID sharing have been in the news for a long time, so it's not a shocker that Apple's now contemplating denying third-party access to them. From a user's perspective, this is a Good Thing. From a scrupulous developer's position, this may complicate your life for a while, but that's all. Unscrupulous developers who've been abusing UDIDs for marketing or other purposes are the ones that will get hit hardest by this change, but as far as I'm concerned, they can wither up and die with no tears shed.Some have speculated that iCloud account information might be substituted for UDIDs, but developers don't really have access to user account information from iCloud -- and they shouldn't. That would be an even bigger security hole than UDIDs.
Apple seems to be taking a "none of your business" approach to user IDs where developers are concerned. We speculate that's the motivation behind removing the UDID API. Meanwhile, try not to buy into widespread reports of dogs and cats living together/mass hysteria, because it's just not that big of a deal in the long run.Share
Reading the headlines today, you'll see the usual exaggeration of half-understood factoids bubble out from today's iOS 5 beta 6 release....
Add a Comment
Another article written by non-programmers claiming to dispense authoritative information. Like this incorrect statement:
"So why isn't losing access to the UDID a big deal, at all? Any developer can always roll their own unique identifier."
WRONG. That identifier (and anything it associates with the user, like data on a server somewhere), will be lost if the user deletes the app. It should be backed up if the user backs up and restores his phone, but you can't count on that, can you? Nope.
For that same reason, it's useless for the most important reason to store the UDID: banning abusers.
Currently there is no substitute for the UDID when it comes to banning abusers. When there IS, THEN you can write an article about how it's no big deal.
VanillaSpice
What a load of rubbish. You are not a developer, if what you have written is all you are able to think of in terms of abuse control systems. Maybe you are one of the unscrupulous developers referred to in the article which would explain why you think this is a bad thing.
And please don't tell me that you consider Erica Sadun a "non-programmer" (she does read the other posts here, you know?) because that would be so amusing that I would literally laugh myself to death. And what's her take on the situation? Oh that's right - she has ALREADY pointed out how to make unique identifiers persistent for anything other than a full system re-install. (Search here for "dev juice".)
The whole point of what is happening here is that developers (real ones, I mean) will not have access to an identifier that the user has no control over. I repeat again, the WHOLE POINT of this process is to do exactly what you describe.
You might think that is a bad thing, but that is only because of your poorly-written "banning abusers" code which, as any layman could easily point out, is clearly then not a "ban abuser" system at all, but a "ban particular device" system, which means the abusive entity is free to continue their abuse on a separate device, and a non-abusive entity who purchases the first device would be unfairly banned.
Guess what? It is actually really hard to prevent abuse by the determined and ensure fair access for those who aren't. Blogs and websites in general have been dealing with this issue for more than a decade - much longer than the iPhone's existence - and still haven't come up with a good system that can prevent determined trolls from opening further accounts to continue their abuse.
Any system that really was effective would have to transgress legal and ethical protections on privacy, meaning that only so-so systems currently exist and - wow - did I just describe pretty much the entire content of the article that you were criticising without having bothering to read it?
Yeah, I get it. You'll actually have to do some work - real work - and re-write a small section of your code. Boo hoo. This is not being done for kicks, it's to make sure Apple (and you!) don't get into trouble in the future, the change is pretty minimal, and you're being given plenty of time in which to implement these simple changes.
Stop acting like it's a big deal. And don't go blaming Apple because you want access to something that legally and ethically you should not have.
So basically you're saying I should create my own UUID for a device, persist it somewhere that the user cannot easily delete, associate their name and other personally identifying details with it, and then provide a library that third-party developers can integrate with to get access to the UUID that I generated and its associated info so that there can still be a single canonical key that uniquely identifies a given device and its associated user. Sounds like a plan.
August 22 2011 at 9:04 PM Report abuse Permalink rate up rate down ReplySo basically you're saying I should create my own UUID for a device, persist it somewhere that the user cannot easily delete, associate their name and other personally identifying details with it, and then provide a library that third-party developers can integrate with to get access to the UUID that I generated and its associated info. Sounds like a plan.
August 22 2011 at 9:03 PM Report abuse Permalink rate up rate down ReplyAny developer can always roll their own unique identifier...
Yes of course but each time you reinstall an app, you create a new UDID.
...or use iCloud K-V storage. I just posted alternatives, which are far more secure and survive when users replace their device. http://j.mp/pqMLyE
August 20 2011 at 2:59 AM Report abuse Permalink rate up rate down ReplyWhen I have people test my apps, I just send it to Apple and say that I want to manually release it once it's approved. If there is problems, I reject the binary and submit an improved on. I've never used UDIDs.
August 19 2011 at 8:57 PM Report abuse Permalink rate up rate down ReplySo I wonder what's going to happen to all of Tapulous's apps? Maybe they'll actually, oh my god, base their track purchases on ACTUAL TAPULOUS ACCOUNTS? (Mostly their TapTap series)
August 19 2011 at 8:50 PM Report abuse Permalink rate up rate down ReplyWho cares? Have you seen the games Tapulous has been releasing since Disney bought them?
August 19 2011 at 8:58 PM Report abuse Permalink rate up rate down ReplyYeah... but still. It was fun while it lasted. :P
August 20 2011 at 1:59 AM Report abuse Permalink rate up rate downI miss the old tapulous...
TTWP is still active though...
Deals of the Day
more deals- Acoustic Research Digital Photo Frame with iPod Dock for $50 + free shipping
- Apple iPhone 4 8GB for Verizon, AT&T, or Sprint for $50 + pickup at Best Buy
- Unlocked iPhone 4S 16GB for GSM (AT&T, T-Mobile) for $619 + free shipping
- Apple iMac Core i7 Quad 3.4GHz 27" w/ 24GB RAM, 2TB HDD for $2,677 + $29 s&h
- Used Apple Magic Mouse for $36 + $4 s&h
- Skullcandy Riot Earbud Headphones for $10 + free shipping
Software Updates
more updatesFeatured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
11 Comments