Did you know that data is collected by Apple applications running on iPhones and iPads, and is transmitted to the applications’ owners, without you knowing about this? Craig Michael Lie Njie of KismetWorldWide learned while creating an application for his own company that reports are created every day by applications used on these devices detailing
every action a user takes within an app: every button click, every page viewed, every table cell viewed, and the time a person took between each action, all sent back to the server without any notification or customer access to that information.
or any level of customer permission, either.
Information gathering is accomplished via accessing the UDID of any mobile Apple device. Think of the UDID as a permanent cookie resident in each iPhone and iPad which is visible to any software developer and, “can’t be turned off”.
It’s incredibly simple to access the UDID and transmit back to the server, but incredibly privacy invasive (and) easily linkable across different applications…
Theoretically, in order to track what you do back to you, applications must know more about your device than merely its UDID. But this can be easily obtained just by asking your device (in the background, without your knowledge) to verify just a little bit of information.
Eric Smith of PSKL speaks about the striking similarity to a 1999 privacy issue relating to Pentium 3 computers. The iPhone’s UDID is eerily similar to the Pentium 3’s Processor Serial Number (PSN) … While the Pentium 3 PSN elicited a storm of outrage from privacy rights groups over the inherent risks associated with the sharing of such information with third parties, no such concerns have been raised up to this point regarding the iPhone UDID. As UDIDs can be readily linked to personally-identifiable information, the “Big Brother” concerns from the Pentium 3 era should be a concern for today’s iPhone users as well.