- Joined
- Jun 18, 2010
- Messages
- 4,891
- Reaction score
- 1,050
Engadget has a worrying report today about the possibility of third-party iPhone apps transmitting information that links your device to your name and possibly even your location, according to Bucknell University network admin Eric Smith, a two-time DefCon wardriving champion, who has studied 57 top applications in the iTunes App Store to see what sort of data they send out. Through his research, Smith discovered that some third-party apps actually sent out the iPhones UDID and personal details in plaintext, including apps for Amazon, Chase Bank, Target and Sams Club, although some of these were secured with SSL. Engadget says that although UDIDs are often used by apps to store personal data and combat piracy, Smith is concerned that a database could be created linking the UDIDs to GPS coordinates or GeoIP, thereby confirming your location to possibly unsavoury people or companies. Engadget points out, however, that transmitting the UDID and account information together publicly is forbidden. Smith concludes his research report by likening Apples UDID to the unique identifier of Intels Pentium III processor, which raised privacy issues several years ago, resulting in government enquiries, which resulted in Intel providing a software fix that enabled individuals to manually disable the chips ID, prior to Intel removing the chip from all future CPUs.
Source: Engadget
