Kerry Sanders and Bob Sullivan, NBC News:
The UDID – which stands for Unique Device Identifier – is present on Apple iPads, iPods and iPhones, and is similar to a serial number. During the past year, researchers have found that many app developers have used the UDID to help keep track of their users, storing the data in various databases and often associating it with other personal information. When matched with other information, the UDID can be used to track users’ app usage, social media usage or location. It could also be used to “push” potentially dangerous applications onto users’ Apple gadgets.
There is debate about how dangerous the release of the UDID data is without the other information. [Paul DeHart, CEO of the Blue Toad publishing company] said he knew of no practical malicious use for the leaked data.
“Honestly, the UDID information by itself isn’t harmful, as far as we know,” he said. “I can’t say anything is impossible, but the reality is, to push notifications to a device, you need certain keys, certain Apple credentials. You have to have a developer’s account with Apple. So there are lots of processes in place, measures to keep the average ‘anybody’ from being able to take UDIDs and begin doing something with that information.”
You can’t push apps to an iPhone with just an UDID. Way to go, guys.