Each iPad, iPhone and iPod Touch contains a unique number consisting of 40 digits, which may lead to identification of its owner, according to a security researcher.
Apple is again in the spotlight in terms of security and privacy. After it was discovered late last month that the iPhone and iPad record all users’ movements, and the problem was solved with an update to the operating system, Aldo Cortesi, a computer security researcher has found that iPhone mobile phones, tablets iPad Touch, and iPods contain a unique number for each device that may lead to identification of its owner.
“The identification number found on these devices, though not secret, should not lead to the identification of its owner”, says Cortesi. He has realized that some applications that are used by users are linking the identification number of the device to the user’s Facebook profile.
Apple and application developers use the number, which is not less than 40 characters, to identify each device, which is unique and anonymous. The number can not be deleted or changed.
The “Wall Street Journal” publication found that 101 applications from the App Store send this unique number, called UDID, to other companies without user’s knowledge or permission.
Cortesi created a program called Mitmproxy with which he learned last month that OpenFeint, an integrated gaming network, in certain applications that connect the players between them, conveyed the unique identification number of the device along with certain personal information. When users of iPhone, iPod Touch, or iPad logged in to OpenFeint through their Facebook account, the game transmitted the unique code attached to the Facebook unique ID, photo, and sometimes the GPS coordinates. OpenFeint, which has 75 million members, has solved this problem after Coretesi reported it to the company.
Apple has specifically asked the iOS operating system developers to not associate the unique identification number with the user account to ensure confidentiality. But if OpenFeint specialists were able to link up the unique code with Facebook accounts, it means that there are other applications that have passed the Apple radar.