UIDevice-with-UniqueIdentifier-for-iOS-5 icon indicating copy to clipboard operation
UIDevice-with-UniqueIdentifier-for-iOS-5 copied to clipboard

Published 20 hours ago verified publisher icon gekitz

How unique is this identifier?

Open jstawski opened this issue 12 years ago • 6 comments

Haven't inspected the code in great detail, but how unique is this identifier really? MAC Addresses are not unique. There is 16.7 million possible addresses per manufacturer. Given that Apple Sold way more iPhones (250 millions) than possible addresses is only a matter of time before you get same MAC Address for 2 different users.

My understanding is that the App's Bundle Identifier is also the same for all users that download the app, which will not make it unique if two users that have the same MAC address use the same app.

Am I missing something?

jstawski avatar Jan 08 '13 16:01 jstawski

Jstawski, there are also two mac addresses for each antenna. Have you figured out anything that solves this issue? With the pending permanent ban on using UDID this next month, it's becoming pretty critical that we find a replacement but haven't really seen anything solid enough.

mgouw007 avatar Mar 27 '13 21:03 mgouw007

You could probably use

- identifierForVendor
or
- identifierForAdvertising

from <UIKit/UIDevice.h>

sghael avatar Jun 04 '13 19:06 sghael

identifierForVendor will change if a user deletes all apps by that vendor then reinstalls them. I.e. they then have a different 'unique' ID but it's the same device.

If the purpose is to be able to identify a device eg for linking to an account on a website etc then it's no longer of any use.

identifierForAdvertising would be better because that ID stays the same for each device. However, you can simply go into the settings (Settings / General / About / Advertising) and tap on 'Reset Advertising Identifier' which, again, renders that useless in terms of identifying the device itself.

ghost avatar Jun 14 '13 13:06 ghost

The point is: you SHOULD NOT reliably identify a device for privacy concerns. So there is no way around it. Why not changing the architecture so that identifierForVendor is good enough?

rasky avatar Jun 19 '13 07:06 rasky

Why not? Because we'd have no business left.

Apple forced us to provide a free 7-day trial subscription (even though they don't let us use the auto-renewable subscription payments) and also stated that we cannot collect any user data (eg email address) unless a they have purchased a subscription. So we can't even get them to create an account first.

The result being that a user downloads the app and activates their free 7 day trial. After that trial ends, they can delete it and reinstall it - which generates a new vendorID. They then get another free 7 day trial. Repeat ad nauseum and then we have no income from subscriptions and, therefore, no business.

The only way we can stop a user from abusing the free trial is to be able to recognise the device or the user. We can now to neither under iOS7.

ghost avatar Jun 19 '13 08:06 ghost

Well, surely Apple doesn't want you to collect MAC addresses of your users as well. There is not enough information in your comment, but I would think that Apple was referring to the in-app purchase subscription trial that is supported by the IAP API and thus bound to the Apple ID.

If not, then I suggest that you bring this up with Apple. This specific library on GitHub has always been broken (MD5 of MAC addresses is wrong wrong wrong), and I've asked the maintainer to remove it to avoid giving false illusions. Hopefully, iOS7 will also push in that direction.

rasky avatar Jun 19 '13 08:06 rasky