Security

Tweetbot developer confirms Apple is now rejecting apps over use of UDIDs

Christian Zibreg ∙ Updated April 15, 2024

A report on Monday alleged Apple began rejecting third-party iOS apps that make use of Unique Device Identifiers (UDIDs). Today, developer Paul Haddad confirms that a new build of his Tweetbot app failed to pass Apple's requirements due to its use of UDIDs. Haddad received an email from the company that cites section 17.1 of the App Store Review Guidelines.

It states “apps cannot transmit data about a user without obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used”.

With this app rejection, I think we can safely conclude that developers are now wise to drop UDIDs from their apps. Better late than never, if you ask me...

Apple begins rejecting apps that access UDIDs

Oliver Haslam ∙ Updated April 15, 2024

Apple is beginning to reject app submissions which access a device's UDID, according to a report by Mashable.

You just can't beat a good privacy scare, and the one surrounding the use of UDIDs, or Unique Device Identifiers is the current biggie. Used by developers and advertising companies, UDIDs allow tracking of individual devices which has the privacy conscious up in arms.

With Apple now reportedly rejecting apps that use UDIDs, developers, ad. agencies and anyone else who may legitimately use UDIDs will need to re-write their apps to remove the feature...

Safari exploit that allows URL spoofing discovered in iOS 5.1

Cody Lee ∙ Updated January 25, 2016

Although iOS is considered to be one of the safest mobile operating systems on the market, it's not perfect. This is something that those of us in the jailbreak community know all too well.

With that in mind, it's not terribly surprising that another security bug has recently been discovered in Apple's software. Reports are surfacing today that an exploit has been found inside mobile Safari...

Apple’s cheapest iOS device might also be the most secure

Cody Lee ∙ March 18, 2012

All things considered, it's been a pretty good weekend for the jailbreak community. Not only have hackers managed to find multiple exploits for the new iPad (within 24 hours no less), but we've even seen proof of an untethered jailbreak.

It gets better. Word is that the work that is being done on Apple's new tablet will also apply to older devices on iOS 5.1, except perhaps the new Apple TV. Apparently, the least expensive iOS device also happens to be the most secure...

Following the iOS debacle, Mountain Lion now asks permission to access contacts too

Oliver Haslam ∙ March 17, 2012

It seems that Apple's learnings from the Path Contacts debacle have extended to the Mac, too, with the latest Developer Preview of OS X 10.8 Mountain Lion also seeing a Contacts-based new security addition.

Those with reasonable memories will remember that Path, the social networking app that was all the rage not long ago, got itself into some hot water for taking all the details from the iOS Contacts app – names, numbers, email addresses and more – and uploading them to its own servers. This led to all kinds of scaremongering and ultimately, Apple decided to add a warning message to iOS that tells users when an app is requesting access to contact details. Users then have to option of allowing or blocking that access.

Now it appears that Apple has pulled this security feature across from iOS to the Mac, or at least it will in the next version of OS X when it arrives later this year...

iOS 5.0.1 security flaw lets anyone bypass password protection to make a phone call and view contacts

Jake Smith ∙ Updated April 3, 2018

iOS bugs and security flaws are taken seriously by not only customers, but also by Apple. There have been many that allow others to access your information, including contacts and pictures. Most recently, a bug was found that allows anyone to make a FaceTime call on your iOS device.

Today a new security flaw is brought to light by iPhone Islam, where anyone can make a call out and access your iPhone contacts despite any passcode you might have in place.

As shown on video:

Apple says apps will now need explicit user permission to access contacts

Cody Lee ∙ February 15, 2012

Ever since the news broke that Path, a popular social network and iOS app, was uploading users' contact lists without asking for their permission, everyone has been waiting to see how Apple would respond.

After all, it is Apple's App Store team that is approving these apps that cull private user data without authorization. And today, the Cupertino company finally broke its week-long silence on the subject...

Jailbreak apps leak less private user data than App Store apps

Cody Lee ∙ Updated April 3, 2018

The recent Path scandal has once again put user privacy at the forefront of mobile news. The social network was caught secretly uploading entire address books from its users' cell phones without their authorization.

This has prompted further research into other App Store apps, and yes even jailbreak ones, to see how many other developers are guilty of these actions. And what folks are finding is, jailbreak apps actually leak much less private data than Apple-approved ones...

iOS 5.0.1 bug lets anyone make FaceTime calls on your iPhone, even with security settings

Jake Smith ∙ Updated April 16, 2018

Canadian tech blogger Ade Barkah has discovered a new security loophole in Apple's most recent iOS update, iOS 5.0.1. It involves FaceTime, and lets anyone make a call out, even with the highest security settings in place.

The loophole has been confirmed to work on both the iPhone 4 and iPhone 4S, and hopefully is addressed by Apple soon. Barkah details the bug on his blog...

Is Apple Unwittingly Exchanging Stolen iPhones?

Oliver Haslam ∙ January 27, 2012

If you've ever taken a broken iPhone back to an Apple Store for repair or replacement, then you'll be well aware at just how easy the company makes it. You take your iPhone in, Apple checks its warranty by referencing its serial number and you walk out with a replacement.

But that "customer comes first" approach may also be making it easier for thieves to chop in stolen iPhones and then receive a replacement free of charge. While that may seem pointless initially, when you remember that stolen handsets can be blocked from carriers based on their IMEI number, then the whole thing makes a lot of sense.

The revelation that Apple may be unwittingly exchanging stolen goods comes via security firm McAfee, which blames Apple's "honor system" for giving thieves an easy way to get rid of hot goods...

How to Access Gmail Securely With a QR Code [Video]

Jeff Benjamin ∙ Updated May 30, 2017

Normally I wouldn't dare log into my Gmail account from a public terminal, but this QR based login from Google is definitely a step in the right direction from a security standpoint.

As first reported by Ian Paul from PC World, you can now securely log into your Gmail account without typing your username or password into a computer.

It works by using your iPhone as the means for authentication instead, and it's a pretty slick way of staying relatively secure from would be password jackers. Video demonstration inside.

Apple Accused of Providing Backdoor iOS Access to Indian Military

Cody Lee ∙ January 8, 2012

ZDNet has just published an interesting report claiming that Apple, along with both RIM and Nokia, has built in backdoor iOS access for the Indian Military, leaving text messages, voice calls, and data trails completely exposed.

As you can imagine, after the recent CarrierIQ scandal, this information is making some waves around the internet. And what's even worse, it sounds like the hidden trapdoor has been used in some not-so-kosher situations...