9 comments

[ 2.9 ms ] story [ 32.7 ms ] thread
The article focuses on how their recommended device identifier, the Bluetooth MAC, will become inaccessible in iOS 7, just like the UDID did in a past update.

I'm not that familiar with the mechanics of fraud detection, and I wish the article had delved into why a physical device ID is necessary for it. What is the advantage of the MAC over, say, a hidden ID created randomly by the app on first launch?

There's an obvious difference in that the MAC would allow you to correlate identifiers across multiple apps (which is also a privacy weakness), but the given example apps aren't particularly likely to be used in concert.

Perhaps they'd like to determine whether or not a user is logging in from a new device, at which point another level of authentication may be appropriate.
A hidden ID created randomly by the app on first launch, as suggested, seems to be sufficient for this case.
We have seen fraudsters reinstall an app over and over, each time signing up with a new email and a new stolen credit card after their previous account was shut down. A persistent device ID allows our clients to block a new signup from a fraudster that is from the same physical phone the fraudster has used before. (This greatly increases the cost of committing fraud, by forcing the fraudster to root their phone or use a new phone each time.)
That makes sense. Thanks.

The ability for apps to correlate across their own re-installations has fewer privacy implications than general UDID/MAC access, so perhaps Apple may allow it at some point. To achieve it, Apple could just change the documented behavior of the identifierForVendor property so that it no longer resets when all the vendor's apps are deleted. Apple's implementation could be done several ways (such as by stashing the per-device, per-vendor ID along with the App Store's Purchased Software data, or by generating it algorithmically from a hash of UDID/MAC plus vendor ID). But regardless, Apple perhaps sees app re-installs that start fresh and anonymous as a good thing.

note that it talks about gps positioning, uuids, etc. obviously all this private info is logged.

that means if they get compromised people will know exactly where you live, where you go, etc. (of course they also just can lookup that info as well)

I think you would hash the data in some way to avoid privacy concerns for device ID purposes.
Another identifier which would seem to help accomplish the task is identifierForVendor. As a bonus, it isn't something that can be opted out of like the advertisingIdentifier.
Unfortunately, the API says that the identifier can change if the user uninstalls then reinstalls the app.