A new iPhone security report published reveals that reviewed the “Most Popular” and “Top Free” categories on the iPhone App Store found that 68 percent of software would transmit UDIDs from devices.
UDID’s or unencrypted unique device identifier, that are being transmitted by the iPhone app could be used to obtain personal information.
The security report, published last week by Eric Smith, a network administrator with Bucknell University and a two-time DefCon wardriving champion. Claims that UDIDs can be “readily linked to personally-identifiable information.”
Finding included applications that were found to transmit the iPhone UDID were software from Amazon, Chase Bank, Target, and Sams Club. The CBS News application goes even further, transmitting the UDID along with the user-assigned name for the iPhone, which typically includes the owner’s real name.
For example, Amazon’s application communicates the logged-in user’s real name in plain text, along with the UDID, permitting both Amazon.com and network eavesdroppers to easily match a phone’s UDID with the name of the phone’s owner.”
Apple is up front about its iOS security and requires users approve when applications access information like GPS or the phone’s address book.
Via Apple InsiderFiled Under: Apple, Apple iPhone, Technology News