9 Replies Latest reply: Dec 4, 2012 12:51 PM by Michael Black
aubs21 Level 1 (0 points)

i have reported a bug in an app from a well known company to the developer and he has asked if i could send him my UDID so that i can Beta test, if i do send it will i have any security issues


iPhone 5, iOS 6.0.1
  • HyperNova Software Level 6 (8,655 points)

    That's perfectly safe and is the information the developer requires in order to send you a beta version of the app. This version comes directly from the developer and is signed to allow you to run it on that particular device without having gone through the app store.

  • Michael Black Level 7 (20,416 points)

    I would not send it.  Apple deprecated the use of UDID's with iOS 5 as there had been complaints about the potential mis-use of personal information attached to the UDID.  At least make sure this is a company you feel comfortable with send it.

  • HyperNova Software Level 6 (8,655 points)

    So, how does Ad-Hoc distribution work then?

  • Michael Black Level 7 (20,416 points)

    I'm just saying make sure you really do trust the source you are sending it to if you decide to serve as a beta tester.  There are legitimate privacy concerns with the use of UDID, so you need to be diligent that you are sending it to someone or some company you trust to honor your privacy.

  • aubs21 Level 1 (0 points)

    The app is developed for a world wide known company but oviously the developer could be freelance.

  • HyperNova Software Level 6 (8,655 points)

    Ok.  Got it.

     

    The same rule applies here as to any other faceless interaction over the Internet.  If you don't know who you're dealing with, don't share anything worth something.

  • Michael Black Level 7 (20,416 points)

    Exactly - I've had contact with some app developers that I honestly just thought were way to flaky to trust with personal information.  Others that I've been able to independently verify as legitimate (and who came across, with a little research, as clearly professional) I was comfortable dealing with.

     

    It should not be hard to check out the credentials of a developer, espeically if the app is from a major and well known company.

  • aubs21 Level 1 (0 points)

    ive just sent an email to the developer requesting clarification why he needs my UDID and if he works directly for the company in question and ive also emailed the company requesting info as well.

     

    i do hope thinks come back ok as i would like to beta test for this app

  • Michael Black Level 7 (20,416 points)

    And odds are it should all be fine - you are just being cautious as anyone should.

     

    This article discusses some of the issues that led up to Apple deprecating the use of UDID in the apple store.  It summarizes some of the reasons why, as with any identifier linked to personal information, you just want to careful of who you share it with.

     

    http://arstechnica.com/apple/2012/09/ask-ars-whats-the-big-deal-with-iphone-udid s/

     

    A little paranoia is not necessarily a bad thing, in an age of rampant privacy violations and abuse