Apple's deprecation of the UDID has caught many developers by surprise. As the UDID is one of the most popular approaches to uniquely identify a device, it widely used in iOS applications. In fact, major advertising networks, analytics providers, and game networks all use UDIDs to keep track of app installs and user across multiple devices. Without the UDID, how are developers supposed to keep track of their app installs? One "obvious" answer is to use the device's MAC address instead. However, the MAC address is very sensitive information. It arguably has the exact same problem as UDID to begin with, and Apple could easily ban it if this practice becomes pervasive. So, what shall developers do in the post-UDID world? The answer is to develop your own unique device identification scheme. That allows you to identify devices within your own network of app users, but unlike UDID, such identification could not be easily associated with other apps outside of your own network -- hence addressing the privacy concerns. An added bonus of this approach is that it allow you to generate and track consistent device IDs across all mobile devices in your user network, regardless whether they are iOS, Android, Blackberry or Windows Phone.
- For the vast majority of use cases, the application just need a unique ID for each device it installs on. In this case, we do not really a UDID per se. What we need is a "UUID". The ID only needs to be unique within the application. There are several easy way to generate such UUIDs using hashed random numbers. The NSProcessInfo and CFUUID APIs are the way to do it. Please see this StackOverflow thread on code examples.
- Of course, a main appeal of UDID was that it allows tracking devices across different applications. For this purpose, we need to share the UUID across different applications, and take into account issues like a new device restored from a backup of an old device etc. To this end, you will need to the UIPasteboard API, which allows sandboxed applications to share data via a system-wide "clip board". Instead of rolling your own, you could use OpenUDID or SecureUDID libraries. Both are fairly simple implementations, but could save you some trouble since they have already considered many edge cases, and both claim to be aiming for cross platform implementations. The key privacy feature in those implementations is that they allow users to opt-out and hence avoid the privacy issues with UDID.
- Finally, if you really really need an ID that is tied to devices regardless whether an application belongs to which network of UDID schemes. You can use "device fingerprinting" techniques. Such approaches profile the entire device -- much like Microsoft profiling your PC to determine whether you need to activate a new copy of windows. A good example of such services is Mobile App Tracking.
With multiple options to choose from, what is your preferred UDID strategy?
No comments:
Post a Comment