In the last WWDC, Apple launched a depth torpedo that almost nobody heard but that goes straight to the waterline of many apps that look for the univocal identification of each device and our location without asking for access to that data expressly . A “kind” of backdoor that without asking permission could allow access to our location by crossing data.
This has always been a small struggle between Apple and the developers, with the former betting on the highest possible level of privacy for their users and the latter on trying to find out what you’re connecting to on such and such a mobile and where . In this battle, Apple has been forbidding access to any data that allows to identify or locate the devices and bets on temporary random IDs while the developers look for new strategies to “jump” those restrictions.
You would be surprised how many times a customer asks me for a development to uniquely identify a device to control its use and the face they get when I tell them that in iOS it can’t be done.
Apple’s last step: deny the identification data of the WiFi network we are connected to .
What it was like and what it will be like
In the early days of Apple’s development, a simple singleton system allowed access to the magic data: the UDID or unique device identifier . And it was there for many years, allowing us to know at all times which device had installed our app . This way, we could know if that particular device was using some external service, denying access to other devices of the same user. Also to know in advertising if a user has seen or not an advertisement or how many he has seen in a single device. Or to associate the installation of an app with the origin in a banner of advertising. From there, any evil against our privacy that you can think of. If you deleted and reinstalled the app, the UDID wouldn’t change (logically) because it was from the device .
But when Apple started to put the focus on privacy, this changed and this can no longer be done. Now I have to call the UIDevice.currentDevice().identifierForVendor.UUIDString property to get a string with a universal unique identifier (a UUID) which will be a new one in every new installation of my app, even if it’s on the same device .
Also, this new UUID is only for generic use, because if we want to use it for advertising we have to use a different identifier: the IDFA or Identifier for Advertisers (in Android it’s the same). A kind of cookie that allows to identify the unique action of a user like installing an app (so that an install action from a game is associated with the same ID when installing that game and is computed as a CPI or click per install ). One that we get from ASIdentifierManager.shared().advertisingIdentifier.
Historically, developers have sought ways to identify devices with data, such as the MAC Address of the network card , which also became prohibited. Basically what Apple does is return a false data 02:00:00:00:00. Just what they’re going to do now with the WiFi network we’re connected to.
No access to WiFi data without permission
Apple has found that sometimes the BSSID of the WiFi (the equivalent of the MAC on the wireless network card) to which we are connected also serves to uniquely identify a device or locate it without its consent. Or with wireless network maps or crossing the data with some other session in another device in the same WiFi (of the same user) where we can access the location.
At AppleIdeal with privacy in location permissions in iOS 13
And as we already told you (you have the article about these lines), Apple has become very serious about the issue of location . So if in iOS 13 we ask for the BSSID or SSID of a WiFi network by accessing the CNCopyCurrentNetworkInfo system dictionary, it will give us a fake with a BSSID 00:00:00:00:00 and a connected network that will always be called “WiFi” (in Chinese it will be called “WLAN”).
Has Apple denied the use of this data forever? No. In case the app has permission to locate us that we have given it , then it will return the real data and not the fake data . In addition, we’ll need to register a new capacity in the app to access the Wi-Fi connection information. This will cause Apple to audit us in its review of the app as to why and what we use that data for. It will also work when we’re connected to a Hot-Spot or personal access point or VPN, which involves a number of additional permissions.
All for our protection
If there is one thing we are clear about the current era of mobile phones, it is that many developers are looking to over-track our usage, data, etc.. it’s normal to find games or apps (Apple approved) that ask our consent to use various trackers or advertising services that will identify us each and every one of them. But I wonder if it’s really worth downloading a free app or game, whose real price is our usage data and everything you can get from us with the excuse of “improving the service” or giving us better focused advertising.
Of course, anything Apple does to avoid this is welcome .