Another day, another lawsuit. Apple, Pandora Media and The Weather Channel have been named in a lawsuit alleging that the companies didn’t disclose the fact that personal data — specifically location — was being shared with third-party advertising networks, reports “CNET” (http://macte.ch/aF26o).
The suit was filed Tuesday in the U.S. District Court in Puerto Rico by Lymaris Rivera Diaz. “Because the UDID is unique to each iPhone and iPad, it is an attractive feature for third-party advertisers looking for a means of reliably tracking a mobile device users’ online activities,” the new suit says. “Because the UDID is not alterable or deletable by a iPhone or iPad user, some have referred to the UDID as a ‘supercookie.’ This description aptly summarizes the desirability of access to the UDID from an advertising perspective.”
The tracking is possible because Apple assigns a UDID (Unique Device Identifier) to each iPhone, iPod touch and iPad, and apps can access that number. Advertising companies figured out this number can be used for tracking, much like a cookie in a browser, says “Wired.”
If an app passes that number along to an advertiser, the advertising company can use it to build up a profile of the user, as well as keep track of which ads it has shown to a user before and which of those ads the user clicked on. “Wired” notes that, unlike browser cookies that you can block or delete, you can’t do this with apps that use the UDID, because the ID number can’t be changed. Developers sometimes sell the UDID collected data to tracking companies, the suit alleges.
The suit takes aim specifically at Apple — as the maker of the device and the mechanism for running and installing applications — for not letting users control access to this piece of user information, says “CNET.”
“Unfortunately, however, unlike with browser cookies, Apple does not provide users any way to delete or restrict access to their devices’ UDIDs. Traditional efforts to prevent Internet tracking, such as deleting cookies, have no effect on Apps’ access to an iPhone’s or iPad’s UDID,” according to the latest lawsuit says.
This isn’t the first lawsuit involving Apple and UDIDs. One suite was filed in February on behalf of an Apple user in California and seeks class-action status. It charges Apple with sharing information about users’ browsing history, application use and other personal details without their consent.
“Apple’s privacy policy is opaque and confusing but one thing is clear: it does not inform mobile device users that by providing application developers with their UDID, Apple enables them to put a name to highly personal and in many cases embarrassing information derived from app downloading activity and usage, and internet browsing history, that would otherwise be anonymous,” the suit reads.
Two similar lawsuits were filed last December in a federal court in Northern California and San Jose, California. Both claim iPhones and iPads are encoded with identifying devices that allow advertising networks to track what applications users download, how frequently they’re used and for how long. The transmission of such data violates computer-fraud and privacy laws, per the suit.
— Dennis Sellers