In last week’s blog entry, Mike Price discussed some theories on how AntiSec had gained access to over 1 million iOS UDIDs. Today, in an interesting turn of events, the world has now discovered who UDID it! Earlier today, BlueToad, a mobile publishing company claimed to be the source of the leaked ‘Unique Device Identifiers’ (aka UDIDs). CNET reports that security researcher David Schuetz analyzed the released UDIDs and identified that frequently occurring device IDs were associated with BlueToad.
Paul DeHart, BlueToad CEO, accepted responsibility for the leak and said his company has fixed a vulnerability that allowed the hackers to gain access to the list of UDIDs and user data.
This, however, is hardly the end of the story. It will be interesting to see what changes, if any, Apple implements on the use of UDIDs as tracking mechanisms for ad networks, analytics frameworks, and publishers.
In the meantime, Appthority will continue to inform our customers and partners on interesting app behaviors, including the collection and sharing of UDID, IMEI, and other identifiers.