Apple was quick to respond though and did state that the UDID would no longer be used in future revisions of iOS or on future phones. Apple has kept their word about the UDID with iOS 6, but all they have done is to implement a new feature that allows advertisers to track user preferences by phone. The new system called IFA or IDFA (Identifier for Advertisers) has not been used to gain access to personal information just yet, but then again the UDID worked well for a while before it was abused. We ran some of this by a few people that we know in “security” and on the surface they said that IFA is fairly anonymous in the way it executes, but they were quick to note that nothing is really secure when it is designed to take user information and preferences and transmit it to someone else. It is, by its nature a questionable thing to track users’ preferences or habits in the first place, but it has been a common practice for so long that there is little that will be done to curtail or stop it.

IFA is both more and less intrusive than the UDID was. Because IFA is a random number assigned to the device and only tracks browsing and search habits it is less intrusive and less likely to be tied to a person than the UDID was, however IFA tracks your habits further than was possible with the UDID. IFA can track you all the way through to purchase or app download giving advertisers more ammunition to fine tune their ads and targeting algorithms.  This last item is where the most likely exploit would be, if you can track a purchase with IFA then there is a chance you can tie that purchase to a person although what information you can gather after that is questionable.

Still there is good news for iPhone and iPad users running iOS 6. You can turn IFA off by heading over to Settings> General> Advertising and turning Limit Ad Tracking to “On”. This will limit the tracking capabilities of IFA, but we have not been able to confirm if they are completely off. Our guess based on what we have seen is that they are not completely off. It is possible that your search and browsing habits are still tracked, but that that IFA no longer tracks the purchase or download like it did before. We are sure that there are people out there working on ways to exploit IFA and get more than it was intended to offer even as we publish this article after all the mobile market is now a major space for advertising. Advertising companies and publishers are very excited about what can be done in the mobile space simply because most mobile operating systems are so amazingly open right now in the same way the PCs were back in the early 90s (when the push pop up ad became popular). It will not be long before mobile OS developers will be required to put some of the same protections in place that we take for granted on the PC if for nothing else than to combat overaggressive advertising companies from inundating phone users with ads that have become little more than spam. Are mobile phone makers wrong to put this tracking ability into their phones and should Apple have left this ability out of iOS 6 considering how badly abused the UDID was? Let us know what you think in our Forum