Using UDID to create unique user identity

iphone objective-c ios udid
tamasgal picture tamasgal · Apr 8, 2011 · Viewed 11k times · Source

I am working on an iPhone App which communicates with a Server to store and exchange data. Since I would like to make it as simple as possible, I want to avoid registration (or mybe also the using of a password) for the user account. Is it possible (and allowed?) to get the UDID of the iPhone device and make eg. an MD5-hash of it, which I transfer to the server and use it for authentification? Since this ID is unique I could simply use it to login and get the user specified data from the server, without any need of creating login data.

Is it allowed to access the UDID, make an MD5-hash of it and store it in a database?

Second question is: how do I get the UDID? ;-)

Answer

Massimo Cafaro picture Massimo Cafaro · Apr 8, 2011

Yes, it's allowed, but take into account what I have reported below, from the documentation.

You can retrieve the UDID as follows:

NSString *udid = [[UIDevice currentDevice] uniqueIdentifier];

Note the following from the offical Apple's documentation:

A device’s unique identifier (sometimes abbreviated as UDID for Unique Device Identifier) is a hash value composed from various hardware identifiers such as the device serial number. It is guaranteed to be unique for each device. The UDID is independent of the device name. For devices that use a SIM (subscriber identity module) card, the UDID is independent of the SIM card.

For user security and privacy, you must not publicly associate a device’s unique identifier with a user account.

You may use the UDID, in conjunction with an application-specific user ID, for identifying application-specific data on your server. For example, you use could a device-user combination ID to control access to registered products or when storing high scores for a game in a central server. However, if you are developing a game, you may want to instead use Game Center’s player identifier key as explained in Game Kit Programming Guide.

Important: Never store user information based solely on the UDID. Always use a combination of UDID and application-specific user ID. A combined ID ensures that if a user passes a device on to another user, the new user will not have access to the original user’s data.

Related questions

get UDID of IOS device programmatically?

I want to get UDID of iOS device programmatically. I am using the following code to get UDID of iOS device. NSUUID *uuid = [NSUUID UUID]; NSString *uuidString = uuid.UUIDString; But output I get is different from actual UDID of my …

Read More
iPhone/iPad unique identifier BESIDES UUID/UDID?

The project I am on is requesting two (or even three) unique identifiers from the iPhone or iPad. I know, I know... the UDID should be enough but we are trying to see if there are any other unique identifiers …

Read More
How do I make an HTTP request in Swift?

I read The Programming Language Swift by Apple in iBooks, but cannot figure out how to make an HTTP request (something like cURL) in Swift. Do I need to import Obj-C classes or do I just need to import default …

Read More