One of those class action specialist lawsuit firms, who seem to file lawsuits mostly designed to make the lawyers money
, rather than correct any sort of improper actions, has sued Apple and some app makers
over supposed privacy violations. At issue is the fact that some apps pass on the unique UDID code that is associated with each iPhone to advertisers. This lets advertisers track the same user across multiple apps -- similar, in some sense, to a browser cookie. The "difference" is that a browser cookie is deletable, while you're stuck with your UDID. This all came out a couple weeks ago in a WSJ article
, and since these kinds of lawyers are opportunists, they're always quick to jump on any lawsuit opportunity whenever the press highlights a story like this.
Not surprisingly, it appears this case is yet another attempt to abuse the CFAA (Computer Fraud and Abuse Act), which is generally thought of as an anti-hacking law, but which is continulously stretched and abused
to pull in other situations. In this case, the lawyers are claiming that accessing the UDID without permission is the equivalent of accessing a computer without authorization. Think about that for a second and then realize how silly this is. No one is hacking anything to get this info. The info is made available, and so it's been shared. Using the CFAA here is ridiculous. They also seek to use a similar California anti-hacking law in a similar way. This is clearly not what those laws are intended for.
Furthermore, it seems silly to blame Apple for the way that some app providers are sharing data. To get around this issue, the lawyers rely on two key points. First, that Apple itself recently changed its terms to ban apps from sending data to third parties such as ad networks. Of course, most people realized this was not about protecting privacy, but about forcing developers to use Apple's own ad platform. Second, the fact that Apple approves each of the apps in the marketplace. I know that some people assume this automatically adds liability to Apple for anything those apps do, but that seems like a bit of a stretch as well. It's ridiculous to assume that Apple tests all aspects of an app, and thus becomes liable for anything those apps do.
All in all this looks like yet another attempt by some lawyers to take some fear mongering and make some money out of it. It's not going to do anything to protect anyone's actual privacy.