Facing FTC pressure, Apple bolsters privacy, security
Apple is adding two-factor Apple ID authentication, and announced a May 1 end for developers using iPhone and iPad UDID information
By Antone Gonsalves
March 22, 2013 — CSO — As the government steps up efforts to protect personal data, Apple is strengthening privacy and security on its products.
Apple introduced two-factor authentication (as an option) on Thursday for people making purchases on iTunes, the App Store or iBookstore. Apple also announced that May 1 would be the end date for app developers using the Unique Device Identifier (UDID) found in every iPhone and iPad.
Instead, new apps or app updates would have to switch to the Identifier for Advertisers (IFA). The new tracking technology can not identify the device user, but does provide data that advertisers can use to send relevant ads.
The UDID is a unique and permanent serial number identifying each Apple device. The IFA is considered an improvement in privacy because it is a random, impermanent number.
Apple announced in March 2012 that it would no longer allow developers to use the UDID. The move followed a security breach at BlueToad, a Florida-based technology provider for digital publishers. The hack led to more than 1 million Apple UDIDs being exposed.
The Federal Trade Commission (FTC) has made it clear that it plans to step up efforts to hold vendors responsible for protecting personal information on mobile devices.
"We haven't been shy about taking on the tech giants," Edith Ramirez, the newly named chairwoman of the FTC, told The Hill newspaper. "That has been just tremendous. And that's all, in my mind, vital and will continue."
The FTC has brought privacy charges against Facebook and Google. In February, the commission settled a complaint against HTC after the smartphone and tablet maker agreed to make major changes in its handling of customers' personal data. The settlement was seen as the FTC putting other device manufacturers on notice.
Apple's new two-step verification is connected to the Apple ID customers use in making online purchases. Every time people sign into their account or try to make a purchase from an unrecognized device, they will need to enter a four-digit verification code sent to their mobile phone.
"It's about time they did this," said an Olds, an analyst for the Gabriel Consulting Group.
There is a trend among Internet companies to tighten security via two-factor authentication. Other companies offering such an option include Google, Facebook and Dropbox.
"We're going to see more of that trend and we're probably going to see some enhancements to it, because the problems of security and fraud are not going away. They're only getting worse," Olds said. Future enhancements could include some form of biometrics.
Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.