Using UDID to create unique user identity

Question

I am working on an iPhone App which communicates with a Server to store and exchange data. Since I would like to make it as simple as possible, I want to avoid registration (or mybe also the using of a password) for the user account. Is it possible (and allowed?) to get the UDID of the iPhone device and make eg. an MD5-hash of it, which I transfer to the server and use it for authentification? Since this ID is unique I could simply use it to login and get the user specified data from the server, without any need of creating login data.

Is it allowed to access the UDID, make an MD5-hash of it and store it in a database?

Second question is: how do I get the UDID? ;-)

Answer 1

Yes, it's allowed, but take into account what I have reported below, from the documentation.

You can retrieve the UDID as follows:

NSString *udid = [[UIDevice currentDevice] uniqueIdentifier];

Note the following from the offical Apple's documentation:

A device’s unique identifier (sometimes abbreviated as UDID for Unique Device Identifier) is a hash value composed from various hardware identifiers such as the device serial number. It is guaranteed to be unique for each device. The UDID is independent of the device name. For devices that use a SIM (subscriber identity module) card, the UDID is independent of the SIM card.

For user security and privacy, you must not publicly associate a device’s unique identifier with a user account.

You may use the UDID, in conjunction with an application-specific user ID, for identifying application-specific data on your server. For example, you use could a device-user combination ID to control access to registered products or when storing high scores for a game in a central server. However, if you are developing a game, you may want to instead use Game Center’s player identifier key as explained in Game Kit Programming Guide.

Important: Never store user information based solely on the UDID. Always use a combination of UDID and application-specific user ID. A combined ID ensures that if a user passes a device on to another user, the new user will not have access to the original user’s data.

Answer 2

I've used the UDID for checking if the device already has a running subscription. Getting the UDID is easy:

NSString *udid = [[UIDevice currentDevice] uniqueIdentifier];

If you read up on the App store rules, there is a section about letting the user create an account to move the subscriptions to an other device. In this section Apple makes clear that the account creation must be an username and password that the user must enter. The username can't be an e-mail address since it is personal information.

If you app leans heavy on the data, an optional user account creation would be advisable.

The AppStore Review guidelines can by found : http://developer.apple.com/appstore/resources/approval/guidelines.html

Answer 3

UDID is hidden since iOS-6 and later so you can uniquely identify device by:

NSString *UDID = [[UIDevice currentDevice] identifierForVendor];