The suit was filed last Thursday on behalf of an Apple user in California and seeks class-action status. It charges Apple with sharing information about users’ browsing history, application use and other personal details without their consent.
Apple gives each of its mobile devices a Unique Device Identifier, or UDID. Application developers have access to that number, which offers information about a user’s browsing history every time the user clicks on an ad or an application, according to the suit. Developers sometimes sell the data to tracking companies, the suit alleges.
The suit cites a published report from December that says developers can combine the UDID with other personal information found on the device including user name and password, contacts, current location, and in some cases the phone owner’s name.
It also cites a study by the director of information security and networking at Bucknell University, which found that many applications collect the UDID number and user login data that ties to a user account. He also found that many apps transmit the UDID back to a server owned by the app developer or an advertising partner. The suit claims that “such entities inherently have the ability to tie a UDID to a real-world identity,” although it doesn’t describe why they inherently have that ability.
Apple didn’t reply to a request for comment Monday. In December it told the Wall Street Journal that iPhone apps are not supposed to transmit data about a user without the user’s prior permission and explaining how the data will be used.
Filed in the United States District Court for the Northern District of California, the suit asks for a jury trial and for compensatory and punitive damages related to 10 charges. The charges range from invasion of privacy to violations of the Stored Communications Act.
The plaintiff wants the class to include all Apple customers in the U.S. who have downloaded and used apps on the iPhone, iPad or iPod Touch after July 10, 2008.