Andreas Kurtz: Malicious iOS Apps

The privacy implications of this issue are numerous. Up to iOS 7, several hardware identifiers were available to allow apps to uniquely identify any iOS device. For instance, both the unique device identifier (UDID) and the hardware address of the WiFi module (WiFi MAC address) were frequently used by advertising or tracking networks to relate personal data or usage patterns to specific users. As this posed a major privacy threat, Apple removed access to those identifiers in iOS 7. Access to a user’s Apple ID, however, can be considered a much stronger identifier, as it allows not only the identification of a device, but also the identification of its owner. The advertising industry might, therefore, also have been interested in this method of reliably identifying users across apps.

via Andreas Kurtz: Malicious iOS Apps.

iOS 8 has remedied many of the security problems that iOS 7 did not cater for, but there are still a few loop holes around and Andreas Kurtz wrote an amazing article on it.