Has anyone had their iOS App rejected by Apple for using the devices UDID?

Question

I have heard some rumours that Apple is rejecting apps for using the iOS5 deprecated method [UIDevice uniqueIdentifier]. Can anyone confirm that they have had their App rejected for this reason? I know of the alternatives to using this deprecated method, but one of our customers is requesting we use a 3rd party library that we know uses this method.

I would be surprised if this is the case as the API method has been deprecated and not made private.

Answer 1

Apple is not rejecting apps because of this. I collect device UDIDs along with tokens within my apps that support push notifications and they have all been approved. UDIDs are simply deprecated, meaning that Apple will eventually not allow you to access them. Everything still works and will be approved.

I heard that Apple deprecated access to UDIDs to prevent developers and third party analysts from being able to identify specific people. If it truly was because of issues with iCloud, Apple would clearly have fixed this instead of inconveniencing everyone else.

Edit: It looks like Apple is rejecting some apps for accessing the device's UDID. Just to be safe, I would use CFUUID to create a random unique identifier. You can use NSUserDefaults or the keychain to save it. The advantage to the keychain is that if the user deletes your app, the keychain items are not deleted so you can still access the UDID if the user reinstalls your app. It will only get deleted if the user restores their device.

Answer 2

Using Identifiers in Your Apps

Starting May 1, the App Store will no longer accept new apps or app updates that access UDIDs. Please update your apps and servers to associate users with the Vendor or Advertising identifiers introduced in iOS 6. You can find more details in the UIDevice Class Reference.

Source: https://developer.apple.com/news/

Answer 3

It appears that App Review is enforcing this rule on apps that transmit the UDID without getting the user's permission -- as suggested by this post -- rather than ones that simply invoke the deprecated API.

We had an update in review for an app that would send the device UDID to our server, on which we would use it to index the user's account. We decided not to take any chances and change our code to generate an app-specific unique identifier, as proposed by documentation on the deprecation of the UDID

Answer 4

now Apps are not permitted to access the UDID and must not use the uniqueIdentifier method of UIDevice. Please update your apps and servers to associate users with the Vendor or Advertising identifiers introduced in iOS 6

NSUUID *uuid = [[UIDevice currentDevice] identifierForVendor];
NSString *uuidString = [uuid UUIDString];

and must to add ADSupport framework

Answer 5

Since May 1, Apple is rejecting all apps which access to the UDID. But it seems the only thing that they can do is to check if the string "uniqueIdentifier" is in the binary or not.

So even if you don't acces anymore to the uniqueIdentifier of the phone, but you give to one variable the same name, they will find it in the binary and they will reject it cause they can't do the difference.

If you want to know if you binary contain it, you can change the extension of the .ipa (export for ad-hoc deployment) to .zip, unzip it, and do fgrep -R uniqueIdentifier . in the terminal at the payload/ folder. You can also do this command in your project folder to find the files which contain the string.

This worked for me.