Our goal is to make sure that the PrivacyChoice Tracker List remains the most comprehensive global database of tracking company information. To do this, we will continue to add new parameters to the dataset. Today I’m pleased to announce an important new one: Tracking by Device IDs.
Device IDs typically include a UDID or IMEI code, which are unique for each device and can be obtained by mobile applications. For example, you can use this helpful guide to find your own UDID on an iPhone.
UDIDs are used like cookies or other locally stored identifers, but with an important difference: Users do not typically have a means to delete or change the identifier, as they would with normal browser cookies. This immutability and relative inaccessibility of unique identifiers means they require special disclosure and care when used to create user behavioral profiles.
We also include in our definition of “Device IDs” other methods that can be used to uniquely identify a device without the creation of a digital artifact (like a cookie). An example would be BlueCava, which uses device fingerprinting to identify users for ad targeting and fraud applications, which may or may not include a UDID.
I have been surprised by how few tracking companies, particularly in the mobile area, expressly acknowledge the use of UDIDs. Currently we could find less than 10 references among several dozen companies expressly focused on mobile advertising, even though many more probably use UDID’s in the normal course. As privacy standards develop for mobile tracking, I hope and expect that will increase significantly.