Apple: We didn't pass iPhone, iPad device IDs to FBI

Apple: We didn't pass iPhone, iPad device IDs to FBI

Summary: Both the FBI and now Apple have come forward to state that they had no involvement the ongoing 'UDID-gate,' which led to more than 1 million iOS device codes leaking to the Web.


Apple has said that it did not give the U.S. Federal Bureau of Investigation any device identity codes of its iPhone and iPad users.

Hackers associated with Anonymous claimed this week to have stolen more than 12 million device identifers from an FBI-owned laptop. Just over one million unique device identifier (UDID) codes were released on Monday in a Pastebin post.

The FBI said in an earlier statement that there was "no evidence" to suggest the data had been pilfered from one of their agents' computers, leading to further speculation and guessing as to where the device codes had actually come from.

Among other rumors surrounding the sudden and unexpected event, some suggested Apple had given or been forced to hand over the codes. But today, the Cupertino, CA.-based technology giant sent a statement to AllThingsD refuting such claims.

The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization. Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID.

Earlier this year, Apple began nudging application developers away from UDIDs saying it would introduce a replacement to the system in form of new application interfaces.

According to New Zealand security consultant Aldo Cortesi, many iPhone and iPad-based applications regularly send device UDIDs to servers on the internet over insecure communication channels.

iOS 6 is due out in the coming weeks, pegged for a "fall" release. The iPhone 5 is expected to be announced on September 12 with a launch date a week later. It's expected that the iPhone 5 will ship with iOS 6 pre-installed which will ban UDIDs.

But nobody at this point knows where the UDIDs came from: Apple and the FBI certainly don't know, but one would bet any money that they'll find out sooner rather than later.

ZDNet has put in questions to Apple, and we'll update the piece if we hear back. 

Topics: Apple, iPhone, iPad, Legal, Privacy, Security, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • What else would Apple say?

    Of course they would deny it. That doesn't mean they didn't do it. Apple, being a corporation, can't be trusted to tell the truth about such things.

    I believe Apple is lying about this.
    • I agree

      Your argument, evidence, and sheer reasoning of why they did it pushed me from thinking they might have been telling the truth.
      Michael Alan Goff
      • Thank you for the kind words Michael

        And I didn't even use the best of my arguments, evidence, and sheer reasoning in that post. You should see me when I try.
        • Is your username

          a reference to where your thinking comes from?
        • Then the question is from where did AntiSec obtained this 12 million UDIDs

          ... database?

          1) Someone from Apple leaked it,
          2) or AntiSec hacked Apple’s servers,
          3) or FBI used Bush’s law that binds corporations to submit data for almost any random vague “safety” reason based on secret (yes, this is what the law says) court order?
          • Bush's Law?

            'Bush's Law' is pretty much irrelevant as pretty much every law that provides you with any type of privacy was written before any thought towards the digital age and does not contain any language whatsoever covering digital media or communication. As far as how the IDs were obtained I can't think of any way outside of your first two cases. As much as I hate Apple I don't think they'd be foolish enough to give up that info at this point without making a big media frenzy out of it seeing as how their security has come under fire lately.
          • Apple Would Have no Choice

            If the FBI issued an NSL to Apple for the info, Apple would *have* to comply and then they would *have* to lie about it. When one is issued an NSL, they are forbidden by law to tell anyone they received it.

            But it seems unlikely an NSL would be issued just for some random device ID's. Either AntiSec got them from somewhere else or the FBI is lying. Either way I find it unlikely Apple is lying. There are ways to obtain such ID's without a lot of effort and without needing Apple's help.

            So is AntiSec or the FBI lying? That's the question. AntiSec will need to provide more evidence that they actually hacked an FBI agent's laptop before I am fully convinced this is not just a publicity stunt.
          • Warrantless wiretaps

            An easy way for them to have gotten the IDs is to use the warrantless wiretap powers grabbed post-911 to packet monitor cell phone carrier and ISP data.
      • Should be a short list of who would have access to that many codes.

        If it isn't a short list ...... .it should be.
        Reality Bites
    • Or that means the hacker lied

      and he didn't get the info from an FBI computer.
      William Farrel
    • But look at the wording of their denial.

      In fact, this is JUST what a just denial should be: comprehensive and to the point.

      Usually, when someone issues a denial they know is bogus, it's filled with little giveaway points like "to our knowledge" and "did not authorize." None of that is in here. They first stated directly that they did not do it, and THEN pointed out that the data is meaningless to them and others anyway.

      The cheesy language of the usual non-denial denial is done to condition any later, prospective damage, when the story is inevitably revealed. Since a just denial does not run this risk, the wording is usually much more plain and comprehensive, because they don't need to establish the wiggle room.

      No, I'm afraid this is a case of the hackers lying for some reason. They did not break in, and the data did not come from Apple.

      Note: analysing the language this way is essential to tell who the players are and what they want. Now we at least know that the game is being played on the hackers side this time. What do they want? Ask them.
      Lightning Joe
      • Words are words

        Writing in a manner perceived to be "more honest" doesn't actually mean honesty at all. It just means they made sure to review their statements beforehand to avoid any gaffes.

        I think it's sad that the realms of business and politics are so opaque that we're forced to guess at the meaning of an announcement based on the wording.
      • And also

        If Apple was working with the FBI they (BOTH) would require absolute secrecy, and if Apple was smart it would keep very few people in that loop. So the absolute denial, if it's a lie, becomes a well publicized threat to whistleblowers.

        Why does everyone assume the FBI's interest in UDID is related to users? Could it be they're seeing borderline criminal activity the way they're being collected, compiled, sold or used. Why is Apple retiring UDID?

        IMO the government response was the one that confirmed there is something to the story. "The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

        There are a number of reasons why Apple could make such a confident statement even if it was a lie. For one it is legally permitted to. Second it is obliged to by its users who expect "privacy." Third, Apple is confident that those in the loop are behind whatever effort this is and will keep to themselves.

        I would be interested to hear theories on why someone would make this up.
      • If you know this...

        Then so does Apple and the FBI, which makes it all meaningless. They can alter the wording just for people like you.
      • The FBI's wording was sketchier than Apple's

        Apple's was straight-forward and honest seeming. We did not give them to them to the FBI OR ANY other organization.
        The FBI, on the other hand, goes into "there is no evidence to suggest" it came from their computer, even though Anonymous's other things they leaked panned out as true, if unfortunate. Plus the FBI did not say they were not trying to tracking Apple users, and this is in the midst of the FBI's troubles decrypting the recent iPhone security just this year, and they've lied to the people and spied on them again and again in the past, took warrantless wiretapping powers that could be used to obtain just this type of info, and round and round we go.
    • Thank you Todd

      What do you expect the FBI (who has not had the most sterling record of being forthcoming about invasive spying on Americans--says the criminal justice major) and Apple (who have not been known for caring about users at all) to say?

      Somehow a statement saying "uhm yeah guys, we violated 4th Amendment reasonable expectations to privacy because we felt like it" just wouldn't look too good.
      • but..

        They care about users...

        Who else would give them money?
        Benjamin NElson
        • I agree

          Apple may be all about the money, but that money comes from giving users what they want, privacy being one of them.
          It was already reported this month the government was having problems hacking the new iPhone security when it came to taking suspects phones for criminal investigations, or even the new hard drive encryption included with Macs now.
          If the FBI can spy and monitor emails and communications the more likely they will be able to glean the passwords protecting things, or test their hacking skills so there is no real privacy.
          When the carrierIQ spying android rootkit came out, that was hidden in Android in a kernal patch people couldn't separate easily, Apple had obviously been approached about the same software as Apple put it front and center and asked you to approve it each time before it would send any carrierIQ "debugging" info, and gave you a list of all data sent as well.
          • You should ask Google

            This is nothing compare to emails that is on Gmail, law enforcement have backdoors if you remember when they try to accuse hackers "who seems to originate" from China of getting activist information from Gmail. Those "hackers" were using the backdoor system if I remember right.
          • Yeah, I forgot about that

            It does make sense the way they allowed carrieriq to be a hidden rootkit whereas Apple made you aware of it each time it tried to send info and showed you what would be sent if you allowed it. I think Android, at least the open source hacked versions are much better than google's tricks on the masses, people thinking something is open source while deals with carriers allow worse rootkits and monitoring than supposedly "evil corporations that make money" like apple.