Apple was accused of of letting applications on the iPhone and iPad transmit personal information to advertisers without consent, in two separate lawsuits.
The first suit was filed by Jonathan Lalo on December 23 in federal court in San Jose, California. He is seeking class-action, or group status for his complaint. The lawsuit claims that the transmission of personal information is a violation of federal computer fraud and privacy laws.
iPhones and iPads are equipped with Unique Device Identifiers (UDID), 40-digit-long strings of letters and numbers which distinguish one device from another, and cannot be blocked or removed by users. The suit claims that these UDIDs are used to let advertisers track what apps users download, how long the programs are used, and how often.
Bloomberg reports the suit also claims that "some apps are also selling additional information to ad networks, including users' location, age, gender, income, ethnicity, sexual orientation and political views."
Lalo names applications like Pandora, Paper Toss, the Weather Channel and Dictionary.com, as defendants alongside Apple.
A separate class action suit accusing Apple of the same privacy violation, also centered around the UDID, was filed on the same day by Dustin Freeman, and three others. The suit called Apple's actions an "intrusive tracking scheme," and pointed out that Apple regularly rejects 20 percent of apps who try to enter their store. The complaint classifies Apple's failure to keep these apps from the store, and their failure to realize that these apps were breaching user's privacy, as "aiding and abetting" the guilty apps.
These lawsuits come soon after a Wall Street Journal report on concerns over app privacy.
That article, like the lawsuits, characterizes UDIDs as the major source for privacy concerns. The UDID was the most widely shared detail among the apps they tested, leading one expert to call it a "supercookie."
In October, Apple released a series of review guidelines for their app store which included the following: "Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used."
If UDID data sharing is happening, it would seem to violate this principle. But Apple isn't the only company that should be worried.
"We are also looking at Google's Android platform and a lawsuit against them has not been ruled out," one of Freeman's lawyers told Reuters.