Hack UDID of iPad or iPhone

Question

Can we assure that no one can change the device UDID by hacking the OS of an iPhone or iPad. Because we are using that UDID for authentication of our users. We want to know that hackers wont able to change it gain access to our system.

Answer 1

Don't do this! And, no u can't tell that.

UDID is deprecated in userland.

Jailbroken UDID fakers do exactly that. They intercept calls to UDID via mobile substrate and return their own value. The only thing you could do is detect jailbroken phones and block them completly.

Also how would you tell if they had a proxy between the app and the internet connection and changed this value on the fly.

Answer 2

As it stands it is unclear what you mean by "we are using that UDID for authentication of our users." Does that imply that only UDIDs originating from devices you're preapproved to communicate with your servers can access it? If a hacker presents a "changed UDID" to your system how would that grant access? If you are obtaining the UDID through Apple's APIs (which are deprecated and will likely result in a flag when you get the application reviewed) you are at the mercy of whatever that given API returns to you, how else would you obtain the UDID?

In general its not a good idea to use a single technology to prevent hacking. Simply passing a UDID that is known to your backend should not be sufficient to gain access. You might consider other mechanisms such as client-side SSL certificates (only clients with the given certificate can present themselves to your servers, etc.) or a secure token vendor.

Answer 3

From IOS 5 onwards the IOS devices UDID is deprecated for developers. See the below link for more details for alternatives to generate the UDID. UIDevice uniqueIdentifier Deprecated - What To Do Now?