Open Radar

 
Summary:
REQUEST 1. [[UIDevice currentDevice] name] should require explicit user permission before it can be accessed. 

REQUEST 2. The iOS devices’ name should not be automatically generated using the user’s real name. 

REQUEST 3. If a device’s name must be auto-generated with the user’s real name, then this setting should be made an obvious, explicit part of device onboarding, and given a prominent position in Settings.app with cautionary text about privacy risks.


Steps to Reproduce:
1. In any iOS app, run [[UIDevice currentDevice] name]
2. You now have access to the device name, and with trivial effort, the device owner’s full name.

Expected Results:
[[UIDevice currentDevice] name] should require explicit user permission before it can be accessed. This should follow any of the established API patterns for privacy permissions on iOS.

Actual Results:
The device name often contains the real name of the device’s owner, sometimes even both first and last names. Any user who needs to remain anonymous while using a third-party application may be unaware that her full name is exposed via her device’s name.

This problem is exacerbated by the practice of automatically-generating the device’s hardware name based on the display name of the account registered with the device.

Further, the nature of this setting is not made explicit to the user. It is hard to find in Settings.app, even when you know it’s there. It also does not explain with cautionary text which apps and services are able to access the device name. In addition to [UIDevice name], certain local network features can expose this name as well. These potential privacy leaks should be made explicit so that even a non-savvy user is able to make an informed decision.

Regression:
—

Notes:
—