Every year, Apple’s keynotes hype the latest and greatest iOS software, receive unprecedented media coverage, and tout hundreds of new features on the Apple homepage. But then, like an evil Santa Claus, Apple asks their most passionate fans to wait months to play with the new toys. This year, like the year before, they didn’t announce a release date, promising only sometime “this fall.”
If you’re a diehard Apple fan that desperately wants to run a buggy beta version of iOS 6 right now, your only legal option is to shell out the $99 to join the iOS Developer Program. Affordable for a developer, the barrier to entry is high enough to keep out casual fans from accidentally bricking their phones and cluttering up the Genius Bar.
But over the last couple years, a cottage industry’s popped up around illicit UDID activations — startups exploiting Apple’s Developer Program to sell access to prerelease iOS software, usually for less than $10 per device. The craziest thing? Apple doesn’t seem to care.
Do a search for “UDID Activation” and you’ll find a dozen web sites, including some advertising on Google, with SEO-friendly names like ActivateMyiOS, Activate My UDID, UDID Registration, and Instant UDID Activation. Unlike casual registration trading of the past, these new startups offer secure payment options, solid customer support, Twitter and live chat, and quick turnarounds. One service even offers an AppleCare-like guarantee called “SafetyNet” that protects you if you lose your device or buy a new one.
Behind the scenes, each service uses the same simple backdoor: Registered iOS developers can activate up to 100 unique device IDs (or UDIDs) for their account, an essential tool for testing apps on multiple devices. Once registered with Apple, the activated device is also able to run prerelease versions of iOS, though developers are forbidden from sharing prerelease software outside their own team.
Ignoring these warnings, activation services charge a small fee to add a customer’s device to their developer accounts. When they hit the 100-device limit, they just register a new account with Apple.
I spoke to the founder of UDID Activation, an activation service based in Galesburg, Illinois, who asked not to be named. “I set up a new Apple developer account every time I need another list,” he said. “I have 30 developer accounts, all with the same name and address, and Apple’s never said anything.”
There have been isolated reports of Apple disabling developer accounts, but some of these services have been running uninterrupted for years without any apparent consequences.
“It’s obvious it’s there, and there are tons of people doing it,” said UDID Activation’s founder. “If they wanted to look into it, it wouldn’t be very hard for them to find out what was going on. I’ve been doing this for about three years and I’ve never been contacted by Apple, and they’ve never shut down my accounts or anything. It really does seem like they don’t care that much.”
I chatted over instant message with a support representative from a competing service that claimed to have ten iOS developer accounts and a bot to reactivate expired UDIDs. I asked how often Apple kills their accounts. “Never in five years,” he said.
Apple clearly states in its Developer Program License Agreement, and on its Developer Portal, that membership can be terminated if a developer provides pre-release Apple Software to anyone other than registered employees, contractors, or others with a demonstrable need to know or use the software to build and test applications. Apple adds that unauthorized distribution is prohibited, and may be subject to both civil and criminal liability.
Despite Apple’s threat of “civil and criminal liability,” the service operators I spoke to didn’t seem concerned. “In the developer section, there’s a notification that says selling spots to your developer account can get it shut down,” said UDID Activation’s founder. “But I’ve never heard of anyone getting their account shut down for selling spots.”
It might not be that simple. Detecting fraudulent activity isn’t as straightforward as it seems, unless Apple actually purchased activations from each service to identity the account holder. Purchased accounts don’t look any different than normal beta testers, though the rate of registrations could be an indication of service violations.
For a small developer, unauthorized activations are a lucrative business that’s likely worth the risks. UDID Activation publishes their order queue on their official site, which shows over 2,300 devices activated in the last week alone. At $8.99 for each activation, that’s over $20,600 in revenue, with $2,277 paid to Apple for the 23 developer accounts. Their homepage claims that over 19,000 devices were activated so far, and that’s only one of several services.
Outside of commercial services, some fans are forgoing commercial services and self-organizing, using discussion forums to crowdfund shared developer accounts, as these Reddit members did last year. On Twitter, authorized developers trade UDID activations for followers and retweets, or just offer them for fun.
Apple may not like it, but all of these back-alley transactions are clearly meeting a market demand. The software may be buggy, incomplete, and not ready for mainstream consumption, but a sizable class of power users doesn’t care and is willing to pay to use it.
For these cheap and impatient users, activation services offer an easy, affordable, and low-risk way to experiment with the cutting edge before the rest of the world. And until Apple starts cracking down, there’s little reason not to use them.