Your iOS app may still be covertly tracking you, despite what Apple says

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,060
Last year, Apple enacted App Tracking Transparency, a mandatory policy that forbids app makers from tracking user activity across other apps without first receiving those users’ explicit permission. Privacy advocates praised the initiative, and Facebook warned it would spell certain doom for companies that rely on targeted advertising. However, research published last week suggests that ATT, as it’s usually abbreviated, doesn’t always curb the surreptitious collection of personal data or the fingerprinting of users.

At the heart of ATT is the requirement that users must click an “allow” button that appears when an app is installed. It asks: “Allow [app] to track your activity across other companies’ apps and websites?” Without that consent, the app can’t access the so-called IDFA (Identifier for Advertisers), a unique identifier iOS or iPadOS assigns so they can track users across other installed apps. At the same time, Apple also started requiring app makers to provide “privacy nutrition labels” that declared the types of user and device data they collect and how that data is used.

Loopholes, bypasses, and outright violations​

Last week’s research paper [PDF] said that while ATT in many ways works as intended, loopholes in the framework also provided the opportunity for companies, particularly large ones like Google and Facebook, to work around the protections and stockpile even more data. The paper also warned that despite Apple’s promise for more transparency, ATT might give many users a false sense of security.

“Overall, our observations suggest that, while Apple’s changes make tracking individual users more difficult, they motivate a counter-movement, and reinforce existing market power of gatekeeper companies with access to large troves of first-party data,” the researchers wrote. “Making the privacy properties of apps transparent through large-scale analysis remains a difficult target for independent researchers, and a key obstacle to meaningful, accountable and verifiable privacy protections.”
 
Top