Apple introduced App Tracking Transparency last year which prohibits app developers from tracking users' activity across different apps without their explicit consent. Privacy advocates applauded the initiative. Facebook warned that it would bring down targeted advertising companies. Research published last week shows that App Tracking Transparency does not always prevent the collection of surreptitious personal data or the fingerprinting users.
App Tracking Transparency's core principle is that users must actively express their consent for the app to track your activities across other apps and websites. Without this consent, the app cannot access the IDFA (Identifier For Advertisers), which is a unique identifier iOS assigns that allows them to track users across all installed apps. Apple began requiring app developers to disclose "privacy nutritional labels", which describe the types and uses of data that they collect from users and devices.
How to activate?
To enforce App Tracking Transparencyis go to iOS settings > Privacy > Tracking and turn off “Allow Apps to Request to track.”.
Although App Tracking Transparency works in many ways as intended, loopholes within the framework allowed companies, especially large ones such as Google, to get around the protections and stockpile more data. A research paper by Kollnig et. al. warns that App Tracking Transparency could give users a false sense security, despite Apple's promises of greater transparency.
The researchers concluded that Apple's recent changes made it more difficult to track individual users, but they also encouraged a counter-movement and strengthened the market power of gatekeepers with large troves first-party data. Independent researchers continue to struggle with making the privacy properties of apps transparent using large-scale analysis. This is a major obstacle to meaningful, accountable, and verifiable privacy protections.
Researchers also found nine iOS apps that used server side code to generate a mutual identifier that can be used by a subsidiary of Chinese tech company Alibaba for cross-app tracking. The researchers stated that sharing device information for fingerprinting would violate Apple's policies. They don't allow developers to "derive data from devices for the purpose of uniquely identifying them."
Researchers also stated that Apple doesn't have to adhere to the policy in all cases. This allows Apple to increase its data collection. Apple does not allow tracking to be used for "obtaining information about a consumer's creditworthiness in order to make a credit determination."
A comparison of 1,685 apps published prior to and after App Tracking Transparency was implemented showed that the number of tracking library they used remained approximately the same. The most popular libraries, including Apple's SKAdNetwork and Google Firebase Analytics, didn't change. Nearly a quarter of the apps studied claimed they don't collect user data. However, the majority--80 per cent--had at least one tracker library.
The research revealed that apps that claimed not to collect user data had 1.8 tracking libraries and contacted 2.5 tracking firms. More than half of apps that used SKAdNetwork and Google Firebase Analytics failed to disclose access to user data. With a 47% failure rate, the Facebook SDK did slightly better.
Are trackers tamed now?
Access to permanent user identifiers via App Tracking Transparency is being reduced by Apple. This could significantly improve app privacy. Although some companies may try to replace the IDFA by statistical identifiers in the short-term, data brokers and smaller tracker companies may find it difficult to compete with the limited access to non-probabilistic, cross-app identifiers. Cohort tracking and fingerprinting may not be as competitive as privacy-preserving on-device solutions. Privacy preservation methods will likely be more concentrated with existing platform gatekeepers: there is already a shift in spending patterns for advertisers. Advertising to iOS users, who are among the most wealthy, will be advertisers main goal. As such, many advertisers will continue to rely on larger tech companies' advertising technologies to reach the right audience. Get in touch wih us and learn how to use your customer's data to your advantage.
GDPR Compliant Data Collection
Use GDPR compliant tools to collect user data. Stop worrying about legal implications of Google analytics and other similar tools.