The enforcement of App Tracking Transparency is not proving to be as effective at curbing data collection by apps as Apple had advertised, according to some experts. The new privacy framework was implemented with the arrival of iOS 14.5 update, allowing users to accept or deny an app’s request to trace their activity for serving them targeted ads. In fact, Apple made it mandatory for all apps to present standardized prompts asking users for their permission to allow tracking across other apps and websites.
App Tracking Transparency essentially covers every app that seeks to collect user data for tracking and for sharing with other companies. This can be used for showing personalized ads, sharing location data or email lists with advertising partners, or putting a third-party SDK in an app that enables targeted ad placement. At the center of all this is IDFA (Identifier for Advertisers), which essentially serves as a license plate for an iPhone or iPad. Any app that wants to link user data with the device identifier for tracking must first ask for the user's permission.
While many privacy watchdogs have welcomed the move, companies including Facebook have not been too happy with the changes. The social media giant initially protested against the privacy label for apps on the App Store and then launched a whole campaign against the ATT framework. Apple, on the other hand, is adamant that users must have a choice whether they want to be tracked and served targeted ads. However, experts have recently claimed that App Tracking Transparency is not as effective at controlling data collection by apps as previously thought. According to the Financial Times, marketing strategy consultant Eric Seufert explained the issue is so bad that, “Anyone opting out of tracking right now is basically having the same level of data collected as they were before."
Exploited Rules Are Bad News For Apple
Thousand of apps are able to collect data despite users not allowing app tracking, according to the report. The reason for this is third parties utilizing workarounds, such as collecting data including IP addresses to identify users. By using this 'fingerprinting' tactic, some advertisers are reportedly able to continue collecting data on more than 95-percent of their user base hooked to their iPhones and iPads. Moreover, there are also said to be some loopholes in Apple’s policy relating to the methods of collecting temporary data that can later be aggregated. This method groups the targeted user base by their behavior and then puts it all together later. A tactic commonly known as ‘probabilistic matching.’
Apple is against the ‘fingerprinting’ method described above, but the distinction between ‘fingerprinting’ and ‘probabilistic matching’ is vague. Experts note that Apple will have to provide clarity so that apps can accordingly devise a course of action, while workarounds that exploit the loopholes for collecting user data (after being denied by users) can be addressed. These findings are somewhat similar to the criticisms Apple has faced over its AirTag anti-stalking protections.
Apple might land in a legal pickle if the ground reality of its heavily advertised privacy push differs from what the company claims on paper. The Tim Cook-led company is already undergoing antitrust scrutiny for enforcing App Store rules that allegedly stifle the competition. The new findings, however, could be classified as misleading claims that jeopardize user privacy, possibly becoming the foundation of another lawsuit against the company. Apple has lately gone all-in on portraying its ecosystem as pro-privacy, and it would be nothing short of an embarrassment if those claims were found to be hollow. At the same time, iOS 15 is due to begin rolling out later in the year and will come with even more privacy-focused features, including a new 'App Privacy Report' that allows users to see exactly how often an app uses its granted permissions and any third-party domains the app is contacting.
Source: Financial Times