TikTok and other apps might have a way to bypass Apple’s strict App Tracking Transparency feature that's coming to the iPhone and iPad soon. The effort to bypass the new privacy feature is likely not limited to a particular country, since most apps that are based on advertising revenue will need to rethink their view counting and data tracking systems. When App Tracking Transparency takes effect, an app will be required to ask the user for permission before tracking them.

Apple has placed a strong focus on user privacy for some time now, but accelerated its implementation of stricter privacy policies just recently. Initially placing limits on web tracking in its Safari browser and more recently forcing new and updated apps to share what type of information it collects about user activity. Apple calls these disclosures Privacy Labels and they appear for each app in the iOS, iPadOS and macOS App Stores. Just before that requirement landed, Facebook placed full-page ads complaining that this and upcoming Apple privacy requirements would hurt small businesses. Few found the argument convincing, however.

Related: Can Apple & Facebook's Privacy Dispute Be Resolved? If So, How?

According to a recent report by the Financial Times, the developer of TikTok, ByteDance, made reference to a CAID, which can be used if the normal Apple tracking mechanism, the IDFA (Identifier For Advertisers) is unavailable. CAID appears to be an acronym, but the full-version was not given. The IDFA is available to all apps currently, but Apple requires disclosure in Privacy Labels if an app uses this unique device identifier. Combining the IDFA with other data collected about the user is a way to build a profile and track movement among apps and websites, noting the user’s preferences. This allows advertisers to target particular demographics with their advertising. In the near future, the availability of the IDFA will depend on whether the user consents to be tracked. Apple calls this privacy feature App Tracking Transparency and indicated it would roll out to the general public in early spring, meaning it could arrive any day.

How Does CAID Work?

Apple Privacy Request For Facebook

An iPhone app potentially has quite a bit of information available, depending on what is shown in its Privacy Label. Virtually every piece of user information contained in the phone can be accessed, except for passwords, bank and credit card details, and data from other apps. In some cases, iOS asks the user to grant access at the time the app requests information, such as user contacts, and these permissions can be revoked within the Settings app, but it is still important to check an app's Privacy Labels to make sure the access requested makes sense. What advertisers are hoping for is some unique way to identify a user across multiple apps and websites, so behavior can be tracked and advertising can be targeted to particular groups. These can get quite precise, including interests, types of device used for browsing, age, gender, geographic location, et cetera. IDFA ties that information to a device, which usually means an individual or a household.

CAID was not explained, but would have to use another method of identifying the device or the user to serve as a replacement for IDFA. Apple will continue to allow apps to identify which type of device is being used and this could be combined with other accessible user information to build a profile that may not be as unique as the particular device identifier, but could still have value to advertisers. Apple stated that attempts to bypass its App Tracking Transparency, even if not using the IDFA, would still be grounds for suspension of an app, so doing so could be risky. However, there are other ways of tracking a user without resorting to such elaborate methods. Simply asking for an email address would allow a unique identity to be collected. This would connect the activity to anywhere that same email address was used, but wouldn’t be as invasive as the IDFA, which is currently available for tracking without a specific request from the user. When the user knowingly provides information to an app, Apple has no complaint. Since CAID is an alternative to the established IDFA, it seems to imply this will be an attempt by apps, possibly including TikTok, to bypass Apple's privacy restrictions.

Next: App Store Privacy Labels: How To Check What Data An iPhone App Collects

Source: Financial Times