Apple App Tracking Transparency failed in its core intention of protecting user privacy: Fingerprinting and probabilistic matching loopholes still available, claim experts

Apple App Tracking Transparency Fail
Apple App Tracking Transparency fail? Pic credit: Kārlis Dambrāns/Flickr/CC BY 2.0

The Apple App Tracking Transparency (ATT) platform might have failed in its core intention of protecting users from tracking across the web and apps. Third parties, including some AdTech companies, are actively exploiting seemingly loose policies to track users.

Some confidential emails from an app vendor strongly claim AdTech companies can still track users after ATT. In other words, targeted advertising can work even if users have denied tracking.

Can AdTech companies successfully bypass Apple App tracking Transparency?

Apple recently introduced App tracking Transparency or ATT through the iOS 14.5 update. The feature essentially requires app creators to seek permission from users to track them across apps, websites, and services.

There’s overwhelming evidence to prove that the majority of Apple iPhone users are denying permission to apps. In other words, AdTech companies could suffer severely. They heavily relied on Apple Advertising ID and tracking to serve targeted ads.

Strangely, many apps are using workaround methods to identify users who do not consent to be tracked, claims Eric Seufert, a marketing strategy consultant. This essentially means the amount of data that AdTech companies collect from many users remains largely unchanged.

“Anyone opting out of tracking right now is basically having the same level of data collected as they were before. Apple hasn’t actually deterred the behavior that they have called out as being so reprehensible, so they are kind of complicit in it happening”.

How can App developers circumvent Apple’s strict ATT policy and a system-level prompt?

An app vendor reportedly claimed to his clients that it had managed to continue collecting data on over 95 percent of its iOS users. The vendor added that it used device and network information such as IP addresses to determine user identities.

The app vendor could be using a technique called “fingerprinting”. Needless to mention, Apple has banned the same. The iPhone maker insists that developers “may not derive data from a device for the purpose of uniquely identifying it”.

It appears that several AdTech companies have now fallen back on looser “probabilistic” methods of user identification to serve targeted advertising. These methods aren’t as specific as the Apple Advertising ID, and hence, Apple doesn’t specifically ban them.

However, they rely on temporary, aggregated data rather than creating unique or permanent device IDs. What makes matters even more complex is that Apple reportedly declined to comment about whether it makes a distinction between fingerprinting and “probabilistic matching” under its rules.

Some experts even claim Apple’s ATT may have been more of an elaborate marketing ploy. The company’s claims to protect user privacy by granting them control over tracking would certainly boost the company’s appeal.

Interestingly, Google’s recently announced approach may be significantly better. The search giant indicated that Android smartphone users can prevent their Advertising ID from ever reaching advertisers.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x