or Connect
AppleInsider › Forums › General › General Discussion › Ad networks using new tracking methods to bypass iPhone security measures
New Posts  All Forums:Forum Nav:

Ad networks using new tracking methods to bypass iPhone security measures

post #1 of 38
Thread Starter 
Tightened security measures that ban user-tracking apps from Apple's App Store have forced ad networks to adopt alternative techniques in an escalating arms race between the booming cottage industry and consumer privacy advocates.

Sources from The Wall Street Journal say that ad networks are quickly finding workarounds as Apple attempts to limit user tracking amid privacy concerns voiced by both consumers and the U.S. government.

The mobile advertising industry, which was born when Apple launched the App Store alongside the iPhone 3G in 2008, relies on user data to effectively monetize ad space by tailoring advertisements to specific demographics. Without user tracking data, it is estimated that ad networks could lose millions of dollars in revenue each week. The mobile ad industry as a whole is expected to bring in $2.61 billion in 2012, according to eMarketer.

A vast majority of free apps depend on ad-supported revenue and ad servers contend that the money would dry up without user tracking.

"If there is no advertising the majority of apps would die," said Ouriel Ohayon, co-founder of mobile marketing company Appsfire. "It would wreck the whole industry."

Previously, unique device identifiers (UDIDs) were employed to track what apps were being used by iPhone and iPad owners, but a number of high-profile media reports raised the ire of consumers who felt their privacy was being violated. The issue was first broached in 2011, with concern reaching as high as the U.S. Senate, when it was revealed that iOS 4 regularly logged and stored location data in a local database file. Apple subsequently plugged the hole after clarifying that the information wasn't being used nefariously, though other the topic of user privacy cropped up again as other issues were unearthed in iOS 5.

A New York Times article in February exposed an authorization loophole that allowed an app to upload geo-tagged photos in the background, theoretically granting access to sensitive location data without a user's knowledge. In another case, social networking app "Path" came under fire for uploading the contents of an iDevice's address book to an offsite server.

Ad
Example of a mobile ad seen in the free Pandora iOS app.


The government re-entered the mix when Congress sent two letters to Apple CEO Tim Cook requesting a briefing on what the company was doing to remedy the perceived iOS privacy issues.

In response to the media outcry, Apple moved forward with plans to limit UDID access and began blanket rejections of apps that accessed the data. At the time, ad networks were said to be experimenting with MAC addresses and OpenUDID as substitutes for the UDID access ban.

Monday's report claims that ad providers are now using Open Device Identification Network (ODIN) as well as the aforementioned OpenUDID to bypass Apple's security measures, though it is unclear what workaround the networks will finally settle on to deliver the data they require.
post #2 of 38

Then these get banned from all apps in the App Store. Simple. There's no excuse for this unsolicited data mining. 

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #3 of 38

Apple needs to  implement an iOS-wide ad blocking system, similar to how ad blocking software for browsers work.
 

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply
post #4 of 38

"If there is no advertising the majority of apps would die"

 

Oh no!

 

Translation:

 

"If some advertising makes less money, some lower-quality apps would make less money too"

 

 

"ad networks could lose millions of dollars in revenue each week. The mobile ad industry as a whole is expected to bring in $2.61 billion in 2012"

 

Oh no!

 

Some napkin math:

 

If “millions” lost each week is true, and if it means, say, 5 million (quite alarmist!) and there are 52 weeks in the year, then the year’s haul would drop from $2.61 billion down to $2.35 billion.

 

I weep tears of pity for these ad companies. Let them secretly track us! The poor guys need that! Have a heart!


Edited by nagromme - 6/4/12 at 5:58pm
post #5 of 38

Not sure why Apple hasn't included their version of AddBlock Plus in Mobile Safair.

Pretty much the reason why I use OS X far more than iOS.

post #6 of 38
Steve Jobs at All Things D in 2010 stated that they were furious over Flurry subverting their security to data mine in apps so I can't imagine they will be happy with 3rd party developers bypassing their protection of users.


PS: I am probably too old to like Skrillex but I do anyway.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #7 of 38
Quote:
Originally Posted by Patranus View Post

Not sure why Apple hasn't included their version of AddBlock Plus in Mobile Safair.

Pretty much the reason why I use OS X far more than iOS.

Umm... Apple doesn't make any variant of Adblock.

post #8 of 38
Quote:
Originally Posted by Mike Barriault View Post
Umm... Apple doesn't make any variant of Adblock.

 

Doesn't mean they can't start.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #9 of 38
Quote:
Originally Posted by Patranus View Post

Not sure why Apple hasn't included their version of AddBlock Plus in Mobile Safair.

Pretty much the reason why I use OS X far more than iOS.

 

That's only half the issue. This is also about ads in the apps. 

 

Personally I have no issue with this idea so long as the apps have to be upfront about what they are collecting and that they are going to put some kind of ID on my device that tracks my actions in that app and any other app that uses the same style of ID. And then I have the power to say no way in hell to the tracking 'cookie' and they get nada info about me. Or even better put the block at the system level so even if someone gets cute and doesn't warn me it still can't be saved etc. Like Mac OS X and Safari and the 'do not accept cookies' preferences

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #10 of 38

Scumbags. 

 

For the record, this part is inaccurate:

Quote:
Originally Posted by AppleInsider View Post

Tightened security measures ... have forced ad networks to adopt alternative techniques ... 

 

It should read "... have prompted ad networks ...".  

 

There's nothing forcing them to do this at all, they just want to.  

 

Ditto the implication in the statement  "If there is no advertising the majority of apps would die," which is falsely equating the ban on UUID's with "no advertising."  

 

Advertising is a liars game though so what would anyone expect.  

post #11 of 38
Quote:
Originally Posted by Patranus View Post

Not sure why Apple hasn't included their version of AddBlock Plus in Mobile Safair.

Pretty much the reason why I use OS X far more than iOS.

 

Quote:
Originally Posted by Tallest Skil View Post

 

Doesn't mean they can't start.

 

This will never happen.  

Apple is not "against advertising" and most people aren't either.  

They just want the business conducted fairly without preying on their customers.  

post #12 of 38

Why isn't this kind of crap illegal? It is illegal for eavesdroppers to "bypass" your home security and tap your phone. How is unauthorized tracking any different? It's creepy and unacceptable, that's what it is.

post #13 of 38
Quote:
Originally Posted by Gazoobee View Post
Apple is not "against advertising" and most people aren't either.  

They just want the business conducted fairly without preying on their customers.  

 

True. But Apple also has Safari Reader, which loads articles across pages without loading ads, and the pop-up blocker, which is now no longer an option in Safari; it's just always on, always blocking. 

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #14 of 38

I imagine iOS 6.0 will come out with an enhanced security model to make attempts even more pointless.
 

post #15 of 38
Quote:
Originally Posted by Tallest Skil View Post

True. But Apple also has Safari Reader, which loads articles across pages without loading ads, and the pop-up blocker, which is now no longer an option in Safari; it's just always on, always blocking. 

The difference is that Popup Blocker isn't preventing a webpage from displaying ads it's preventing a very annoying ad from generating its own page and disrupting the user experience in doing the most general of tasks, and Reader can only be engaged after you've gone to the page so the ads are still loaded not completely bypassed.

Surely Apple is doing something to prevent ads from hijacking your browser in the former and filtering them in the later but they want it to be fair, as Gazoobee stated. Now what is fair and reasonable can certainly be argued.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #16 of 38

This is why I run the AdBlock plug-in on FireFox. You can't trust web page ads. Until the industry can police themselves there is no way to know what those flash ads will do. Will they install a trojan? Will they spy on you? Will they track your internet usage? Will they attempt to lock out your UI or create a close box that actually installs malware? Who knows? I just block them all and don't worry about it. Yes it deprives web sites of revenues. That's why they need to clean up their act and prove that they can be trusted. Getting rid of Flash entirely would be a good start.

post #17 of 38
Quote:
Originally Posted by GrangerFX View Post

This is why I run the AdBlock plug-in on FireFox. You can't trust web page ads. Until the industry can police themselves there is no way to know what those flash ads will do. Will they install a trojan? Will they spy on you? Will they track your internet usage? Will they attempt to lock out your UI or create a close box that actually installs malware? Who knows? I just block them all and don't worry about it. Yes it deprives web sites of revenues. That's why they need to clean up their act and prove that they can be trusted. Getting rid of Flash entirely would be a good start.

Does it also block analytics, which are the most deceptive method for tracking you online? In Safari on OS X I use the Ghostery extension to block such data mining.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #18 of 38
Quote:
Originally Posted by SolipsismX View Post
Does it also block analytics, which are the most deceptive method for tracking you online? In Safari on OS X I use the Ghostery extension to block such data mining.

 

I wonder if I'm being redundant, but I have AdBlock, Ghostery, Do Not Track Plus, Defacer, Get Off My Lawn, Shellfish, Facebook Disconnect, Twitter Disconnect, and GoogleClickTracker. 

 

Something is wrong when I have to do all this to stay private.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #19 of 38
Quote:
Originally Posted by Tallest Skil View Post

 

True. But Apple also has Safari Reader, which loads articles across pages without loading ads, and the pop-up blocker, which is now no longer an option in Safari; it's just always on, always blocking. 

 

True. 

post #20 of 38
Quote:
Originally Posted by Tallest Skil View Post

 

I wonder if I'm being redundant, but I have AdBlock, Ghostery, Do Not Track Plus, Defacer, Get Off My Lawn, Shellfish, Facebook Disconnect, Twitter Disconnect, and GoogleClickTracker. 

 

Something is wrong when I have to do all this to stay private.

 

I have most of that and I have Java turned off also (which is Why AppleInsider's new forum looks like a dog's breakfast and barely works).  

 

Really though if you have Ghostery, you probably don't need the Facebook and Twitter blockers. 

post #21 of 38
If you block ads for security reasons, your position is unassailable. And yes, you should block ads.

http://news.cnet.com/8301-27080_3-20000898-245.html
http://news.cnet.com/8301-27080_3-20040367-245.html

You should also banish Flash or at least sandbox it in a rarely used browser like iCab. I've moved the Flashplayer plug-ins from their default install folder of /Library/Internet\ Plug-Ins to /Applications/Internet/iCab.app/Contents/Plugins

Both Safari and Firefox can't find Flashplayer and think it's not on the system. Chrome has its own built-in Flash support, so I can use that browser if I need to view a site that requires Flash.

I use ad blocking extensions on both Firefox and Chrome.

My front-line defense is to run a DNS cache-poisoning script on my router that uses dnsmasq to prevent all devices on my LAN to connect to known ad sites.

http://www.linksysinfo.org/index.php?threads/addon-add-blocking.25663/

It may not be quite as comprehensive as a full-blown ad-blocker, but it works pretty well, even for my handheld devices.
post #22 of 38
Quote:
Originally Posted by Tallest Skil View Post

 

I wonder if I'm being redundant, but I have AdBlock, Ghostery, Do Not Track Plus, Defacer, Get Off My Lawn, Shellfish, Facebook Disconnect, Twitter Disconnect, and GoogleClickTracker. 

 

Something is wrong when I have to do all this to stay private.

 

You forgot a good old fashioned shotgun:

 

"Git orf mah privacy, boy."

 

Seriously, though, I'd like to thank Apple for being one of the few (only?) remaining companies that, as a rule, generally respects it's user's privacy.

post #23 of 38
Java != JavaScript
post #24 of 38

all this tracking crap has to be killed, dead. especially Google's. screw them ALL. greedy punks, so smug.

 

everything must be opt-in only.

post #25 of 38
It was my understanding that Apple told developers when the Apple UDID was no longer at their use, that developers would have to create their own style UDID. So THR open source UDID should not be an issue

Cheers !
Cheers !
Reply
Cheers !
Reply
post #26 of 38

The problem is that plenty of people (especially kids) demand free apps on iOS. The only way to support free apps is to include ads. 

 

I'm sure everyone here is willing to pay 99c for the ad-free version but some people can't or won't.

 

Even developers making premium apps find it useful to track their users. App developers want to know what phone you're using and what OS version it's running so that they can make their apps better. 

 

The bottom line is: no tracking = lower quality, more expensive apps.

post #27 of 38
Quote:
Originally Posted by Tallest Skil View Post

Then these get banned from all apps in the App Store. Simple. There's no excuse for this unsolicited data mining. 

 

 

Agree. But I would go farther. It's unconscionable the extent to which advertisers will go to get this data. For example, look at those who are dumping all over Microsoft for making no tracking a default option in IE (hard to imagine that MS is now the hero). Somehow, these companies believe they have a right to our privacy, and will look for any legal and technical loopholes to violate us.

post #28 of 38
Quote:
Originally Posted by RichL View Post

The problem is that plenty of people (especially kids) demand free apps on iOS. The only way to support free apps is to include ads. 

 

I'm sure everyone here is willing to pay 99c for the ad-free version but some people can't or won't.

 

Even developers making premium apps find it useful to track their users. App developers want to know what phone you're using and what OS version it's running so that they can make their apps better. 

 

The bottom line is: no tracking = lower quality, more expensive apps.

 

"Demand" free apps? I don't see any marchers in the streets yet. Sure, people enjoy free apps and will use them. But that's a far cry from demanding them.

post #29 of 38

Start off with some 127.0.0.1 entries in /etc/hosts and add Protect My Privacy (PMP).

 

http://www.protectmyprivacy.org/

post #30 of 38
Quote:
Originally Posted by Gazoobee View Post

 

I have most of that and I have Java turned off also (which is Why AppleInsider's new forum looks like a dog's breakfast and barely works).  

 

Really though if you have Ghostery, you probably don't need the Facebook and Twitter blockers. 

 

What does Java have to do with how this website looks?

post #31 of 38
Apple need to lock down location services so that you are prompted for a pass code to enable them. This way no app can sneekily access location data without user authentication.
post #32 of 38

A stupid article without any research on what OpenUUID or ODIN does.  

 

Also I don't understand the fuzz with the entitlement for getting premium content or applications for free.

post #33 of 38

C'mon appleinsider, does anyone actually proofread these posts because this one has a glaring mistake...

 

"Without user tracking data, it is estimated that ad networks could   " 

 

Could what exactly?

post #34 of 38
Quote:
Originally Posted by Tallest Skil View Post

Then these get banned from all apps in the App Store. Simple. There's no excuse for this unsolicited data mining. 

Isn't this one type of unapproved harvesting of user data that qualifies apps as malware? As far as the security companies are concerned it's called malware if it's an Android app doing so without notice to the user. I'm sure the same applies to an iOS app that does the same thing.  Perhaps calling a spade a spade might prompt Apple to put a little more effort in closing loopholes.

melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #35 of 38

Do you guys realize there are *5* trackers on this AppleInsider page we are currently reading?

 

(Well, those of you who use Ghostery may - but other users probably do not)

 

What we need is for Apple to _allow_ apps like Ghostery or AdBlock to run on iOS in some fashion.  Apple does not need to actually produce the apps themselves, only allow them to run.

 

And as a side note, another good one for folks - if you still want to use Flash - is BetterPrivacy.  It will delete any "super LSO" type tracking, at whatever schedule you set up.  Gets rid of flash tracking cookies and other things as well.

 

There is a side problem, however, that sites can track you simply by your system configuration.  Your system configuration is almost a unique fingerprint - even if you have every thing blocked.  http://panopticlick.eff.org/

post #36 of 38
Quote:
Originally Posted by irnchriz View Post

Apple need to lock down location services so that you are prompted for a pass code to enable them. This way no app can sneekily access location data without user authentication.

They do require the user to approve location services access on a per app basis. I think a lot of users have the Vista alert mentality and just say yes to everything because they think if they say no they will get pounded with annoying messages constantly.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #37 of 38
Quote:
Originally Posted by valkraider View Post

There is a side problem, however, that sites can track you simply by your system configuration.  Your system configuration is almost a unique fingerprint - even if you have every thing blocked.  http://panopticlick.eff.org/

That is pretty interesting but the results seem odd. My iPhone is unique 1 in 278,322.

 

I guess a lot of people must not upgrade their iOS version and also live in PDT time zone because everything else is default on my phone.

 

On my desktop I am more unique 1 in 2,226,635 because I have a 30" cinema

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #38 of 38

Supporting my argument that yes, malware exists in the Appstore going by the security companies' definitions. It's just seldom if ever called malware on Apple's platform unlike articles mentioning "malicious apps" using the same or similar undeclared permissions on Android offerings. 

http://www.appleinsider.com/articles/12/06/06/linkedin_app_under_scrutiny_for_transferring_ios_calendar_entries.html

 

It doesn't mean iOS is inherently insecure or that Apple's curation doesn't work. It's just a fact that if you have several hundred thousand applications available at least some of those will be doing things that Google/Apple isn't aware of. Policing appstores this large won't always be successful.

 

Calling apps malware on one platform but not the other seems disingenuous, and link-bait fodder from the security companies who plainly hope to push their software as a necessity. The more successful  they are at creating a perception of serious security issues the more they get themselves on user's devices.

 

BTW, Charlie Miller (that Charlie Miller) claims to be assisting Google with closing holes in their Bouncer app inspection efforts. 

http://blog.duosecurity.com/2012/06/dissecting-androids-bouncer/


Edited by Gatorguy - 6/6/12 at 5:19am
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Ad networks using new tracking methods to bypass iPhone security measures