Ad networks using new tracking methods to bypass iPhone security measures

Posted:
in General Discussion edited January 2014
Tightened security measures that ban user-tracking apps from Apple's App Store have forced ad networks to adopt alternative techniques in an escalating arms race between the booming cottage industry and consumer privacy advocates.

Sources from The Wall Street Journal say that ad networks are quickly finding workarounds as Apple attempts to limit user tracking amid privacy concerns voiced by both consumers and the U.S. government.

The mobile advertising industry, which was born when Apple launched the App Store alongside the iPhone 3G in 2008, relies on user data to effectively monetize ad space by tailoring advertisements to specific demographics. Without user tracking data, it is estimated that ad networks could lose millions of dollars in revenue each week. The mobile ad industry as a whole is expected to bring in $2.61 billion in 2012, according to eMarketer.

A vast majority of free apps depend on ad-supported revenue and ad servers contend that the money would dry up without user tracking.

"If there is no advertising the majority of apps would die," said Ouriel Ohayon, co-founder of mobile marketing company Appsfire. "It would wreck the whole industry."

Previously, unique device identifiers (UDIDs) were employed to track what apps were being used by iPhone and iPad owners, but a number of high-profile media reports raised the ire of consumers who felt their privacy was being violated. The issue was first broached in 2011, with concern reaching as high as the U.S. Senate, when it was revealed that iOS 4 regularly logged and stored location data in a local database file. Apple subsequently plugged the hole after clarifying that the information wasn't being used nefariously, though other the topic of user privacy cropped up again as other issues were unearthed in iOS 5.

A New York Times article in February exposed an authorization loophole that allowed an app to upload geo-tagged photos in the background, theoretically granting access to sensitive location data without a user's knowledge. In another case, social networking app "Path" came under fire for uploading the contents of an iDevice's address book to an offsite server.

Ad
Example of a mobile ad seen in the free Pandora iOS app.


The government re-entered the mix when Congress sent two letters to Apple CEO Tim Cook requesting a briefing on what the company was doing to remedy the perceived iOS privacy issues.

In response to the media outcry, Apple moved forward with plans to limit UDID access and began blanket rejections of apps that accessed the data. At the time, ad networks were said to be experimenting with MAC addresses and OpenUDID as substitutes for the UDID access ban.

Monday's report claims that ad providers are now using Open Device Identification Network (ODIN) as well as the aforementioned OpenUDID to bypass Apple's security measures, though it is unclear what workaround the networks will finally settle on to deliver the data they require.
«1

Comments

  • Reply 1 of 37
    tallest skiltallest skil Posts: 43,399member


    Then these get banned from all apps in the App Store. Simple. There's no excuse for this unsolicited data mining. 

  • Reply 2 of 37
    john.bjohn.b Posts: 2,717member


    Apple needs to  implement an iOS-wide ad blocking system, similar to how ad blocking software for browsers work.

     

  • Reply 3 of 37
    nagrommenagromme Posts: 2,834member


    "If there is no advertising the majority of apps would die"


     


    Oh no!


     


    Translation:


     


    "If some advertising makes less money, some lower-quality apps would make less money too"


     


     


    "ad networks could lose millions of dollars in revenue each week. The mobile ad industry as a whole is expected to bring in $2.61 billion in 2012"


     


    Oh no!


     


    Some napkin math:


     


    If “millions” lost each week is true, and if it means, say, 5 million (quite alarmist!) and there are 52 weeks in the year, then the year’s haul would drop from $2.61 billion down to $2.35 billion.


     


    I weep tears of pity for these ad companies. Let them secretly track us! The poor guys need that! Have a heart!

  • Reply 4 of 37
    patranuspatranus Posts: 366member


    Not sure why Apple hasn't included their version of AddBlock Plus in Mobile Safair.


    Pretty much the reason why I use OS X far more than iOS.

  • Reply 5 of 37
    solipsismxsolipsismx Posts: 19,566member
    Steve Jobs at All Things D in 2010 stated that they were furious over Flurry subverting their security to data mine in apps so I can't imagine they will be happy with 3rd party developers bypassing their protection of users.


    PS: I am probably too old to like Skrillex but I do anyway.
  • Reply 6 of 37

    Quote:

    Originally Posted by Patranus View Post


    Not sure why Apple hasn't included their version of AddBlock Plus in Mobile Safair.


    Pretty much the reason why I use OS X far more than iOS.



    Umm... Apple doesn't make any variant of Adblock.

  • Reply 7 of 37
    tallest skiltallest skil Posts: 43,399member

    Quote:

    Originally Posted by Mike Barriault View Post

    Umm... Apple doesn't make any variant of Adblock.


     


    Doesn't mean they can't start.

  • Reply 8 of 37
    charlitunacharlituna Posts: 7,205member

    Quote:

    Originally Posted by Patranus View Post


    Not sure why Apple hasn't included their version of AddBlock Plus in Mobile Safair.


    Pretty much the reason why I use OS X far more than iOS.



     


    That's only half the issue. This is also about ads in the apps. 


     


    Personally I have no issue with this idea so long as the apps have to be upfront about what they are collecting and that they are going to put some kind of ID on my device that tracks my actions in that app and any other app that uses the same style of ID. And then I have the power to say no way in hell to the tracking 'cookie' and they get nada info about me. Or even better put the block at the system level so even if someone gets cute and doesn't warn me it still can't be saved etc. Like Mac OS X and Safari and the 'do not accept cookies' preferences

  • Reply 9 of 37
    gazoobeegazoobee Posts: 3,754member


    Scumbags. 


     


    For the record, this part is inaccurate:


    Quote:

    Originally Posted by AppleInsider View Post



    Tightened security measures ... have forced ad networks to adopt alternative techniques ... 


     


    It should read "... have prompted ad networks ...".  


     


    There's nothing forcing them to do this at all, they just want to.  


     


    Ditto the implication in the statement  "If there is no advertising the majority of apps would die," which is falsely equating the ban on UUID's with "no advertising."  


     


    Advertising is a liars game though so what would anyone expect.  

  • Reply 10 of 37
    gazoobeegazoobee Posts: 3,754member

    Quote:

    Originally Posted by Patranus View Post


    Not sure why Apple hasn't included their version of AddBlock Plus in Mobile Safair.


    Pretty much the reason why I use OS X far more than iOS.



     


    Quote:

    Originally Posted by Tallest Skil View Post


     


    Doesn't mean they can't start.



     


    This will never happen.  


    Apple is not "against advertising" and most people aren't either.  


    They just want the business conducted fairly without preying on their customers.  

  • Reply 11 of 37
    alanskyalansky Posts: 235member


    Why isn't this kind of crap illegal? It is illegal for eavesdroppers to "bypass" your home security and tap your phone. How is unauthorized tracking any different? It's creepy and unacceptable, that's what it is.

  • Reply 12 of 37
    tallest skiltallest skil Posts: 43,399member

    Quote:

    Originally Posted by Gazoobee View Post

    Apple is not "against advertising" and most people aren't either.  


    They just want the business conducted fairly without preying on their customers.  



     


    True. But Apple also has Safari Reader, which loads articles across pages without loading ads, and the pop-up blocker, which is now no longer an option in Safari; it's just always on, always blocking. 

  • Reply 13 of 37
    mdriftmeyermdriftmeyer Posts: 7,230member


    I imagine iOS 6.0 will come out with an enhanced security model to make attempts even more pointless.

     

  • Reply 14 of 37
    solipsismxsolipsismx Posts: 19,566member
    True. But Apple also has Safari Reader, which loads articles across pages without loading ads, and the pop-up blocker, which is now no longer an option in Safari; it's just always on, always blocking. 

    The difference is that Popup Blocker isn't preventing a webpage from displaying ads it's preventing a very annoying ad from generating its own page and disrupting the user experience in doing the most general of tasks, and Reader can only be engaged after you've gone to the page so the ads are still loaded not completely bypassed.

    Surely Apple is doing something to prevent ads from hijacking your browser in the former and filtering them in the later but they want it to be fair, as Gazoobee stated. Now what is fair and reasonable can certainly be argued.
  • Reply 15 of 37


    This is why I run the AdBlock plug-in on FireFox. You can't trust web page ads. Until the industry can police themselves there is no way to know what those flash ads will do. Will they install a trojan? Will they spy on you? Will they track your internet usage? Will they attempt to lock out your UI or create a close box that actually installs malware? Who knows? I just block them all and don't worry about it. Yes it deprives web sites of revenues. That's why they need to clean up their act and prove that they can be trusted. Getting rid of Flash entirely would be a good start.

  • Reply 16 of 37
    solipsismxsolipsismx Posts: 19,566member
    GrangerFX wrote: »
    This is why I run the AdBlock plug-in on FireFox. You can't trust web page ads. Until the industry can police themselves there is no way to know what those flash ads will do. Will they install a trojan? Will they spy on you? Will they track your internet usage? Will they attempt to lock out your UI or create a close box that actually installs malware? Who knows? I just block them all and don't worry about it. Yes it deprives web sites of revenues. That's why they need to clean up their act and prove that they can be trusted. Getting rid of Flash entirely would be a good start.

    Does it also block analytics, which are the most deceptive method for tracking you online? In Safari on OS X I use the Ghostery extension to block such data mining.
  • Reply 17 of 37
    tallest skiltallest skil Posts: 43,399member

    Quote:

    Originally Posted by SolipsismX View Post

    Does it also block analytics, which are the most deceptive method for tracking you online? In Safari on OS X I use the Ghostery extension to block such data mining.


     


    I wonder if I'm being redundant, but I have AdBlock, Ghostery, Do Not Track Plus, Defacer, Get Off My Lawn, Shellfish, Facebook Disconnect, Twitter Disconnect, and GoogleClickTracker. 


     


    Something is wrong when I have to do all this to stay private.

  • Reply 18 of 37
    gazoobeegazoobee Posts: 3,754member

    Quote:

    Originally Posted by Tallest Skil View Post


     


    True. But Apple also has Safari Reader, which loads articles across pages without loading ads, and the pop-up blocker, which is now no longer an option in Safari; it's just always on, always blocking. 



     


    True. 

  • Reply 19 of 37
    gazoobeegazoobee Posts: 3,754member

    Quote:

    Originally Posted by Tallest Skil View Post


     


    I wonder if I'm being redundant, but I have AdBlock, Ghostery, Do Not Track Plus, Defacer, Get Off My Lawn, Shellfish, Facebook Disconnect, Twitter Disconnect, and GoogleClickTracker. 


     


    Something is wrong when I have to do all this to stay private.



     


    I have most of that and I have Java turned off also (which is Why AppleInsider's new forum looks like a dog's breakfast and barely works).  


     


    Really though if you have Ghostery, you probably don't need the Facebook and Twitter blockers. 

  • Reply 20 of 37
    cvaldes1831cvaldes1831 Posts: 1,832member
    If you block ads for security reasons, your position is unassailable. And yes, you should block ads.

    http://news.cnet.com/8301-27080_3-20000898-245.html
    http://news.cnet.com/8301-27080_3-20040367-245.html

    You should also banish Flash or at least sandbox it in a rarely used browser like iCab. I've moved the Flashplayer plug-ins from their default install folder of /Library/Internet\ Plug-Ins to /Applications/Internet/iCab.app/Contents/Plugins

    Both Safari and Firefox can't find Flashplayer and think it's not on the system. Chrome has its own built-in Flash support, so I can use that browser if I need to view a site that requires Flash.

    I use ad blocking extensions on both Firefox and Chrome.

    My front-line defense is to run a DNS cache-poisoning script on my router that uses dnsmasq to prevent all devices on my LAN to connect to known ad sites.

    http://www.linksysinfo.org/index.php?threads/addon-add-blocking.25663/

    It may not be quite as comprehensive as a full-blown ad-blocker, but it works pretty well, even for my handheld devices.
Sign In or Register to comment.