Apple tells Chinese apps not to bypass App Tracking Transparency

Posted:
in General Discussion
Apple is warning Chinese app developers and companies not to bypass its upcoming App Tracking Transparency privacy feature, according to a new report.

Credit: Apple
Credit: Apple


The ATT feature, which will require apps to obtain permission from users before tracking them, is slated to launch in the spring. But an earlier report indicated that Chinese app companies were already testing workarounds for the feature.

According to The Financial Times, Apple has sent warnings to at least two Chinese app companies that were testing methods to track users without their permission.

"We found that your app collects user and device information to create a unique identifier for the user's device," Apple's email said, before stating that the developers must comply or risk their apps being removed from the App Store

The Financial Times reports that at least one of those developers was using a tool called CAID, which was developed by the state-backed Chinese Advertising Association. Earlier in the week, the CAA said that its tool is not "in opposition" to App Store privacy policies.

The CAA also said it's developing new methods for collecting and tracking user data to create fingerprints. Apps that use the CAA's CAID identifier will collect user information and send them to a centralized server to create a new CAID identifier, which will then be used to track users across other apps and websites.

Major Chinese companies like Baidu, Tencent, and ByteDance are all reportedly testing CAID to continue tracking users. However, one Chinese marketing insider said that Apple's recent actions "will put a stop to these tests."

Some tech experts believe that Chinese app companies will continue to tailor their tracking methods in what has been likened to a "cat-and-mouse" game. For example, some developers may implement CAID tracking on their own servers rather than a user's device. That could allow Chinese app developers to make changes at the server level that are harder for Apple to detect.

ByteDance, the company that created TikTok, recommends that developers use its own SDK to issue two new user identifiers. One is based on a user's IP address, while the other on a device's unique IMEI number. Both of those tracking tags violate Apple's App Store rules, since the company requires developers to obtain permission before using "other IDs with a third-party advertising network."

As a backup plan, ByteDance is recommending that developers use "fingerprinting and probabilistic matching" to track users. That's also a violation of Apple's rules.

Apple, which declined to comment to The Financial Times, has maintained that apps that violate its policies will be rejected from the App Store.

Comments

  • Reply 1 of 13
    lkrupplkrupp Posts: 8,999member
    Yeah, and what will Apple do if they don’t? Face it, Apple is China’s bitch.
    muthuk_vanalingam
  • Reply 2 of 13
    Good!  Toss them.
    And if they think that higher level tracking might be used, add a little icon to the App store page to forewarn.
    pulseimageswatto_cobra
  • Reply 3 of 13
    mike54mike54 Posts: 420member
    But can't any app developer say no to a users request to not track?
    And by mentioning China, do they automatically infer that no other app developer or corporation from any other country is working on bypassing Apple's 'ask not to track'  feature?
    watto_cobra
  • Reply 4 of 13
    sflocalsflocal Posts: 5,515member
    lkrupp said:
    Yeah, and what will Apple do if they don’t? Face it, Apple is China’s bitch.
    "Apple's email said, before stating that the developers must comply or risk their apps being removed from the App Store"
    I think Apple has made it clear what it will do.

    What I'm curious about is what "Chinese Developers" mean in terms of market.  I can easily see Apple booting off Chinese apps sold outside of China, but will the Great CCP chime in and order Apple to disable ATT in China?  I can easily see the CCP wanting this ability, not that it doesn't already have this ability on some higher level.
    watto_cobra
  • Reply 5 of 13
    ppietrappietra Posts: 247member
    I don’t understand how is it possible for apps to see the device IMEI! I thought access was blocked
    Dogpersonwatto_cobra
  • Reply 6 of 13
    crowleycrowley Posts: 7,630member
    mike54 said:
    But can't any app developer say no to a users request to not track?
    And by mentioning China, do they automatically infer that no other app developer or corporation from any other country is working on bypassing Apple's 'ask not to track'  feature?
    Apple can't stop developers trying to bypass privacy protections.  But if developers are found to have wilfully broken the App Store's privacy rules then they can be booted with no recourse.
    watto_cobra
  • Reply 7 of 13
    ivanhivanh Posts: 557member
    Is Apple reminding Chinese apps that they can bypass PTT?
  • Reply 8 of 13
    Developers are under NO obligation to not track.  Users can only "request" not to track, and not actually block tracking. Otherwise the alert would have said "Do not track me", which the feature doesn't actually enforce.   Apple wants to come across as all high and mighty, but in the end, the feature does nothing other than bring awareness to the user that they ARE being tracked.
    edited March 18
  • Reply 9 of 13
    ppietrappietra Posts: 247member
    ralphie said:
    Developers are under NO obligation to not track.  Users can only "request" not to track, and not actually block tracking. Otherwise the alert would have said "Do not track me", which the feature doesn't actually enforce.   Apple wants to come across as all high and mighty, but in the end, the feature does nothing other than bring awareness to the user that they ARE being tracked.
    Apple AppStore rules demand that apps need to ask for permission in order to track between applications from different developers, so they are definitely obliged to follow that rule. Not asking means that they do not have access to the device ad identifier, they loose access to the current method of tracking.
    If they use some other method to track the user without permission Apple can kick them out of the store. I also imagine that in some countries people would be able to sue apps that don’t respect the rules, because apps will be expected to ask for permission and accept the user choice.
    Of course there will be developers that will try to outsmart the system and hide things from Apple but most of the tracking is used for advertising and it will only be effective if an ad company implements it and makes it access public to other developers, which means it wouldn’t be that difficult for Apple to find out about it. There are, of course, other scenarios that are easier to camouflage but let us hope that Apple and others will keep vigilant.
    pulseimageswatto_cobra
  • Reply 10 of 13
    ralphieralphie Posts: 67member
    ppietra said:
    ralphie said:
    Developers are under NO obligation to not track.  Users can only "request" not to track, and not actually block tracking. Otherwise the alert would have said "Do not track me", which the feature doesn't actually enforce.   Apple wants to come across as all high and mighty, but in the end, the feature does nothing other than bring awareness to the user that they ARE being tracked.
    Apple AppStore rules demand that apps need to ask for permission in order to track between applications from different developers, so they are definitely obliged to follow that rule. Not asking means that they do not have access to the device ad identifier, they loose access to the current method of tracking.
    If they use some other method to track the user without permission Apple can kick them out of the store. I also imagine that in some countries people would be able to sue apps that don’t respect the rules, because apps will be expected to ask for permission and accept the user choice.
    Of course there will be developers that will try to outsmart the system and hide things from Apple but most of the tracking is used for advertising and it will only be effective if an ad company implements it and makes it access public to other developers, which means it wouldn’t be that difficult for Apple to find out about it. There are, of course, other scenarios that are easier to camouflage but let us hope that Apple and others will keep vigilant.
    That is not how it works.  Otherwise Apple would word the alert differently.. "Ask app not to track me" is NOT the same as "Block app from tracking me."  Its a "request" nothing more.  Plus we all know how good Apple is of vetting and enforcing EVERY app LOL.  Apple could EASILY build iOS from cross app cookie and ID sharing one-click, system-wide, but they chose not to. 
    edited March 18
  • Reply 11 of 13
    ppietrappietra Posts: 247member
    ralphie said:
    ppietra said:
    ralphie said:
    Developers are under NO obligation to not track.  Users can only "request" not to track, and not actually block tracking. Otherwise the alert would have said "Do not track me", which the feature doesn't actually enforce.   Apple wants to come across as all high and mighty, but in the end, the feature does nothing other than bring awareness to the user that they ARE being tracked.
    Apple AppStore rules demand that apps need to ask for permission in order to track between applications from different developers, so they are definitely obliged to follow that rule. Not asking means that they do not have access to the device ad identifier, they loose access to the current method of tracking.
    If they use some other method to track the user without permission Apple can kick them out of the store. I also imagine that in some countries people would be able to sue apps that don’t respect the rules, because apps will be expected to ask for permission and accept the user choice.
    Of course there will be developers that will try to outsmart the system and hide things from Apple but most of the tracking is used for advertising and it will only be effective if an ad company implements it and makes it access public to other developers, which means it wouldn’t be that difficult for Apple to find out about it. There are, of course, other scenarios that are easier to camouflage but let us hope that Apple and others will keep vigilant.
    That is not how it works.  Otherwise Apple would word the alert differently.. "Ask app not to track me" is NOT the same as "Block app from tracking me."  Its a "request" nothing more.  Plus we all know how good Apple is of vetting and enforcing EVERY app LOL.  Apple could EASILY build iOS from cross app cookie and ID sharing one-click, system-wide, but they chose not to. 
    Read carefully what I wrote. It works exactly like that. Right now apps use an identifier generated by the device. Once the new policy is implemented this identifier will be blocked unless the app gains permission.
    Like I said, if apps use another method to track the user without permission Apple can kick them out of the store. It is not that difficult to find which apps use Facebook, Google, and other ad companies tracking software in a automated way... Don’t confuse this type of analysis with malware or fraud analysis. It is undeniable that Apple enforces a lot of store policies, even if it fails at some levels, so your argument doesn’t stick that well.
    Apple can not use the term "Block app" because that would shift towards the operating system the responsibility of blocking every single possible way of tracking. The wording used makes the app developer responsible for complying with the user’s choice. It is not a mere "request", it’s the app that invokes the question and as such if the app deceives the user there could be legal consequences - pay attention to the fact that developers will have signed an agreement where it says that they are not allowed to track without user permission. At least Apple would be justified to block the app.
    If Apple doesn't enforce the policy in a meaningful way it could also be held accountable for false advertising, etc. At the very least it would risk a lot of bad press.
    edited March 19 muthuk_vanalingamwatto_cobra
  • Reply 12 of 13
    Cue China criminalizing App Tracking Transparency.
    watto_cobra
  • Reply 13 of 13
    My guess is that Facebook already has a way of bypassing the checks that Apple might make. How else can you explain the sudden about-face by Facebook?

    I hope that Apple catches them and kicks every bit of FB owned software off the AppStore and makes the reasons why very public.
    [not a FB or Instagram user. Never have been, never will be]
    watto_cobra
Sign In or Register to comment.