Apple tells Chinese apps not to bypass App Tracking Transparency
Apple is warning Chinese app developers and companies not to bypass its upcoming App Tracking Transparency privacy feature, according to a new report.
Credit: Apple
The ATT feature, which will require apps to obtain permission from users before tracking them, is slated to launch in the spring. But an earlier report indicated that Chinese app companies were already testing workarounds for the feature.
According to The Financial Times, Apple has sent warnings to at least two Chinese app companies that were testing methods to track users without their permission.
"We found that your app collects user and device information to create a unique identifier for the user's device," Apple's email said, before stating that the developers must comply or risk their apps being removed from the App Store
The Financial Times reports that at least one of those developers was using a tool called CAID, which was developed by the state-backed Chinese Advertising Association. Earlier in the week, the CAA said that its tool is not "in opposition" to App Store privacy policies.
The CAA also said it's developing new methods for collecting and tracking user data to create fingerprints. Apps that use the CAA's CAID identifier will collect user information and send them to a centralized server to create a new CAID identifier, which will then be used to track users across other apps and websites.
Major Chinese companies like Baidu, Tencent, and ByteDance are all reportedly testing CAID to continue tracking users. However, one Chinese marketing insider said that Apple's recent actions "will put a stop to these tests."
Some tech experts believe that Chinese app companies will continue to tailor their tracking methods in what has been likened to a "cat-and-mouse" game. For example, some developers may implement CAID tracking on their own servers rather than a user's device. That could allow Chinese app developers to make changes at the server level that are harder for Apple to detect.
ByteDance, the company that created TikTok, recommends that developers use its own SDK to issue two new user identifiers. One is based on a user's IP address, while the other on a device's unique IMEI number. Both of those tracking tags violate Apple's App Store rules, since the company requires developers to obtain permission before using "other IDs with a third-party advertising network."
As a backup plan, ByteDance is recommending that developers use "fingerprinting and probabilistic matching" to track users. That's also a violation of Apple's rules.
Apple, which declined to comment to The Financial Times, has maintained that apps that violate its policies will be rejected from the App Store.
Credit: Apple
The ATT feature, which will require apps to obtain permission from users before tracking them, is slated to launch in the spring. But an earlier report indicated that Chinese app companies were already testing workarounds for the feature.
According to The Financial Times, Apple has sent warnings to at least two Chinese app companies that were testing methods to track users without their permission.
"We found that your app collects user and device information to create a unique identifier for the user's device," Apple's email said, before stating that the developers must comply or risk their apps being removed from the App Store
The Financial Times reports that at least one of those developers was using a tool called CAID, which was developed by the state-backed Chinese Advertising Association. Earlier in the week, the CAA said that its tool is not "in opposition" to App Store privacy policies.
The CAA also said it's developing new methods for collecting and tracking user data to create fingerprints. Apps that use the CAA's CAID identifier will collect user information and send them to a centralized server to create a new CAID identifier, which will then be used to track users across other apps and websites.
Major Chinese companies like Baidu, Tencent, and ByteDance are all reportedly testing CAID to continue tracking users. However, one Chinese marketing insider said that Apple's recent actions "will put a stop to these tests."
Some tech experts believe that Chinese app companies will continue to tailor their tracking methods in what has been likened to a "cat-and-mouse" game. For example, some developers may implement CAID tracking on their own servers rather than a user's device. That could allow Chinese app developers to make changes at the server level that are harder for Apple to detect.
ByteDance, the company that created TikTok, recommends that developers use its own SDK to issue two new user identifiers. One is based on a user's IP address, while the other on a device's unique IMEI number. Both of those tracking tags violate Apple's App Store rules, since the company requires developers to obtain permission before using "other IDs with a third-party advertising network."
As a backup plan, ByteDance is recommending that developers use "fingerprinting and probabilistic matching" to track users. That's also a violation of Apple's rules.
Apple, which declined to comment to The Financial Times, has maintained that apps that violate its policies will be rejected from the App Store.
Comments
And if they think that higher level tracking might be used, add a little icon to the App store page to forewarn.
If they use some other method to track the user without permission Apple can kick them out of the store. I also imagine that in some countries people would be able to sue apps that don’t respect the rules, because apps will be expected to ask for permission and accept the user choice.
Of course there will be developers that will try to outsmart the system and hide things from Apple but most of the tracking is used for advertising and it will only be effective if an ad company implements it and makes it access public to other developers, which means it wouldn’t be that difficult for Apple to find out about it. There are, of course, other scenarios that are easier to camouflage but let us hope that Apple and others will keep vigilant.
Like I said, if apps use another method to track the user without permission Apple can kick them out of the store. It is not that difficult to find which apps use Facebook, Google, and other ad companies tracking software in a automated way... Don’t confuse this type of analysis with malware or fraud analysis. It is undeniable that Apple enforces a lot of store policies, even if it fails at some levels, so your argument doesn’t stick that well.
Apple can not use the term "Block app" because that would shift towards the operating system the responsibility of blocking every single possible way of tracking. The wording used makes the app developer responsible for complying with the user’s choice. It is not a mere "request", it’s the app that invokes the question and as such if the app deceives the user there could be legal consequences - pay attention to the fact that developers will have signed an agreement where it says that they are not allowed to track without user permission. At least Apple would be justified to block the app.
If Apple doesn't enforce the policy in a meaningful way it could also be held accountable for false advertising, etc. At the very least it would risk a lot of bad press.