Apple criticized for inaction over App Tracking Transparency workarounds

in iOS edited June 2021
Third-party apps are using workarounds to collect data on users opting out of tracking via iOS' App Tracking Transparency, critics claim, with many apps potentially collecting the same amount of data as they did before ATT was implemented.

Apple's introduction of App Tracking Transparency was supposed to be a way for users to get more control over how they were tracked online for marketing purposes. Despite efforts by Apple to force apps to give users the choice to opt out, research points to it being largely ineffective.

"Anyone opting out of tracking right now is basically having the same level of data collected as they were before," said marketing strategy consultant Eric Seufert to the Financial Times "Apple hasn't actually deterred the behavior that they have called out as being so reprehensible, so they are kind of complicit in it happening."

In one email seen by the report, a vendor told clients it was still able to collect data on more than 95% of iOS users, using data points such as IP addresses and other device and network details to fingerprint devices and users.

Companies have explored alternate ways to collect data that ATT basically stops, including one effort by a Chinese government-backed group. However, Apple has warned that apps that don't abide by its rules on tracking will suffer penalties down the line.

Yale Privacy Lab founder Sean O'Brien offers that Apple's marketing of privacy efforts without any proper enforcement is "extremely disingenuous." For example, while Apple bans device fingerprinting, it is said that the policy isn't being actively enforced.

O'Brien proposes that Apple risks legal action from users if it fails to live up to its marketing with action. Likening it to how Google was sued in 2018 for tracking user locations after being told not to, O'Brien offers "Apple may find this out the hard way."

In a statement, Apple said "We believe strongly that users should be asked for their permission before being tracked. Apps that are found to disregard the user's choice will be rejected."

Follow all of WWDC 2021 with comprehensive AppleInsider coverage of the week-long event from June 7 through June 11, including details on iOS 15, iPadOS 15, watchOS 8, macOS Monterey and more.

Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get the latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.


  • Reply 1 of 5
    crowleycrowley Posts: 10,358member
    Now sure how the writers expect Apple to prevent identification of users by IP address short of a VPN, which isn’t something anyone can provide for free at scale unless they indulge in data harvesting themselves.
  • Reply 2 of 5
    rcfarcfa Posts: 1,124member
    The biggest issue is apps requiring the mobile phone number to log in, verify accounts, etc. since the can attribute things with a specific phone number.

    Apple/the Industry needs to come up with disposable/scrambled phone numbers, that can be used like Apple’s e-Mail hiding scheme with sign-in-with-Apple.

    Otherwise data brokers will collect and aggregate user data based on phone numbers. And once SIM-jacking gets even more widespread, identity theft will become rampant.
    [Deleted User]skippingrockwatto_cobra
  • Reply 3 of 5
    lkrupplkrupp Posts: 10,022member
    "O'Brien proposes that Apple risks legal action from users if it fails to live up to its marketing with action.”

    Ya think? The lawyers are already sharpening their knives. Yet another example of no good deed going unpunished. Apple can’t win... ever.
  • Reply 4 of 5
    crowleycrowley Posts: 10,358member
    Heh, looks like I spoke too soon, iCloud+ is basically the iVPN.
  • Reply 5 of 5
    mknelsonmknelson Posts: 922member
    I wonder if the new privacy report would be of any use in this circumstance. "You can see all the third-party domains an app is contacting."

    The lawyers should start with all the companies that don't understand "no means no" under any circumstance.
Sign In or Register to comment.