Apps Continuing to Track Users Despite Apple's Privacy Prompt

Apple is facing increasing pressure to tighten its App Tracking Transparency rules after it was found that third parties are using workarounds to identify users who do not consent to be tracked, according to the Financial Times.

Apple rules around App Tracking Transparency, which came into effect as part of iOS 14.5 and iPadOS 14.5, require apps to ask for consent to track users across websites and apps so that they can be targeted with advertising.

According to Eric Seufert, a marketing strategy consultant, many apps are using workaround methods to identify users who do not consent to being tracked, meaning that the amount of data being collected from many users is de facto unchanged.

"Anyone opting out of tracking right now is basically having the same level of data collected as they were before. Apple hasn't actually deterred the behavior that they have called out as being so reprehensible, so they are kind of complicit in it happening," Seufert explained.

According to an email seen by the Financial Times, one app vendor told its clients that it had managed to continue collecting data on over 95 percent of its iOS users, using device and network information such as IP addresses to determine user identities. This secretive technique, known as "fingerprinting," is banned by Apple, which insists that developers "may not derive data from a device for the purpose of uniquely identifying it."

Some adtech groups, used by thousands of developers, believe that looser "probabilistic" methods of user identification, which group users by behavior, are allowed under Apple's rules, since they rely on temporary, aggregated data rather than creating unique or permanent device IDs.

The situation regarding workarounds and Apple's lack of enforcement has created confusion around what Apple's rules actually allow. Apple told the Financial Times:

We believe strongly that users should be asked for their permission before being tracked. Apps that are found to disregard the user's choice will be rejected.

Apple declined to comment about whether it makes a distinction between fingerprinting and "probabilistic matching" under its rules.

Some industry observers think that the problem is severe enough that Apple is at risk of legal issues. Alex Austin, chief executive of Branch, a mobile marketing platform, said "It's becoming clear that iOS 14 was much more a marketing promotion than an actual privacy initiative, sadly."

Apple has suggested that third parties' ability to track users is blocked when users ask them to stop, but if this is not the case, Apple may be subject to litigation over marketing rhetoric and reality. Founder of the Yale Privacy Lab, Sean O'Brien, accused Apple of being "extremely disingenuous" in lauding its privacy measures without adequately enforcing them.

Apple may find this out the hard way, as Google has in the past, if the company is hit with lawsuits for misleading customers in regard to privacy. Just as it was discovered that Google's location history was never actually turned off in 2018, I think we will find that Apple still allows apps to peer into the windows of consumers' lives.

O'Brien highlighted a comparison with Google, which faced a number of lawsuits after it was discovered that it had been tracking the locations of its users even after they expressly told it not to.

Seufert believes that Apple is likely to provide clarity on the issue soon, which could coincide with its Worldwide Developers Conference, leading to a potential wave of app rejections during the review process later this month for those developers that use surreptitiously tracking techniques.