iPhone privacy is not protected as Apple says

Unsplash / Jenny Oberberg

Privacy has changed on the iPhone, but companies cheated on the solution

In 2021, Apple introduced a new privacy policy on its devices regarding the collection and tracking of data on the iPhone, iPad, and Apple TV, either when traversing information between apps or while using browsers. When iOS, iPadOS, and tvOS 14.5 versions were released, all apps using the feature were required to request user permission to maintain access.

Apple is rightly betting that the majority of the public will block tracking if given the option, to completely terrorize giants like Google and Meta (the latter has appealed to FUD), who rely on that data to make money. But a year after the feature came out, a study found that companies had learned to get around the problem.

search
(Warning, PDF) The publication on arXiv, the open access repository at Cornell University, was made by independent US specialists and researchers from the Department of Computer Science at Oxford University, UK. The group analyzed the behavior of 1,759 apps, how they handle data collection, tracking and referral between apps, and compared before and after the iOS, iPadOS and tvOS 14.5 update.

Apple’s privacy policy, officially called App Tracking Transparency, requires that apps that track user activity in other programs, or a website while using the browser on an iPhone, iPad, and/or Apple TV, are required to display a timely notification. Run first after installation (or on first run after OS upgrade to above versions), and ask the user if it allows compilation, or wants to block it.

If the device owner decides on the second option, then the application will be permanently prevented from tracking and collecting this data, allowing analysis of individual behavior and providing the user with customized products, services and promotions, and any accounts at the same time for a significant part of the revenue of major companies such as Meta and Google. In fact, the blow to Facebook cost Mark Zuckerberg hundreds of billions of dollars.

Of course, companies and developers affected by Apple’s new policy will not remain silent for long. Meta, for example, has implemented a new tool called Aggregate Event Measurement, where advertisers can access metrics from a large scale, with each domain (site) and application associated with up to 8 conversion points. It is a data visualization of the behavior of the general public, broadly and publicly, because it would not be possible to collect personal and individual information.

Or so he thought. Research by Oxford academics revealed that among the apps analyzed, there was no significant difference between data collected before and after Apple implemented the new rules. Essentially, stakeholders have learned to circumvent the rules, finding semantic flaws in the rules stipulated by Cupertino, which allow them to continue operating as normal, collecting and traversing information between applications.

All this without breaking the rules; Basically, methods that are not expressly prohibited and illegal under Apple’s privacy guidelines are technically allowed, no problem.

This does not mean that tracking transparency in applications does not work. It’s excellent at what it plans to do, and there’s no catch from Apple, because if a user decides that an app, browser, or game shouldn’t track data between apps, they’ll be prevented from doing so. The problem is that this relates only to the parameters specified by the privacy policy.

Small and mid-sized developers lack the resources that tech giants have to use to divert resources and manpower to find holes in Apple’s supposedly armored system, and take advantage of flaws in the rules to implement new ways to access, collect, and track user cross-reference information. Basically, these apps enter through the back door of the iPhone, which is open.

The survey shows results from tracking data across the top 15 libraries, top 15 accessed domains, and the usual suspects like Facebook/Meta and Google/Alphabet Inc. And Microsoft and Oracle either continue to collect data in the same way. They did before iOS 14.5, or ramped up their efforts, after they moved on to track more information.

The methods used include identifying the user through logins with specific accounts such as Google and Facebook, or tracking the use of a specific IP address and associating it with an individual. In one specific case, researchers found that Umeng, a subsidiary of the Alibaba Group, provided app identifiers in order to track users, which is a flagrant violation of Apple’s terms, but in this case, Apple has its reasons to fake it. I haven’t seen anything. Ars Technica sought, Apple and Alibaba did not comment.

Although the percentage of users who allow app tracking is increasing, because many prefer the convenience of services in return, with personalized results, over data security, those who choose to block activity do so believing that Apple has developed a really useful tool to protect your privacy.

However, what Apple doesn’t comment on is that the developers have found ways to get around the feature, and at least for now, the company isn’t interested in plugging those loopholes, giving a sense of false security to iGadgets owners, who believe they’re protecting their habits and data when they’re not. they do it.

the reviewer

KOLLNIG, K., SHUBA, A., KLEEK, MV et al.
bye tracking? Transparency effect of iOS apps tracking and privacy tags. arXiv (Cornell University), 13 pages, 7 Apr 2022. Available at
.

Leave a Comment