What’s up with the Apple App Store’s privacy changes?


You may have noticed an influx of furniture ads on your Instagram feed after searching for a new chair for your Work at home setting up or promoting posts for a cafe you’ve never passed. The apps on your phone collect and share a lot of information, from your location to your browsing habits to your search history.

But for iPhone owners, that’s about to change significantly.

Apple announced in June 2020 that this spring it would start requiring iPhone, iPad, and tvOS apps to obtain consent to share people’s data with third parties such as data brokers and other apps.

This decision is a complete overhaul of privacy rights. Data collection has long operated on the premise that millions of people are willing to be followed, their movements and behaviors shared and sold, unless they explicitly say no. Privacy settings are typically turned off and often buried deep within an app’s settings. But soon, iPhone users will be invited to to opt for to have their data shared among advertisers, apps and data brokers.

Apple CEO Tim Cook explained the change in a Jan. 28 speech at the Computers, Privacy and Data Protection conference.

“Technology doesn’t need vast amounts of personal data, collated across dozens of websites and apps, to be successful. Advertising has existed and thrived for decades without it, ”Cook said. “If a business is built on deceptive users, on data mining, on choices that aren’t choices at all, then they don’t deserve our praise. It deserves reform. “

Some tech companies, namely those that rely on collecting personal data to sell ads to companies looking to reach specific demographics, are far from happy.

In Facebook’s fourth quarter and full year 2020 earnings report, the company predicted a blow to its ad targeting capabilities due to Apple’s privacy changes. And Google has warned app publishers that they “could see a significant impact” on their ad revenue after the rules take effect.

Facebook declined to comment for this story. Google declined to comment on Cook’s remarks.

The defenders of the rights to the private life, meanwhile, are rather satisfied.

“That’s actually a really good thing for most people,” said Pete Snyder, senior privacy researcher at Brave Software and co-chair of the W3C Privacy Interest Group. “The state of user privacy on iOS devices will be significantly better than today.”

While the upcoming changes are important, they don’t completely prevent you from being tracked, especially by bigger tech companies like Apple itself. Here’s a rundown of what to expect.

What will change with Apple’s new rules?

Currently, apps collect all kinds of information about you as you use them – that won’t change. What will change is the way this information is shared with third parties, such as data brokers and other technology companies.

Right now, the vast majority of apps you download, whether it’s on an Apple or Android device, follow you in much the same way, through a unique ID.

The Identifier for Advertisers, or IDFA, is a standard device ID created by Apple in 2012. Google has its own version for Android devices called Google Advertising ID, or GAID.

So if you look at photos of cats on one app and then check basketball scores on another, both apps will get your IDFA to share with advertisers and data brokers who tie your moves online for create a more complete profile of you.

And there are other ways to share the data you generate using an app. Apps can collect and share granular details of your actions through “in-app event” collections, like what you clicked and what you watched.

In the current deactivation model, you can clear your history by resetting your IDFA or limit tracking by setting your IDFA to all zeros. You can do this under Advertising in your privacy settings on your iOS device. A study by AppsFlyer, a mobile advertising company, found that only about 25% of people turned on this setting in 2020.

But it will become an opt-in model when Apple’s privacy change goes into effect.

Apple announces that its update will go into effect in early spring, with iOS 14.5. Once that happens, any app that collects data about you and shares it with other companies for cross-tracking and advertising purposes will need to get permission first.

Without this consent, apps will not be allowed to share the data they collect about you with other companies or data brokers for advertising purposes. Businesses can still share data for other purposes, such as fraud prevention or for analytical purposes.

The changes only apply to Apple devices – the Android App Store has not announced any similar changes.

And even for iPhone users, apps can still collect information about you under the new rules; they simply cannot share this information for advertising purposes.

Apple’s new policies also prohibit gimmicks for obtaining consent. An app won’t be able to block access to its features because you won’t let them track you or offer incentives to users who allow tracking. The prompt can only appear once. So you also can’t be spammed with requests.

Apps that do not display the prompt are not allowed to share your data with third parties and will not receive your IDFA.

The change could be huge.

AppsFlyer found that after several developers implemented Apple’s follow-up request prompt early, 99% of people decided not to give them permission. Some apps will likely decide to just stop sharing tracking information instead of implementing the prompt.

Serge Egelman, research director of the Usable Security and Privacy Group at the International Institute of Informatics, says most people don’t want to be tracked.

“The reason more people don’t pull out is that it’s very complicated,” Egelman said. “Since we know that most consumers don’t want to be tracked and don’t make informed decisions, it makes sense that you move to an opt-in model.”

So how can I always be followed after the changes?

Companies can still track you through their own services, but they can’t share this information with anyone without your permission. So even though Spotify, for example, cannot share data about your searches on its Facebook app without your consent, Facebook can still use the data you generate on its own services, including Instagram and Oculus, to create a image of who you are and what you like and use this profile to sell ads.

The more powerful the app’s innate data-tracking capabilities, the better likely it is to fare with these changes, says Johnny Ryan, a senior researcher at the Open Markets Institute specializing in privacy and antitrust laws.

A company like “Google can come in and say, ‘We’re going to put the whole market in us. Instead of having thousands of companies providing ad space, everyone should come to us, ”Ryan said.

In fact, Google has already said that it will no longer care about sharing data on Apple devices.

“We will no longer use information that is the responsibility of [App Tracking Transparency] for the handful of our iOS apps that currently use them for advertising purposes, ”said Matt Bryant, a spokesperson for Google Ads.

Google will have a plethora of data that it collects first-party to use for advertising purposes and will still be able to collect third-party data from apps people have opted in, Ryan said.

How will Apple apply its policy?

This is where things start to get tricky, according to experts.

Apple controls the IDFA tool, so the company should have the means to ensure that applications don’t use it without consent. But experts say it will be difficult for Apple to prevent apps from sharing data in any other way and fear the company will rely too much on the honor system.

“The developer of the app can say they’re not doing any tracking and then collect a bunch of different data points at the same time to uniquely identify that user over time,” Egelman said. “There really is no way for Apple or anyone else to automatically identify it unless they individually analyze this particular app and what it sends.”

While Apple has the capabilities to identify third-party trackers embedded in code during its app review process, tracking to ensure that proprietary data is not being shared without authorization can be difficult.

“If we learn that a developer is tracking users who request not to be tracked, we will require them to update their practices to respect your choice, or their app could be banned from the App Store,” Apple said. in a white paper on privacy. released in january.

Apple declined to comment on how it will enforce its new policies.

Sean O’Brien, senior researcher at ExpressVPN’s Digital Security Lab, said it would be important for Apple to establish a rigorous audit process to enforce their new policies.

“You need a combination of automated scans and manual review, and you need to try to have a slower review process before you accept apps into your store,” O’Brien said.

This article originally appeared on The Markup and has been republished under the Creative Commons Attribution-NonCommercial-NoDerivatives license.


Leave a Reply

Your email address will not be published. Required fields are marked *