![]() ![]() The use of fingerprinting is in violation of Apple’s policies, and raises questions around to what extent the company is able to enforce its policies. #ITRACKING APP CODE#We even found a real-world example of Umeng, a subsidiary of the Chinese tech company Alibaba, using their server-side code to provide apps with a fingerprinting-derived cross-app identifier. A direct result of the ATT could therefore be that existing power imbalances in the digital tracking ecosystem get reinforced. Especially in combination with further user and device characteristics, which our data confirmed are still widely collected by tracking companies, it would be possible to analyse user behaviour across apps and websites (i.e. Google or Facebook sign-in, or email address). ![]() They can do this through a range of methods, including using IP addresses to link installation-specific IDs across apps and through the sign-in functionality provided by individual apps (e.g. Our findings suggest that tracking companies, especially larger ones with access to large troves of first party, still track users behind the scenes. Not only do the discrepancies underscore the limitations of ATT, but they also reinforce the power of what the researchers called “gatekeepers” and the opacity of data collection in general. The Facebook SDK fared slightly better with about a 47 percent failure rate. Of apps that used SKAdNetwork, Google Firebase Analytics, and Google Crashlytics, more than half failed to disclose having access to user data. On average, the research found, apps that claimed they didn’t collect user data nonetheless contained 1.8 tracking libraries and contacted 2.5 tracking companies. Almost a quarter of the studied apps claimed that they didn’t collect any user data, but the majority of them-80 percent-contained at least one tracker library. The most widely used libraries-including Apple’s SKAdNetwork, Google Firebase Analytics, and Google Crashlytics-didn’t change. Alibaba representatives didn’t immediately respond to an email seeking comment.īased on a comparison of 1,685 apps published before and after ATT went into effect, the number of tracking libraries they used remained roughly the same. ![]() Representatives from Apple declined to comment. They noted that Apple also exempts tracking for purposes of “obtaining information on a consumer’s creditworthiness for the specific purpose of making a credit determination.” The researchers also said that Apple isn't required to follow the policy in many cases, making it possible for Apple to further add to the stockpile of data it collects. “The sharing of device information for purposes of fingerprinting would be in violation of Apple's policies, which do not allow developers to ‘derive data from a device for the purpose of uniquely identifying it,’” the researchers wrote. The researchers also identified nine iOS apps that used server-side code to generate a mutual user identifier that a subsidiary of the Chinese tech company Alibaba can use for cross-app tracking. “Making the privacy properties of apps transparent through large-scale analysis remains a difficult target for independent researchers, and a key obstacle to meaningful, accountable and verifiable privacy protections.” Advertisement “Overall, our observations suggest that, while Apple’s changes make tracking individual users more difficult, they motivate a counter-movement, and reinforce existing market power of gatekeeper companies with access to large troves of first-party data,” the researchers wrote. The paper also warned that despite Apple’s promise for more transparency, ATT might give many users a false sense of security. Last week’s research paper said that while ATT in many ways works as intended, loopholes in the framework also provided the opportunity for companies, particularly large ones like Google and Facebook, to work around the protections and stockpile even more data. Loopholes, bypasses, and outright violations At the same time, Apple also started requiring app makers to provide “privacy nutrition labels” that declared the types of user and device data they collect and how that data is used. It asks: “Allow to track your activity across other companies’ apps and websites?” Without that consent, the app can’t access the so-called IDFA (Identifier for Advertisers), a unique identifier iOS or iPadOS assigns so they can track users across other installed apps. Further Reading How Apple’s new App Tracking Transparency policy worksAt the heart of ATT is the requirement that users must click an “allow” button that appears when an app is installed. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |