Friday, December 17, 2021

Expectations When Opting Out of Tracking

Hartley Charlton (tweet):

“Loose” interpretations of Apple’s privacy policies allow apps such as Facebook and Snapchat to continue tracking users for targeted advertising even when they have asked to not be tracked, The Financial Times reports.


Apple has instructed developers that they “may not derive data from a device for the purpose of uniquely identifying it,” which developers have interpreted to mean that they can still observe “signals” and behaviors from groups of users instead, enabling these groups to be shown tailored ads anyway.

Apple has not explicitly endorsed these techniques, but they allow third parties to track and analyze groups of users regardless of whether or not they have given consent to user-level tracking. In addition, Apple reportedly continues to trust apps to collect user-level data such as IP address, location, language, device, and screen size, even though some of this information is passed onto advertisers.

Nick Heer:

Is this actually a “shift” in the way this policy is interpreted? The way Apple has defined tracking in relation to the App Tracking Transparency feature has remained fairly consistent — compare the current page against a snapshot from January. Apps cannot access the device’s advertising identifier if the user opts out and, while Apple warned developers creating unique device identifiers, it does not promise it can prevent the tracking of users, and especially not in aggregate.

It is concerning to me that Apple’s advertising and dialog box text may create the impression of a greater privacy effect than they may realistically achieve. Perhaps Apple’s definition of “tracking” does not align with public expectations[…]

Heather Kelly:

The app store’s “nutrition labels,” which launched at the end of last year in the App Store, say what different third-party apps are accessing. However, because much of the information is self-reported, our reporting found it was not always accurate. The App Privacy Report doesn’t have the same loopholes, but there are some things it still can’t tell us, like exactly what data is being collected or sent by these apps. For example, you might see that a dog-sitting app accessed your contacts but not know what it took (there are few limitations on what apps can pull from your contacts). Or you might notice that a plant-identification app contacted multiple outside domains, but not know what sort of data was sent to those addresses.


Comments RSS · Twitter

Leave a Comment