Europe vs. App Tracking Transparency

>> Apple does LOTS of telemetry and tracking in their apps. They just believe that it’s okay because they are trustworthy because they said so.<<

I'm sure you have the option to opt in or out of sharing telemetry with Apple when you first set up a device.

That's system-wide crash reporting and usage data; it doesn't pertain to app usage metrics and personalisation in the news and storefront apps. For that you have to turn off Apple ad personalisation, turn off personalisation/recommendation within each app, and throw away your identifier from time to time in each app's settings. It's a sham claim to care about your privacy, and it's the main reason I don't use Apple News or Podcasts.

@Niall Please see the linked posts. Even if you opt out of everything in all the buried settings, it still sends telemetry and links it to your account. 20+ class action lawsuits about this.

And even if you can opt-out fully (which you can't), it is still not compliant with the App Tracking Transparency, where an app is supposed to present a Scary™ alert to the user, explicitly asking for tracking, whereas Apple's tracking is enabled by default, and you have to dig in settings to find all the cases where you can turn off.

I don't understand why Apple uniquely has so many people will to do mental gymnastics to excuse anything that company does (aka "fanboys"). This is, and always has been, largely an Apple exclusive phenomenon.

@niall When Apple first added the Fitness+ service to all their devices, there was a splash warning screen that said “hey if you continue, we will track what workouts you look at, even if you don’t do those”. The only way to avoid the tracking was to never open that tab. On paper, you could say they gave you an option, but an option of “never look at this or we track everything you look at” is no option at all, and exactly the sort of thing that ATT is supposed to prevent.

Some of those links seem semantics - obviously if you use Apple News or fitness there's going to be a need to track a person's use of the apps in order to offer personalised features within the apps.

And yeah there are a lot of cases being brought - there's a potential metric tonne of money to be made by lawyers and bureaucrats.

@Niall The Apple News issue was about sending data to a third-party tracking company for ad purposes, not news personalization. Most of the lawsuits are about the App Store, which has no such personalization. They talk a good game about differential privacy but then record everything you type down to the millisecond and associate it with your Apple ID, even if you turn off analytics. They track all the apps you launch on your Mac, promised to add a switch to opt out of that, and then reneged.

Didn't Tahoe stop pinging Apple servers for "security" on app launches if they are sealed and signed? I assumed they stopped due to this heat.

@Léo I hadn’t heard that. It doesn't make sense to me “if they are sealed and signed” because I thought the point of phoning home to Apple was to make sure the signing certificate was still valid. Does it now download a list of revoked certificates asynchronously?

This is the article I read:

https://eclecticlight.co/2025/10/13/is-tahoe-quicker-to-launch-apps-first-time/

I thought that was the phoning home. Wasn’t CRL always async on Apple platforms? Is it not the same CRL for web and software?

> Does it now download a list of revoked certificates asynchronously?

I thought that’s how it always worked? Apple pulls a lit of revoked carts and blocks them from running, similar to how CSAM checking would have worked and how safari content blocking works. Minimal interaction, and minimal privacy surface-area, as well.

@Léo That article says that, with Tahoe, apps are no longer scanned for malware by XProtect at launch. I don’t think that was ever an online check, and it’s separate from what’s being discussed here.

@Someone else No, the launch checks were done via OCSP, which “was created as an alternative to certificate revocation lists (CRL).”

It’s fascinating how every discussion about Apple’s App Tracking Transparency turns into a moral crusade, as if ATT were some cynical plot rather than a privacy framework. Most critics here seem to conflate telemetry, security verification and cross-app tracking as if they were the same thing. They are not.
Apple’s analytics and crash reporting are anonymized and governed by differential privacy, a mathematically proven method that ensures no individual user can be identified. Turning off "Share Analytics" stops even that limited data flow. That’s not "tracking", that’s standard system telemetry.
The OCSP checks on macOS that some cite as "tracking app launches" are actually part of the notarization process, a security feature verifying that apps aren’t malware. These requests contain no Apple ID, no user identifier, and are cached locally after the first run. Calling that "tracking" is like calling a firewall log surveillance.
As for Apple News and ad delivery, no, Apple isn’t secretly selling your data to "third-party tracking companies." Those ad servers operate as data processors under Apple’s control, not independent profiling networks like Meta or Google Ads. There’s a legal and technical difference between serving an ad and building a behavioral dossier. Critics often skip that nuance because it doesn’t fit the "evil Apple" narrative.
What ATT does, and this is the part people forget, is prevent cross-app identification without user consent. It doesn’t ban advertising or analytics, it bans hidden data sharing between unrelated entities. That’s why regulators’ cases in Germany and France don’t allege privacy violations but rather market structure concerns. It’s a regulatory paradox, because the EU demands both maximum user privacy and a fully open market, even though those two goals frequently collide.

Apple built a system where your data isn’t the product. If you think that’s “anticompetitive,” maybe it says more about how broken the ad industry has become than about Apple itself.
Privacy built into the architecture is not "self-serving", it’s self-limiting. And that’s exactly what none of the data-brokers want you to understand.

@Andy Apple’s analytics and crash reporting are anonymized and governed by differential privacy

This is not true.

Turning off "Share Analytics" stops even that limited data flow.

This is not true, either.

The OCSP checks on macOS that some cite as "tracking app launches" are actually part of the notarization process

Also not true.

There’s a legal and technical difference between serving an ad and building a behavioral dossier.

Apple is doing both. Right now, Apple is able to sell ads for apps and get data on how well they convert, but other companies can’t. And its apps are also phoning home with behavioral information.

@Michael

Well I personally want Apple to get crash analytics - if you opt out of that then sure there should be no correlation of that crash data and you personally but I see no reason why the crash report shouldn't be sent without personal identifiers.

Data for ads is crap and shouldn't be allowed if opted out - Apple never should have gone down the in OS ads road but that was under Steve Jobs which I think was his single biggest mistake.

Are we sure that ads data isn't anonymised?

@Niall I want Apple to get crash logs, too. I’m just responding to the claim that they use differential privacy. I think the ad data is anonymized, but it does have a persistent identifier. The App Store (and maybe other apps?) does not respond to the off switch and sends data that’s linked to your Apple ID.

@Michael Every point you labeled "not true" aligns directly with Apple’s published technical and legal documentation. If you have verifiable sources proving otherwise, please cite them. Blanket denials without evidence don’t constitute an argument.

@Andy You are the one making specific claims, so you should support them. I can’t prove that Apple doesn’t use differential privacy for customer crash reports, unless they specifically say they don’t, but I can tell you that the idea doesn’t make sense to me and that it’s not mentioned in the privacy policy, the differential privacy overview, or the platform and security guide.

Turning off “Share Analytics” does not stop app-specific analytics. I agree with you that the described behavior does not align with Apple’s published documentation or common sense. This issue is that the documentation is misleading and/or doesn’t correspond to what the code actually does. This was previously discussed here and here. There was also the saga where there was no way to opt out of Apple storing private Siri recordings, then Apple added a separate switch but with a dark pattern, then it had a bug where it flipped the switch back on for people who had opted out.

Unfortunately, Apple doesn’t explain the OCSP stuff in any of the documents that I linked, and I’m not sure what other published documentation you’re referring to. With that said, I have not seen any evidence that OCSP is related to notarization. The idea doesn’t make sense to me because the notarization ticket is signed by Apple. Why would they need to do online checks to see if they revoked their own certificate? Additional evidence is that the OCSP problem affected every launch, but notarization is only checked on the first launch. I think OCSP is used for the Developer ID certificates because developers can misbehave or have their private keys exposed.