When you first download and open and application from Apple’s App Store, chances are you have been met with this familiar message: “Allow this app to track your activity across other companies’ apps and websites?” Along with this are two options: “Allow” and “Ask App not to Track.” Despite selecting the latter option, however, plenty of apps still suck up all your data in a vacuum-like fashion.
The aforementioned message is relatively new, having only been released earlier in April as part of a privacy update by Apple. On paper, it is supposed to prevent apps such as Facebook, Twitter, and Instagram from gathering information about your activity on other apps and websites – but that is not exactly the case.
From personal experience, the phrasing to “ask” the app not to track you always seemed like a legal loophole. After all, the companies aren’t necessarily obligated to follow what you, the consumer, merely requested of them. It’s more of a suggestion, and that is exactly how companies are treating it.
This hunch of mine was confirmed by an investigation by researchers at the privacy software maker, LockDown, as well as the Washington Post. What they found during their endeavor was that Subway Surfers, an extremely popular mobile game, sends out very specific information to a third-party ad company called Chartboost, such as a user’s:
This is all information that advertising companies can utilize to both decipher what other apps you use and how they themselves can target you.
Technically, it isn’t. In fact, Apple’s rules explicitly states that companies are required to “receive the user’s permission [in order] to track them or access their device’s advertising identifier.”
If it’s clearly not permitted by Apple, how are the companies behind these apps getting away with this? Simply put, Apple’s rules aren’t as strict as you might think.
When you ask an app not to track, they do adhere to the rules… to some extent. According to the Washington Post, apps were no longer able to access a user’s ID for Advertisers (IDFA) within the phone, which prevents advertisers from identifying that specific device. While this certainly makes things a little more secure, but that isn’t the only piece of information that can be used to trace back to a specific phone.
Instead, the apps continued to siphon a user’s information through third-party companies that have key data such as how someone uses apps, and even their location! In other words, it’s not the companies themselves gathering the information, they are just getting it from another source.
I would say so.
This is not a good look for Apple, who claims a profound interest in user privacy, and is a completely underhanded method that goes unpunished and tricks consumers into a false sense of security.