How the new app tracking transparency policy works

This week, Apple released a new whitepaper that describes how apps typically track users and interact with their data, outlines the company’s privacy philosophy, and provides several details and clarifications about the upcoming change to app tracking transparency, which (among others) ) app developers to obtain a user’s permission to participate in the common practice of creating an ID (called IDFA) to track that user and their activities across multiple apps.

The paper states that the change will take full effect with the release of an update for iOS and other Apple operating systems in “early spring” (Apple previously said this would happen in iOS 14.5, which is now at a late stage. of beta). testing), but the company has reportedly already started enforcing some aspects of the new policy with new app submissions, suggesting the full transition is very imminent. A recent survey found that only about 38.5 percent of users plan to sign up for tracking.

Most of the paper is devoted to explaining exactly how apps track users to begin with, using a hypothetical example of a father and daughter traveling to the playground with their personal mobile technology and apps in tow. There are no new disclosures in this section for people already familiar with how these systems work, but the information is accurate, and most people don’t actually know much about how their data is tracked and used, so it may be helpful to some .

Apple also uses a section in the paper to describe the privacy labels for apps, which are a bit like food nutrition labels, but instead of describing the nutrients in a meal, they describe the ways an app tracks you or accesses your data . However, it’s worth nothing that these app privacy labels are largely self-reported, and independent observers have found many examples of apps with inaccurate or incomplete information in these labels.

Trust and Antitrust

While the paper is intended in part for users who want to learn more about the privacy features of iOS and how personal data is processed by mobile apps in general, it also tries repeatedly to argue that the upcoming change to App Tracking Transparency will not negatively impact most advertisements. supported companies in a serious way. “The introduction of past features, such as Safari Intelligent Tracking Prevention, have shown that advertising can continue to be successful while improving user privacy protections,” say the authors.

Some companies, such as Facebook, have explored the idea of ​​filing an antitrust lawsuit against Apple, arguing that Apple is letting third-party apps follow rules that the smartphone maker’s apps don’t have to follow. But this article states that Apple’s own apps don’t give tracking login prompt because they don’t track third-party apps for advertising purposes to begin with.

Most of the meaty clarifications are in the Frequently Asked Questions (FAQ) section of the newspaper. For example, Apple writes that “app developers cannot require you to allow tracking to use the full capabilities of the app” – meaning users will not experience reduced functionality in apps if they opt out of tracking. This boils down to a critical point of Apple’s upcoming change: the policy prevents tracking for multiple third-party apps if a user unsubscribes, but both Apple and any other company can still track users across multiple apps if all apps in question are used. by the same company. The same thing that Apple gives a pass could also apply, like Google tracking you through Gmail, Google News, Docs, and so on. But as soon as Google wants to use a technique that can also see what you are doing in, for example, Apple or Facebook apps, then that is when the opt-in is required.

Apple offers a separate toggle called “Personalized Ads” – completely different from the IDFA-related login prompt – that lets users decide if they want to be tracked in Apple’s own apps.

And with regard to the recent wave of App Store submission rejections, Apple clarifies that a developer “must also respect your choice outside of the ad ID.” This means that once a user has opted out of IDFA tracking, the developer should also not be able to track the user through any other method that generates a similar result, such as device fingerprints. Fingerprinting from devices was apparently the cause of the wave of rejections we reported on last week. “If we learn that a developer is tracking users who request not to be tracked, we will require them to update their practices to respect your choice or their app may be rejected from the App Store,” the paper said.

The FAQ also addresses the criticism of the effectiveness of the App Store’s privacy labels, albeit not very effectively. It confirms that the data is self-reported and says “if we learn that a developer may have provided incorrect information, we will work with them to ensure the accuracy of the information.”

Table image by Samuel Axon