Apple called its App Tracking Transparency framework as one of the most impactful moves towards creating a more private ecosystem, but recent independent research shows that it is not really effective against third-party trackers and does not block the transfer of personal or mobile data. device. The main premise of the ATT framework was to offer users more transparency about their data, such as which applications collect information, what data they extract, and how it is shared. More importantly, each app was required to explicitly ask users about the tracking via a pop-up notification.
Of course, companies like Facebook, whose coffers are lavishly filled from its massive ad business, weren’t too happy about the change and turned to an industry-wide lobbying campaign. However, Apple was adamant that it wants to give users the option to choose whether they want an app to show them personalized ads by tracking their web and app activity. Following a strong backlash and claims that Apple did not implement the rules in its own apps, the company temporarily delayed the ATT implementation for months and finally enabled it with the release of iOS 14.5. However, the whole system may not be as effective as Apple claims.
In a study conducted by Privacy lock – whose members are said to be former Apple engineers – App Tracking Transparency made no difference when it comes to disabling third-party trackers associated with an app and is minimally effective at blocking connection requests. As part of the research, the team selected ten top-ranked apps on the App Store and monitored third-party tracking for each in two scenarios: ATT enabled and ATT disabled. Apps like Grubhub, DoorDash, and Peacock TV were found to have roughly the same number of third-party trackers active even when users enable ATT. Another study earlier this year in June also reached a similar conclusion about the ineffectiveness of the TCA system.
The Yelp app was found to allow at least six active trackers even with ATT enabled using the “Ask the app not to track“Immediate. Interestingly, the same six trackers were observed when ATT was off. Similarly, 39 tracking attempts were recorded, which is only marginally less than the 42 attempts when ATT was off. Privacy lock concluded that enabling or disabling ATT made no difference for the 50 crawlers they observed while running the selected application pool. When it comes to tracking attempts, enabling ATT only reduced the number by a mere 13 percent.
In terms of the type of data that apps were able to share with third parties, everything from time zone, carrier name, iOS version, and iPhone model to more sensitive details like the user’s first and last name, location with exact latitude and longitude, free device storage, battery and volume levels, as well as details of accessibility settings were included. Privacy lock mentions that in all the test scenarios, the IP address of the users was also exposed. Contrary to what Apple claims, there was also no automatic blocking of follow-up requests. Even if users denied an app’s request to track their activity, most of the test apps didn’t seem to honor that choice at all.
The study is a sign that Apple may need to implement a stricter investigation process to ensure that apps do not bypass ATT standards and violate user privacy despite an explicit denial of tracking. If it continues in the same vein, Apple might not be too far off from another lawsuit over privacy concerns, misleading advertising, and / or more regulatory scrutiny.