back to article Apple begins rejecting apps that use advertising SDKs for fingerprinting users

Apple has begun warning iOS developers that it will reject apps containing advertising SDKs that use data from the device to create unique identifiers, or fingerprints, in preparation for the upcoming release of iOS 14.5. Fingerprinting code of this sort is used by marketers for ad-related tracking, a practice Apple aims to …

  1. Social Ambulator

    Good Apple

    I’m a fanboi!

    1. chololennon
      Devil

      Re: Good Apple

      Apple is on that side of the equation only because its business model depends on different things, not because they believe in the user privacy. They are a different class of crap (they don't have any kind of problem to slow down phones in order to sell newer models, set expensive prices based solely on its "reputation", keep a closed store where your app can be banned without explanation, have ridiculous expensive fees for developers, etc, etc).

      1. Anonymous Coward
        Anonymous Coward

        Re: Good Apple

        Apple's business model is hardware and some associated services, and neither require much user data as they're not in the business of selling it.

        Ergo, it makes perfect sense for them to target the current dearth of privacy.

        Personally, I care less why they do it, I care about the results. So far, so good.

      2. idiot taxpayer here again Bronze badge

        Re: Good Apple

        @chololennon

        So you use obviously use Android? Ok, your choice. Good luck with your security updates.

        And, it goes without saying that there are no "expensive" Android telephones /S

      3. gurugeorge

        Re: Good Apple

        In October 2020 I sold my 2 year old iPhone XR for £350, depreciation on $750 was about 30%. On my flagship galaxy depreciation was 80%

        1. Anonymous Coward
          Anonymous Coward

          Re: Good Apple

          Not sure I can trust your numbers, 750 to 350 isn't about 30% in depreciation.

          1. WolfFan Silver badge

            Re: Good Apple

            You did see that one was GBP and one was dollars, didn’t you?

            1. Anonymous Coward
              Anonymous Coward

              Re: Good Apple

              With the usual 1 to 1 conversion, or even worse.

              Which will be why, the sell price is in GBP and the purchase price not based upon the GBP purchase price but the US without tax sale price.

              To get an apparent better resale value.

  2. Chris G Silver badge

    "Google is also taking steps to improve privacy in its Android ecosystem. "

    No it isn't, Google is taking steps to limit access to private data from advertisers and others using it's platform so that it can sell that data to them in one form or another because google is still slurping for itself at the same rate.

    What else would it do with all that lovely data?

    1. Version 1.0 Silver badge

      Google is telling users that Hangouts needs to be replaced by a bunch of different apps, each one will have a unique privacy policy and boost the total data collection for Google to sell.

      More apps = more data = more money

    2. DS999 Silver badge

      It is in Google's interest

      For app makers to lose access to the tracking info, but for Android itself to keep collecting it. That makes using Google's advertising services more attractive as they can be better targeted and further disadvantages Google's competitors like Facebook.

      Well, ignoring all the data that suggests that personalized/targeted ads don't help beyond more "bulk" targeting techniques that advertised used long before computers - i.e. basing it on where you live, your age, your income range (which if nothing else can be generally inferred by where you live) and so forth.

  3. DS999 Silver badge

    This is nice, but

    At least for China's "CAID" effort, I wouldn't be shocked if the big tech companies behind it get China to pass a law making support for CAID tracking mandatory. If so, Apple would have no choice but to allow it for Chinese apps on the China app store.

    Maybe the Chinese government won't care enough to bother though, I really don't know. If so it will be interesting to see if Apple pulling major Chinese apps like WeChat over this would result in Chinese consumers blaming Apple or blaming their own tech companies. Anyone know whether Chinese consumers care about being tracked for advertising purposes, or are they so accepting of being tracked by their government that they don't care if apps separately track them as well?

    1. idiot taxpayer here again Bronze badge

      Re: This is nice, but

      @DS999

      Anyone know whether most western consumers care about being tracked for advertising purposes, or are they so accepting of being tracked by their government that they don't care if apps separately track them as well?

      The answer is, most of them don't give a fuck.

      Just saying

      1. Snake Silver badge

        Re: This is nice, but

        Western consumers are tracked FAR more by private corporations than by your government. Believing otherwise is tinfoil hattery.

        Understand, I'm not saying that your government isn't trying to track you to the best of their abilities when they desire that option. But private business does it to a level that puts government to absolute shame: you've been accepting private browser cookies for decades, for example.

        1. Aitor 1 Silver badge

          Re: This is nice, but

          If you live in the uk, aus, nz, eu or us tje gvnt IS tracking you in relatively passive way, so unless you want a security clearance or are active in politics you should have no problems.

          And it is like that by law in many of these places, including searches, urls visited, etc.

      2. Anonymous Coward
        Anonymous Coward

        Re: most of them don't give a fuck.

        That might be the case for the average user.

        But here ar El Reg, we are a different crowd. Many if not most of us do care. I don't do social media. I don't use google for search or any of their [cough][cough] services.

        I have an active firewall (incoming and outgoing) at my home. 120,000+ bad domains and IP's blocked. More are added daily.

        This policy and many, many more things keep the nasties at bay.

        If you care about your footprint on the Internet then you can starve google. If I search for myself on Google (when I enable it) I don't find myself. Long may that remain.

        If you really don't care then that's your problem. Your problem when someone steals your identity, your money, your life.

      3. onemark03 Bronze badge

        ... most of them don't give a fuck.

        Probably more accurate to say that the older generation generally gives more of a fuck than the younger one.

      4. low_resolution_foxxes Silver badge

        Re: This is nice, but

        Most of them are conditioned and oblivious to what they are clicking.

        Chrome and mobile Web pages in particular, go out of their way to make it necessary for the user to click the annoying messages to go away. The messages take up 30% of the screen quite regularly. Desktop mode is at least slightly better.

        It's just creepy. If they were doing anything else, installing a literal stalking gadget in your own garage, selling virtually all your personal info, preferences, browsing and shopping history, being available to slimy marketing executives for hundreds of billions of dollars, selling access to information on the user, while saving that info on your own bloody phone??

      5. DS999 Silver badge

        Re: This is nice, but

        The answer is, most of them don't give a fuck.

        If that was true, Facebook wouldn't be in abject fear over Apple making users OK tracking when iOS 14.5 lands. They'd all just say "yes" and Facebook would go happily on their way. They know that the overwhelming majority of people will say "no" when given a choice - the fact that there is so much tracking today is because 1) people can't avoid it without a lot more knowledge/effort than the average person can put forth...even a lot of Reg readers think it is too much hassle to do stuff like disabling all scripts or whatever 2) people don't know how much tracking there is.

        When the option is put in people's face, they will say no because they aren't getting anything of value in exchange for it. If Facebook said "we'll give you $5 a month if you let us track you" then I'm sure most people would OK it (not sure if a "bribe" like that would be allowed under Apple's rules, but it would be interesting to see what the price point for the average person was)

        1. Anonymous Coward
          Anonymous Coward

          Re: This is nice, but

          Faced with the choice of 'say we can track you or you cant use the app' 90% of people are just going to click through anyway. Some might go to mobile web browser version if they don't get the popup there, possibly.

          Very few are really so concerned about privacy implications especially when there are no concrete visible detrimental experiences to their everyday lives, just hand wringing about 'muh privacy' & 'oh but maybe...'.

          The ones that this would stop have already left the platform or didn't sign up in the first place.

          1. DS999 Silver badge

            Re: This is nice, but

            Apple's rules specifically prohibit an app maker from saying "allow us to track you or you can't use the app". In order to be approved the app has to continue to function as before if the user chooses to disable tracking.

            1. Charles 9 Silver badge

              Re: This is nice, but

              Yeah, right. "For the, not for me."

              I'll believe it when someone like Facebook makes an end run and gets banned as a results, users and money be damned.

    2. HildyJ Silver badge
      Facepalm

      Re: This is nice, but

      Apple has a history of bending the rules for China. I suspect that legislation will not be necessary and Apple will just find that CAID is compliant in the Chinese market.

      1. skeptical i
        Pirate

        Re: This is nice, but

        Some enterprising programmer will create a CAID-Evade app that spoofs whatever device info goes into the CAID thingie to generate a new slightly different one at every interwebs login (or device activation, or ...), and the arms race continues.

        1. Charles 9 Silver badge

          Re: This is nice, but

          Probably see a bunch of arrests soon after as the government starts connecting the dots. De-anonymization is a thing, you know...

      2. martyn.hare

        CAID wouldn’t be mandated either

        While the CCP reserves the right to spy on people and interfere in their lives, they try to restrict the commercial sector from doing things which are too westernised. CAID is based upon a bad western idea which I can’t see surviving long-term,

        For example: China limits how long people can play video games for in any given period, bans loot boxes and gambling mechanics involving real money and ties all in-game actions to real identities to create accountability. All of this is designed to prevent exploitative “mobile gaming” from regressing the Chinese standard of living.

        I can easily see the CCP convincing homegrown device manufacturers to try to eliminate advertising and commercial tracking in favour of subsidised, centralised services instead.

  4. Anonymous Coward
    Anonymous Coward

    Boo hoo!

    Ad slinging parasites being evicted from host.

  5. Muscleguy Silver badge

    You reached out huh? There’s a good, single, UK English word you could and should have used there, it’s asked.

    Reaching out is a physical real word thing. Applying it to sending an email is a category error.

    1. Chris G Silver badge

      Reached out, I assume has spread from touchy feely California, the other misuse that currently winds me up is gifted instead of given.

      1. Anonymous Coward
        Anonymous Coward

        Can I reach out to you and ask if you could curate a list of such misuse

        1. onemark03 Bronze badge

          Reaching out

          I prefer to contact or get in touch with.

    2. DreamEater

      Hopefully they won’t “touch base” *shudders*

  6. TeeCee Gold badge
    Meh

    Been a while...

    ...since St Steve announced exactly this banhammer on third party ad-tracking coming. ISTR that his version came with an Apple ad service that you could use instead. Any news on that?

    1. Steve K Silver badge

      Re: Been a while...

      iAds was shut down in June 2016 so Apple don't seem to have their own horse in this race

    2. iron Silver badge

      Re: Been a while...

      Yes its called IDFA (ID for Advertisers) and if you opt in to tracking that is what it uses.

      So Apple is fine with tracking and fingerprinting but only as long as you use their tracking method and not Goobook's.

  7. Whitter

    Turkeys / Christmas

    It's wack-a-mole. Somebody tries to make tracking more difficult, the tracking industry develops new techniques to continue. They will not stop. Their career is at stake. A career of hacking APIs to achieve the unintended or a career buying/selling the resultant data (despite its dubious value: both sellers and buyers pretend it is data-oil as they'll have no jobs or skills if anyone without skin in the game has a look at the cost/benefit)

  8. mark l 2 Silver badge

    While I applaud Apples efforts and I am sure some of their customers will welcome this and it may get a few Android users to switch to Iphones, I don't think it will make a huge difference to the majority of users.

    Despite the news stories about misusing privacy data such as the Cambridge Analytica scandal from a few years ago, both Facebook and Google have grown their user bases in recent years. So it appears the majority of people are just willing to give up their privacy for the convenience of getting free stuff or for those social media likes.

  9. Tron Bronze badge

    You can't break something that doesn't work.

    This BS has been going on for about two decades. We still get served adverts that are as irrelevant as they used to be and I can't remember ever clicking on any of them.

    Amazon has a simpler internalised model. 'People who bought what you are buying from us also bought this...' That is sometimes useful and actually helpful. I doubt anyone considers it a violent molestation of their privacy.

    Generalised profiling via social media, Chrome/Search slurping or e-mail scanning simply isn't accurate/contextualised enough and isn't worth the money charge for it. Why do advertisers still hand over the cash? Because they did last week. It's their job. They are cogs in a machine and will keep doing the same thing even if it doesn't work. It justifies their wage packet. It doesn't matter if the quality of 'AI' drops - it has never been high enough to merit the price tag. It's the digital version of the Emperor's New Clothes.

    Good advertising simply works - The Smash Martians etc. Most advertising isn't very good. Directing rubbish advertising at specific consumers adds no value and doesn't make it work any better. Advertisers are giving money to the wrong people.

    The quality of Google Search has declined from what it was. It is no longer a map of the web. It's still better than Bing, but that's faint praise. It will only spit out a few pages of links, many irrelevant, usually commercial or pop culture. Luckily for Google, their net worth and share price have not declined with the quality of such products because the stock market is a casino, detached from reality.

    The 'AI' all of this supposedly relies upon turned out to be rather duff. Google threw loads of AI at Translate, certain that it would make it work. It didn't. 'AI' doesn't contextualise well and languages, more than most things, really require contextualisation. Now they use bilingual carbon-based life forms and highlight these translations with a big tick.

    Google's 'AI' dream has not really panned out the way it promised, and investors in other 'AI'-led projects might want to consider the ramifications of that. If Google with its dominance, its tentacles and its zillions cannot make 'AI' work, welding digital tech and analogue humanity together, will that start-up you invested in? Luckily, for now, 'AI' on the tin still pulls in the punters. But for how long?

    The bubble may implode when pressure from nation states on GAFA hits tipping point and a new generation of simpler alternatives appear that promise less but deliver more.

    Amusingly, the US has dominated tech because of GAFA and its early years reputation - a fair bit of which was justified and earned. As the USG now try to take them down for political reasons and to loot their cash the way Henry VIII did from the monasteries, they are taking down their own tech dominance and throwing the baton to competitors, both Western and Chinese.

    1. Anonymous Coward
      Anonymous Coward

      Re: You can't break something that doesn't work.

      As AI gets better it gets worse. I, like you, think think this is due to a lack of contextualization.

      Whilst driving the other day, I pressed the speak button on my steering wheel and asked Google to call my son, thus: "Call <firstname> <lastname>" which is how he is stored in my phone. This has worked since forever. Not this time; this time it looked up <first name> <last name> on the web and called the estate agent (US=realtor) who turns up first in a Google search for that name.

      Despite the fact that my last call to this guy was never, and my last call to my son was 2 days prior.

      See also "Do you want to check into the Mailbox?" as you go past in on a train journey that G is (at least should be) perfectly aware does not stop there, let alone terminate there.

      See also inabality of G to understand "22:10" as "9:40" despite my region settings and personal habits.

      As for targeted Ads, after buying a laptop I suspect I am *much* more likely to buy something another buyer of a laptop subsequently bought than to buy another laptop. Am I really that unique? I suspect the only people the advertisers really excel at selling to is the people who buy advertising.

  10. Intractable Potsherd Silver badge

    Good, but...

    This is a step in the right direction, but it won't tempt me towards Apple devices. My wife has An iPad and iPhone (neither bought by us). She is a fairly light user of both, but neither does everything she wants - removing data is an absolute pain, for example. For me, it is the equivalent of using training wheels when I'm used to a mountain bike. I keep my Android devices as secure as possible, but harbour no illusions that Google isn't getting a bunch of data every day. It would be wonderful to have a third option (yes, I use SailfishOS on one phone, but even that doesn't do what I want it to), but for now I'll stick with the minor risk of data breach in order to have an effective tool.

  11. hayzoos

    This is all just privacy theatre

    A serious statement and policy on privacy would be "No Tracking, Period." Anything less is just there for show. Make the market believe we cherish privacy. Strike a compromise between diminishing the revenue stream of customers and the revenue stream of advertisers. Just because the revenue streams are tapped differently, doesn't mean they are not doing it.

    And such is my opinion.

    1. Charles 9 Silver badge

      Re: This is all just privacy theatre

      "No tracking, period" is a pipe dream because it's dual-use. Without tracking, things like contact tracing (you know, for COVID tracking) wouldn't work nearly as well. As long as there's a good use for it, someone will abuse it. We just can't have nice things.

  12. JulieM

    Now for the next level

    To take this up to the next level, it will need to start employing active measures to thwart attempted Web tracking. Things like returning falsified cookies to analytics sites (bonus points for breaking the backend with something it wasn't expecting!), and lying, as opposed to merely refusing to answer, when asked a question to which the proper answer is "mind your own bloody business!" Instead of just refusing an app permission to access my contacts, why can't I send it page after page of procedurally-generated fake contacts?

    We are far too soft on these parasites.

    1. Charles 9 Silver badge

      Re: Now for the next level

      Chaff has a cost, in bandwidth and usually money. Unfortunately, they have the advantage there (bigger pipes, deeper pockets). That's one reason things like mesh networks don't work out so well: soon enough you spend so much on chaff that it's not worth it anymore.

      TL;DR: They can just wait us out. They can win a war of attrition.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022