May 28, 2022

An exciting new study was conducted on 1,759 iOS apps before and after Apple implemented an important privacy feature last year that requires developers to request permission to track app users, called Transparency App Tracking (ATT). difficult. Identifier for Advertisers (IDFA), preventing a fee that can be used to track users across apps.

However, the researchers found few changes to the in-app tracking library and also noticed that many apps still collect tracking data even when users ask the app not to be tracked.

In addition, they found evidence that app makers are using a privacy-unfriendly user fingerprint via server-side code in an attempt to bypass Apple’s ATT, a move that suggests Cupertino continues to track iOS users. to conserve resources. ,

“We also found a case study of Umeng, a subsidiary of Chinese tech company Alibaba, which uses its server code to provide apps with a fingerprint-based cross-app ID,” they write. “The use of fingerprints violates Apple policy and raises questions about the company’s ability to enforce its policies. ATT may end up encouraging behind-the-scenes changes in tracking technologies to keep them out of Apple’s reach. In other words, Apple’s new rules could make tracking even less transparent than it is now, including for academic researchers.”

Scientific work, Title: See you soon? Impact of transparency and privacy labels on iOS app tracking, is the work of four scientists from the University of Oxford and the fifth independent American researcher. It is worth noting that it was published as a preprint, that is, it has not yet been peer-reviewed.

Another part of the study looked at “private product labels” introduced to iOS in late 2020, and the researchers concluded that these labels are often inaccurate.

Apple’s system, which aims to give iOS users a quick overview of the data they’ve entered to use an app, requires app developers to specify how they handle user data. And here, the researchers found “noticeable inconsistencies” between app manifests and actual data practices, which they say can give consumers a false sense of security and force them to use the app.

“Our results show that tracking companies, especially those with a high volume of third-party access, are still tracking users behind the scenes,” they write in a section on how unauthorized tracking continues. mobile data ecosystem. “They can do this in a number of ways, including using IP addresses to associate specific install IDs between apps, and using login features provided by individual apps (such as a Google or Facebook login or email address).

“Especially when combined with additional user and device characteristics that our data confirms continue to be widely collected by tracking companies, users across apps and websites (such as fingerprints and cohort tracking). It will be possible to analyze behavior. Thus, a direct result of ATT could be to amplify the existing power imbalance in the digital tracking ecosystem.

This paper could add fuel to the argument to repeal competition law on privacy rights, as the authors of the paper suggest that their findings support the notion that Apple and other large companies are unwilling to implement measures such as the ATT . increase their bargaining power. , gives users more control over their privacy.

Apple has been contacted for comment on the research paper, but the company has not responded at the time of writing.

Competition leaders have already filed several complaints against ATT Apple.

While Google’s separate plan to remove support for tracking cookies in Chrome browser and switch to alternative ad targeting technologies (which the tech giant also announced for Android devices) has caused disbelief in recent months, complaints have also been targeted.

In its current form, neither the mobile gatekeeper pair, nor Apple’s ATT, nor Google’s self-proclaimed privacy sandbox have been directly blocked by competition regulators, although Google’s European sandbox has been blocked following the intervention of UK antitrust law. is under close supervision. Make a series of commitments about how the company will develop the technology stack. The interventions also contributed the most to slowing down the original Google timeline.

The European Union is also pursuing a formal antitrust investigation into Google’s education technology, including an investigation into the sandbox scheme. the need to protect user privacy in accordance with EU legislation in this area, such as the General Data Protection Regulation”, emphasizing that: “Competition law and data protection law go hand in hand to ensure. You should be aware that the display advertising market is a level playing field where all market participants equally protect user privacy.”

The joint work of the UK Competition (CMA) and privacy regulators (ICOs) was also an approach taken during the CMA privacy sandbox proceedings. And last year, the outgoing UK Information Commissioner called on the edtech industry to move away from ad targeting based on tracking and profiling.

During the discussion in their research paper, the researchers also suggest that Apple’s ATT could lead to restricting access to persistent user identities, which could greatly improve app privacy over time, which could be a factor in persistent ad targeting. changes. Google Sandbox) that claim they are better suited for privacy, although the researchers also note that these claims should be investigated because they may detract economic calculations from privacy-hostile practices such as fingerprinting.

However, they predict that this migration of tracking platforms will further concentrate the bargaining power of gatekeepers.

“While some companies may try to replace IDFAs with statistical identifiers in the near future, limited access to cross-application non-probability identifiers could make it very difficult for data brokers and other smaller tracker companies to compete. Technologies such as fingerprinting and cohort tracking may not end up competitive enough with more privacy-preserving solutions,” he suggests. “We are already seeing a shift in the advertising industry towards decision making based on platform gatekeeper solutions (such as the Google Flowsy/Topics API and Android Privacy Sandbox, Apple ATT and Privacy Nutrition Labels), however this requires further discussion. These new technologies effectively protect privacy.

“However, the end result of this move to more privacy-preserving practices is likely to be a greater concentration among the platform’s existing gatekeepers, such as Apple’s marketing treble, early reports of a planned Facebook/Meta overhaul, and other advertising technologies. and proposes spending patterns for rotating advertisers. Ultimately, ads for iOS users – some of the richest – will be an opportunity that many advertisers can’t miss, and as such they will rely on the advertising methods of big tech companies to continue targeting their ads to the right audience. “

The document also points to the failure of European regulators and politicians to address the tracking problem by enforcing privacy laws such as the General Data Protection Regulation (GDPR), which states:[I]Unfortunately, several changes made by a private company (Apple) have changed the security of data in applications through years of high-level discussions and efforts by regulators, politicians and others. This highlights the relative strength of these gatekeeper companies and the inability of regulators to enforce the GDPR properly. In practice, more targeted regulation of app ecosystem gatekeepers can be an effective approach to improve compliance with data protection and privacy laws; There is currently no targeted regulation in the US, UK and EU.”

However, regulation aimed at the gatekeepers of the Internet is just around the corner. However, several orders of magnitude slower than auction ads and accurately targeting the eyeballs every millisecond of every day.

Last month, the European Union reached a political agreement on its flagship pre-competitive reform for gatekeepers, or the Digital Markets Act, and lawmakers said they expected the rule to come into effect in October. (Although it won’t actually start until 2023, and there’s already debate about whether the commission has the resources to keep some of the world’s most valuable companies alive with growing armies of in-house lawyers in the necessary resources.)

Meanwhile, the UK has its own take on such a major technological competitiveness reform. The competition regime was abolished in 2020, but it is still awaiting the adoption of a law that empowers digital market actors. And recent reports in the British press suggest that the digital competition bill will now only be introduced in Parliament next year, which would mean further delays.

Germany has been leading the way on this issue since introducing competition reforms early last year. In addition, earlier this year, Google was found to be subject to this special anti-abuse regime. However, the country’s foreign ministry has yet to complete an investigation into various Google products that cause competition problems. But it’s possible that this year we’ll see some gatekeepers being enforced by the MFA.

Leave a Reply

Your email address will not be published.