Independent research suggested that Apple’s App Tracking Transparency (ATT) feature may not be as foolproof as many people think. The research claimed that ATT has some loopholes that still allow apps to stealthily collect personal data from users’ Apple devices.
The new research conducted by independent researchers claims to demonstrate that some developers have been bypassing the App Tracking Transparency privacy features. The research said that although ATT worked, it has some loopholes that allow apps to continue tracking users.
How Apple’s App Tracking Transparency Works
As a review, ATT required that users click an “allow” button when installing an app. The message asks iOS device users, “Allow [app] to track your activity across other companies’ apps and websites?” If a consumer opts not to give consent to the app, the app cannot access the Identifier for Advertisers (IDFA). IOS and iPadOS assign this identifier to track users across other installed apps. So, an app will be able to track users only when it receives the consent.
Many Apple device users praised the ATT feature. It showed Apple’s commitment to protecting users from companies that tracked their usage for unwanted advertising purposes.
Loopholes that Big Companies Can Exploit
As mentioned, the research claimed ATT has some loopholes that provide big companies an opportunity to work around it.
The researchers identified nine iOS apps that used server-side code to generate user identifiers. Chinese tech company Alibaba, for example, may have used such code to perform cross-app tracking. In principle, this violate Apple’s policies, which disallow developers to “derive data from a device for the purpose of uniquely identifying it.
The research suggested that tracking companies still track behind the scenes.
They can do this through a range of methods, including using IP addresses to link installation-specific IDs across apps and through the sign-in functionality provided by individual apps (e.g. Google or Facebook sign-in, or email address). Especially in combination with further user and device characteristics, which our data confirmed are still widely collected by tracking companies, it would be possible to analyse user behaviour across apps and websites (i.e. fingerprinting and cohort tracking). A direct result of the ATT could therefore be that existing power imbalances in the digital tracking ecosystem get reinforced.
ATT is Still Useful, But Apple Should Continue to Improve the Feature
The research might demonstrate flaws in app tracking transparency, but we can’t discount its usefulness. In most cases, it prevents apps from successfully tracking users’ usage of Apple devices.
To configure app tracking transparency to always prevent tracking, go to Settings > Privacy > Tracking, and turn off “Allow Apps to Request to track.”