You may have noticed an influx of ads for furniture on your Instagram feed after searching for a new chair for you To work from home Set up or promote posts for a coffee shop you’ve just walked past. Your phone’s apps collect and share a lot of information – from your location to your surfing habits to your search history.
However, this will change significantly for iPhone owners.
Apple announced in June 2020 that starting this spring, iPhone, iPad and tvOS apps will be required to obtain consent to share data from people with third parties such as data brokers and other apps.
The move is a complete rethinking of data protection rights. Data collection has long been based on the premise that millions of people are able to be tracked, their movements and behaviors shared and sold unless they specifically say no. Privacy settings are usually disabled and often buried deep in an app’s settings. Soon, however, iPhone users will be asked to explicitly choose to have their data shared between advertisers, apps and data brokers.
Tim Cook, Apple’s CEO, explained the change in a January 28 speech at the Computer, Privacy and Data Protection Conference.
“Technology doesn’t require large amounts of personal data, aggregated across dozens of websites and apps, to be successful. Advertising existed and thrived without it for decades, ”Cook said. “If a company is based on misleading users, on data usage, and on decisions that are not decisions at all, then it doesn’t deserve our praise. It deserves reform. “
Some tech companies – especially those that rely on collecting personally identifiable information to sell advertisements to companies looking to target certain demographics – are far from satisfied.
In Facebook’s earnings report for the fourth quarter of 2020 and the full year, the company forecast a significant slump in ad targeting features due to changes in Apple’s privacy policy. And Google has warned app publishers that once the guidelines go into effect, they could have a significant impact on their advertising revenues.
Facebook declined to comment on this story. Google declined to comment on Cook’s remarks.
Advocates of data protection rights are now pretty satisfied.
“This is a very good thing for most people,” said Pete Snyder, senior privacy researcher at Brave Software and co-chair of the W3C Privacy Interest Group. “People’s privacy on iOS devices will be dramatically better than it is today.”
While the changes ahead are significant, they won’t completely protect you from being chased by the biggest tech companies like Apple themselves. Here is an overview of what to expect.
What will change under Apple’s new rules?
Currently, apps collect all sorts of information about you as you use them – that won’t change. What will change is the way this information is shared with third parties like data brokers and other technology companies.
Currently, the vast majority of the apps you download on an Apple or Android device track you in the same way using a unique identifier.
The Advertiser ID (IDFA) is a standard device identifier that Apple created in 2012. Google has its own version for Android devices called Google Advertising ID (GAID).
So if you look at pictures of cats in one app and then check the basketball scores in another app, both apps let you share your IDFA with advertisers and data brokers who tie together your online movements to create a more complete profile of you.
There are other ways in which the data you generate using an app can be shared. Apps can collect and share detailed details of your actions through in-app event collections, such as: B. what you clicked and what you viewed.
Under the current opt-out model, you can clear your history by resetting your IDFA or limit tracking by setting your IDFA to all zeros. You can do this under Advertising in your privacy settings on your iOS device. Research from AppsFlyer, a mobile advertising company, found that only about 25 percent of people have this setting enabled in 2020.
However, this becomes an opt-in model when Apple’s privacy change kicks in.
According to Apple, the update will take effect in the spring with iOS 14.5. In this case, any app that collects data about you and shares it with other companies for cross-tracking and advertising purposes must first obtain approval.
Without this consent, apps are not allowed to pass on data that they collect about you to other companies or data brokers for advertising purposes. Companies can still share data for other purposes, such as: B. to prevent fraud or for analysis.
The changes only apply to Apple devices. The Android App Store hasn’t announced any similar changes.
And even for iPhone users, apps can collect information about you under the new rules. You simply cannot share this information for advertising purposes.
Apple’s new guidelines also prohibit tricks to get consent. An app cannot prevent access to its features because you cannot be tracked by them or incentivize users who allow tracking. The prompt can only appear once, so you cannot be spammed with requests either.
Apps that do not display the prompt are not allowed to pass your data on to third parties and do not receive your IDFA.
The change could be enormous.
AppsFlyer found that 99 percent of users decided against permission after several developers implemented the Apple Request Follow-Up Request early on. Some apps are likely to choose to just stop sharing tracking information instead of implementing the prompt.
Serge Egelman, research director for the Usable Security & Privacy Group at the International Computer Science Institute, says most people don’t want to be persecuted.
“The reason more people are not opting out is because it’s very complicated,” said Egelman. “Given that we know that most consumers don’t want to be followed and don’t make informed decisions, it makes sense to move to an opt-in model.”
How can I still be tracked after the changes?
Companies can still track you through their own services, but they cannot share this information with anyone without your permission. For example, although Spotify cannot share data about your searches on its app with Facebook without your consent, Facebook can still use data that you generate on its own services, including Instagram and Oculus, to create a picture of who you are and who you are who you are what you like and use this profile to sell ads.
The more powerful the app’s innate data tracking capabilities, the better they’ll fare under these changes, says Johnny Ryan, a senior fellow at the Open Markets Institute who focuses on privacy and antitrust law.
A company like “Google can come along and say,” We’re going to put the whole market in ourselves. Instead of having thousands of companies providing ad space, everyone should come to us, ”said Ryan.
In fact, Google has already said that it no longer cares about data sharing on Apple devices.
“We will no longer use any information that falls under [App Tracking Transparency] for the handful of our iOS apps that they are currently using for promotional purposes, ”said Matt Bryant, a Google Ads spokesman.
Google has a lot of data that is collected by first-party advertising for the purposes of advertising, and it may continue to collect third-party data from apps that users have chosen, Ryan said.
How will Apple enforce its policies?
According to experts, this is where it gets difficult.
Apple controls the IDFA tool, so the company should have the means to ensure apps don’t use it without consent. However, experts say it will be difficult for Apple to prevent apps from sharing data in other ways and fear that the company will rely too heavily on the honor system.
“The app developer can say they are not tracking while collecting a number of different data points to uniquely identify this user over time,” Egelman said. “There’s no way Apple or anyone else can automatically detect this unless they analyze that particular app and what it’s broadcasting individually.”
While Apple is able to identify third-party trackers that are embedded in code during the app review process, it can be difficult to ensure that first-party data is not shared without permission.
“If we learn that a developer is tracking users who do not want to be tracked, they must update their practices to respect your choice. Otherwise, their app may be rejected from the App Store,” Apple said in a privacy white paper in January released.
Apple declined to comment on how it will enforce its new guidelines.
Sean O’Brien, lead researcher at ExpressVPN’s Digital Security Lab, said it was important for Apple to put in place a rigorous review process to enforce the new guidelines.
“You need a combination of automated scanning and manual review, and you need to try a slower review process before adding apps to your store,” said O’Brien.
This article was originally published on The Markup and republished under the Creative Commons Attribution-NonCommercial-NoDerivatives License.
Comments are closed.