Apple’s app-tracking transparency framework isn’t foolproof and still allows developers to track users: study

| |

Apple’s App Tracking Transparency (ATT) framework, which supposedly improves user privacy by restricting data collection, was found to have some weaknesses that could allow app developers to continue tracking users. An independent study has pointed to major loopholes in the framework Apple introduced late last year. The study also highlights how privacy nutrition labels on the Apple App Store, launched by the Cupertino company last year, may not be accurate for all apps and in some cases could be misleading.

The research group, which included an independent researcher and four computer science experts from the University of Oxford, analyzed over 1,700 iOS apps to determine the scope and effectiveness of the App Tracking Transparency Framework. After the initial announcement, this privacy feature was delayed due to implementation concerns, but eventually rolled out to Apple users in December. Researchers observed that while Apple’s decision to force app developers to make tracking an opt-in feature made it more likely that individual users would opt out, it was still possible for large organizations is to stalk people without them knowing.

Apple’s App Tracking Transparency feature was introduced with some delay
Photo credit: Apple

“Make the privacy properties of apps transparent through large-scale analysis remains a difficult goal for independent researchers and a major obstacle to meaningful, accountable, and auditable privacy,” the researchers said in the 13-page paper.

The researchers found that the ATT framework makes it harder than before for app developers to track users because they are restricted to the restricted Identifier for Advertisers (IDFA). This is one of the reasons why companies, including Facebook, protested Apple’s move ahead of the framework’s release, citing disruptions to their advertising models.

Now, the study suggests that some degree of user tracking is still possible, even at a surprisingly granular level. Researchers even found evidence that Apple itself engages in “some forms of tracking” and “invasive data practices,” despite marketing privacy as a key feature of its products and services.

To understand the framework’s loopholes, the researchers analyzed two versions of a total of 1,759 iOS apps from the UK App Store: one pre-iOS 14 version and the other updated to comply with the updated transparency framework.

“Many apps still collect device information that can be used to track users at a group level (cohort tracking) or to probabilistically identify individuals (fingerprinting),” the researchers noted.

The researchers also found “real-world evidence that apps are computing and agreeing on a fingerprint-derived identifier through the use of server-side code” that appears to violate Apple’s guidelines on data protection and data usage.

Out of a total of 1,759 apps, researchers said 74 failed during the installation and instrumentation process. The analysis therefore fell on the remaining 1,685 apps. The researchers found that nine of these apps were able to generate a common user identifier that could be used for cross-app tracking with server-side code. These apps used an identifier generated by Alibaba subsidiary Umeng.

Some libraries, including those from Apple and Google, are also among the most widely used tracking tools. Up to 80 percent of all apps included at least one tracking library, despite app store restrictions.

The new system also allowed Apple to track its users more closely, with a greater share of advertising technology, the research found.

In addition to the loopholes in the ATT framework, the researchers said that the privacy nutrition labels in place since late 2020 are not accurate in all cases and could be misleading for some apps. The labels appear on offerings in the App Store to help users understand what types of data may be collected and used to track them.

Apple Privacy Nutrition Labels Image Apple

Apple’s privacy nutrition labeling could be misleading in some cases, the study finds
Photo credit: Apple

“We observed many apps that provided incomplete information or incorrectly declared that they were not collecting any data at all,” the researchers said.

It was also observed that while developers of larger apps find it easier to comply with the new guidelines, less popular apps “still pose an unexpected privacy risk” because they don’t declare their tracking components. Researchers found that these make up the vast majority of apps available on the App Store.

Gadgets 360 has reached out to Apple for comment on the study and will update this article once the company responds.

This isn’t the first time Apple’s move to limit app tracking has failed. A report by the Financial Times shortly after the launch of the framework highlighted that the app developer Snap had continued to collect data from users. The introduction of the framework and new privacy policies enabled Apple to do the same expand its advertising business and Competitors negatively impacted including Google, Meta, Twitter and Snap.

Source link


Are affordable smartwatches worth it? A deep dive into the Indian smartwatch market

OnePlus phone with OnePlus 10 Pro-like design visits TENAA, seems like a rebranded Oppo K10 5G


Leave a Comment