In May, Apple communicated the changes to its privacy to the public at large, launching an ad showing a man being harassed whose daily activities are closely monitored by a growing group of strangers. When his iPhone pushed him to “Ask App Not to Track” he clicked and it disappeared. Apple’s message to potential customers was clear – if you choose an iPhone, you choose privacy.
But after seven months, companies including Snap and Facebook were allowed to continue to share user-level signals from iPhones, as long as that data is anonymized and aggregated rather than tied to specific user profiles.
Snap, for example, told investors it plans to share data from 306 million users — including those who ask Snap to “do not track” — so advertisers can get a “more complete, real-time view” of how ad campaigns are working. Any personally identifiable data will first be obfuscated and aggregated.
Likewise, Facebook’s chief operating officer, Sheryl Sandberg, said the social media group is participating in a “multi-year effort” to rebuild the advertising infrastructure “using more aggregated or anonymized data.”
These companies note that Apple has told developers that it “shall not derive data from a device for the purpose of uniquely identifying it”. This means that they can observe ‘flags’ from the iPhone at the group level, allowing ads to be assigned to ‘groups’ consistent with specific behavior but not tied to unique identifiers.
This type of tracking has become the norm. Oren Cannell, CEO of AppsFlyer, a mobile referral platform that works with app developers, said that when his company introduced such a “privacy-focused” tool based on aggregated measurement in July 2020, “the level of pushback we received from the ecosystem was Entirely huge.”
But now such bundled solutions are the default for 95 percent of its customers. “The market has radically changed their minds,” he said.
It is not clear if Apple has actually blessed these solutions. Apple declined to answer specific questions for this article but described privacy as the North Star, meaning it was specifying a general destination rather than a narrow path for developers.
Cory Munschbach, chief operating officer of customer data platform BlueConic, said Apple should back down from a strict reading of its rules because the disruption in the mobile advertising ecosystem would be too great.
“Apple can’t put itself in a position where it’s essentially taking out its best-performing apps from a user consumption perspective,” she said. “It will eventually harm iOS.”
For anyone who meticulously interprets Apple’s rules, these solutions break the privacy rules set for iOS users.
Lockdown Privacy, an app that blocks ad trackers, described Apple’s policy as “functionally useless in stopping third-party tracking.” She ran a variety of tests on the best apps and noticed that personal data and device information were still “sent to trackers in almost all cases”.
But companies that collect user-level data said the reason apps keep “leaking” information like a user’s IP address and location is simply because some require such information to function. Advertisers must know certain things like user language or device screen size, or else the app experience will be horrible.
The danger is that by allowing user-level data to be used by non-transparent third parties as long as they pledge not to misuse it, Apple is effectively trusting the same groups that CEO Tim Cook has described as “hitch-hikers just looking to make a quick buck.” .
The companies will pledge that they only look at user-level data once they are anonymous, Munschbach said, but without access to the data or the algorithms working behind the scenes, users won’t really know if their data has been kept private.
“If historical precedent is set in the field of adtech, those black boxes hide a lot of sins,” she said. “It is not unreasonable to suppose that it leaves much to be desired.”