Search

Privacy: Apple adds mandatory “App Tracking Transparency (ATT)” feature in its iOS 14.5 update

Spotlight on Apple’s App Tracking Transparency, Apple’s new feature.

OS 14.5 update: App Tracking Transparency (ATT)

Thanks to record iPhone sales in the fourth half of 2020 – nearly 90.1 million smartphones sold (23.4% of the market share) – Apple has become the world’s largest seller of smartphones.

With the new iOS 14.5 update, announced during the April 20 Keynote and available since the evening of April 26, 2021, for users with an iPhone, the Apple brand has unveiled a new mandatory feature: the App Tracking Transparency (ATT).

It allows to follow a user through several applications on his smartphone and even track him on different websites, at any time.

Greater transparency

The Cupertino firm now requires application developers to ask the user for prior authorization to track their activity on applications and websites.

Indeed, the iPhone stores data about the user such as age, location, health data, spending habits, or browsing history.

This data can help the user to map his physical activities, identify his family and friends in his photos, to find his location, it can also allow for example a store that would be nearby to offer him promotions.

But some apps have built-in trackers that collect a large amount of personal data and share it with third parties like advertisers and data brokers.

The latter will collect thousands of pieces of information about the user to create and enrich his advertising profile. This process then allows the user’s data to be used to target them precisely and potentially predict and influence their decisions when making an online purchase, for example.

So now when using an application, a pop-up window will appear, asking the authorization for applications to track activities in apps and other companies’ websites.

The user has now two choices: “Ask the app not to track my activities” or “Allow”.

When the user gives the application permission to track his activity

The user may allow his information to be collected, for example, the user or device ID, current device advertising ID, name, email address, or other personally identifiable information, with other information about him or his device that has been collected by other applications or websites.

This dataset can then be used by the application developer or third parties for advertising targeting purposes.

The application developer may also choose to share this information with data brokers, which may also result in the association of information about the user or their device.

For example, the user goes to an e-commerce site and adds items he likes to his shopping cart. In the end, he doesn’t buy anything and doesn’t order the selected items, which remain in his shopping cart.

The e-commerce site will then be able to share with other companies or other third parties the searches made by the user as well as the items remaining in his shopping cart.

When this user searches for products on websites in the future, he or she may be offered advertisements with suggestions for the products he or she has previously searched for.

If the user refuses to be tracked

If the user refuses to be tracked, the application will not be able to access the advertising ID of their device. Despite this refusal, some applications will still be able to target him.

Let’s take the case of the Facebook group, which owns the social network Instagram, for example, it’s possible that users can be targeted by advertising on Instagram thanks to the pages they subscribe to on Facebook and their likes.

Thanks to this possibility of refusing to be tracked, advertising targeting of the user is thus reduced to the fields of sharing between applications of the same group but remains present.

Note that it is also possible to allow or deny requests for tracking authorization when opening an application by going to “Settings”, then “Privacy” and “Tracking”.

A generally well-received update

Facebook and Apple have different business models and this is indeed what poses a problem for Facebook, who perceived this update as a threat. In fact, in 2020, Facebook’s advertising revenue exceeded $84 billion, an increase of nearly 21% over 2019.

The firm created by Mark Zuckerberg has an advertising-oriented model based on the data collected on its users, while Apple’s is based mainly on the sale of computers, phones, and connected watches.

A significant portion of Apple’s revenue also comes from services offered (Apple Music, Apple Podcast, Apple TV, iCloud) as well as in-app purchases in the App Store (Apple’s revenue from apps was nearly $64 billion in 2020).

Facebook, therefore, reacted the day after this announcement on its blog:

“We support giving people more control over how their data is used to improve the relevance of ads. […] To that end, we are investing in new approaches to privacy technology and creating a personalized advertising ecosystem that relies on less data, while helping to ensure a level playing field for small and large businesses.”

With these new changes, Facebook provides resources and actions for advertisers on its blog to reduce the impact of Apple’s App Tracking Transparency.

Facebook also mentioned that the company “will be implementing new experiences for advertisers and new measurement protocols, including Apple’s SK Ad Network API and Facebook’s Aggregated Event Measurement.”

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.

CSIRT