Apple’s app tracking transparency should make it easier for Apple users to see which apps are collecting personal data. At the same time, Apple introduced graphics in which developers must specify what type of data they are collecting. However, analysis by a German researcher shows that many of these claims are misleading. According to researcher Kollnig, the problem lies neither with Apple nor with developers.
- Analysis shows: 80 percent of the apps examined that stated that they did not forward any personal data did so
- According to researcher Konrad Kollnig, the problem is app libraries that automatically forward user data
- Responsibility therefore lies with large corporations like Google – the GDPR should have a stronger impact here
Along with app tracking transparency, in 2021 Apple launched an attempt to make the collection of personal data more transparent. Since then, developers who want to make their applications available for download in the AppStore for iPhones and iPads have had to specify whether the app collects or forwards user data. The analysis by the researcher Konrad Kollnig for Netzpolitik shows, however, that the calculation does not add up in the end.
Buy Apple iPhone 13 for €813
As part of his doctoral thesis, Kollnig examined 1,682 randomly selected apps, 373 of which stated that they did not collect any personal data. In his test setup, the researcher started the applications and then examined the data traffic via a man-in-the-middle proxy. So he switched between an iPhone 8 with iOS 15.2 and the server and looked where his usage data ended up. The result: 80 percent of the apps that stated that they did not forward any personal data did so.
The problem is app libraries – and the GDPR
According to Kollnig, however, the responsibility does not necessarily lie with the app developers. Because for the development, according to network policy, they are dependent on app libraries – comparable to ready-made building blocks in development – which they cannot really see themselves. And the tracking code is hidden in these libraries, according to Alexander Fanta for Netzpolitik. In exchange for using these libraries, developers receive revenue, which companies like Google in turn earn from personalized advertising.
This is what the application sheets of the App Store will look like with information about the collection and use of your data / © Montage: NextPit / Illustrations: Apple
While the developers are in a certain powerless position and Apple is dependent on their information, the need for action lies with the corporations that offer app libraries in a non-transparent manner. In Europe, such business practices violate the GDPR. Here Kollnig sees an opportunity to improve data protection for users. For a change, “applicable EU data protection law must be consistently implemented in practice,” quotes Netzpolitik Kollnig at the end of the report.
How do you feel about the results of the analysis? Does that worry you? By the way, you can read the article, which I think is very well worth reading, directly on Netzpolitik.org!