Apple’s new tracking rules — which explicitly require user consent — have undeniable benefits. However, according to researchers, they do not solve all the problems, or even create new ones.
Last year, Apple introduced App Tracking Transparency (ATT), an approach feared by many companies whose business model is based on targeted advertising, and therefore the collection and use of personal data. The system in question could not be clearer for the user of iOS, who is asked whether or not he wishes to authorize applications and services to track his activity on third-party sites and applications. Without this agreement, it is impossible to operate the IDFA (identify for advertisers), a unique identifier used to track the behavior of iPhone and iPad users.
On paper, it is unstoppable, which allows Apple to affirm a strong line of its communication: the protection of privacy. Except that according to a team of researchers from the University of Oxford, there are flaws in the system which allow certain companies – in particular the largest such as Google or Facebook – to circumvent the limitations to, in the end, collect even more. of data. They also warn that Apple’s promises may give users “a false sense of security“.
“Overall, our findings suggest that while Apple’s changes make it harder to track individual users, they are motivating a countermovement and empowering companies with access to vast amounts of first-hand data. […] Making the privacy properties of applications transparent through large-scale analysis remains an elusive goal for independent researchers and a major obstacle to meaningful, accountable, and verifiable privacy protections.”conclude the researchers.
More inequalities between big and small tracking players
They also observe that several applications and services use server-side scripts to pool the information collected on user terminals concerning their uses, before creating alternative profiles, in particular on the side of the Chinese company Alibaba. And this despite the prohibition, by Apple, to indulge in the practice of fingerprinting. The researchers also note that the entry into force of the ATT did not lead to a decrease in the number or size of tracking libraries. On the other hand, Facebook tracking tools — for example — are defeated by the ATT in nearly 47% of cases. This remains significant and is indeed part of a desire to give power back to the user over the fate reserved for his personal data.
“Our findings suggest that tracking companies, especially larger ones with access to large amounts of data, continue to track users behind the scenes. They can do this through a range of methods, including using the IP addresses to link installation-specific identifiers between apps and through login functionality provided by individual apps (e.g., Google or Facebook login, or email address). in combination with other user and device characteristics, which our data has confirmed are still widely collected by tracking companies, it would be possible to analyze user behavior across applications and websites. The ATT could therefore have the direct consequence of reinforcing existing imbalances in the digital tracking ecosystem between large and small players”can we finally read in this study.