Apple Reminds Developers About Upcoming App Tracking Transparency Enforcement in iOS 14.5

[Will Co]

Fun task. Get hold of a switch or router with port mirroring and add it into your WiFi network. Hook up a computer running Wireshark. Then watch what happens when you open each of your iPhone apps.

Privacy features, a secure App Store and a company that stands by its principles on privacy are crucial to our daily lives. And to our democracies.

 

[_Spinn_]

Sounds like 14.5 should be released this month.

Today Tim Cook said it is coming in a few weeks on the New York Times Sway podcast.

Kara Swisher
Yeah, right. I’m just saying in your case. So let’s make it easy for people to understand. When exactly is the new update coming out?

Tim Cook
It’s just a few weeks now.

Opinion | Apple’s C.E.O. Is Making Very Different Choices From Mark Zuckerberg (Published 2021)

Tim Cook views privacy as ‘one of the top issues of the 21st century.’ Other tech leaders don’t seem to agree.

www.nytimes.com

 

[kittonian]

Really hoping devs aren't going to get around this by mandating you say yes. Something like "We apologize but unless you allow us to track you, this app will not be allowed to run on this device".

 

[szw-mapple fan]

Really hoping devs aren't going to get around this by mandating you say yes. Something like "We apologize but unless you allow us to track you, this app will not be allowed to run on this device".

Apple has thought of this. First Q&A on the user privacy developer page:

Can I gate functionality on agreeing to allow tracking, or incentivize users to agree to allow tracking in the app tracking transparency prompt?​

No, per the App Store Review Guidelines: 3.2.2 (vi).

 

[Rafagon]

If I have this setting set to Off, then that means I won't even have to get the pop-up, right? I'm automatically denying permission to track to every single app that may want to ask for such permission?

 

[billk711]

Let’s see how quickly Apple flip flops on this rule if Epic wins the anti-trust trial. This is a rule that could only exist without competitors, as many developers would clearly leave the App Store on this basis alone for that sweet ad revenue

What u said
Makes zero sense

 

[Populus]

Ok, so, let me ask again, because I don’t quite understand how this works. Let’s say I log into YouTube app. Can Google track me through the web browser? If I go to google.com, will I be logged in? Will google know who am I? And let’s say I open Google Maps, will I be magically logged in as well?

 

[goobot]

It’s strange how they are warning developers but they are not warning the public yet about this upcoming update and which apps will cease working.

If I remember right Apple warned the public on the last iOS 10 dot update which apps need to be updated or replaced because they will no longer work in iOS 11. That leads me to believe we’ll see one more iteration of iOS 14.4.x warning the public.

Apps aren’t going to stop working

 

[gene731]

Really hoping devs aren't going to get around this by mandating you say yes. Something like "We apologize but unless you allow us to track you, this app will not be allowed to run on this device".

Then goodbye app? I’m sure all of the apps I have, if they did that then there would be alternatives and who knows, maybe a better app than what I currently have.

 

[LeadingHeat]

All of the framework for App Tracking Transparency is already in place and some developers have already begun asking users for IDFA access permission, but it will be a requirement for all apps that use the IDFA when iOS 14.5 and its sister updates are released.

Ahh. Okay that makes more sense. I was wondering why I was seeing it on my wife’s phone! I heard her thought process haha it was priceless.

*opens app*
*popup asking to track her*
“Ew, what?! No way! DENY”
I think developers are gonna get a rude awakening. Which is a great thing. We consumers deserve to know when we’re getting tracked.

 

[LeadingHeat]

First question would be, how much would apple willing to apply double standard for their own apps?

They’ve repeatedly said that they don’t track user data. Therefore, no double standard. Nice try though.

 

[ececlv]

Ok, so, let me ask again, because I don’t quite understand how this works. Let’s say I log into YouTube app. Can Google track me through the web browser? If I go to google.com, will I be logged in? Will google know who am I? And let’s say I open Google Maps, will I be magically logged in as well?

These rules are for apps, not websites. And the rules are for third party tracking. So google maps and the gmail app can share data between those 2 apps because google owns both. but for example, facebook app and toyota app cannot share data between each other because the apps are owned by different companies

i may not have all the details right, but i think im close

 

[JosephAW]

Apps aren’t going to stop working

Actually yes some will.

 

[goobot]

Actually yes some will.

If the data collected is absolutely necessary then there is nothing stoping someone from just allowing the app to function as it does now, if an app is a camera app you could say the app doesn’t function if I don’t give it access to the camera, this is no different.

 

[Shirasaki]

They’ve repeatedly said that they don’t track user data. Therefore, no double standard. Nice try though.

Yeah, nice try. Maybe if Apple says a couple thousands more times it will become law.

 

[jonnyb098]

Tim Cook said today it will not be released for a few weeks

The interview was recorded last week or the week prior. Which means release will be 2 weeks from now at the latest or as early as next week

 

[Superhai]

Yeah, nice try. Maybe if Apple says a couple thousands more times it will become law.

If you look at the details but from a cynics perspective, even then Apple will have less gain from being dishonest.
If it became clear that Apple facilitate cross-app tracking, it will be detrimental to their sale of their devices. And by denying the income that “free” apps get from selling user data to big data companies, it means they have to make an income somewhere else. The most obvious choice will be to charge what the app actually is worth instead of giving it away under false pretenses. And guess who takes a cut of the sales of apps on the App Store?

 

[return2sendai]

The unannounced hardware is Apple’s latest attempt to destroy competitors. Tile in this case. Where is the innovation?!

So buy Tile. It’s a free market.

 

[fredrik9]

These rules are for apps, not websites. And the rules are for third party tracking. So google maps and the gmail app can share data between those 2 apps because google owns both. but for example, facebook app and toyota app cannot share data between each other because the apps are owned by different companies

i may not have all the details right, but i think im close

I believe you are completely correct here. As you say, for example Facebook can track you across Instagram, Messenger, WhatsApp, Facebook main app etc. because they own all those platforms. However, they probably have to use their own tracking solution since the IDFA on iPhones (iPads too?) is now blocked if the user chooses to stop it. Consequently, they can no longer lean on Apple's conveniently placed IDFAs.

 

[dwaite]

First question would be, how much would apple willing to apply double standard for their own apps?

They don't need a double standard for their apps. The user is authenticated with Apple, so Apple does not need to track devices for user profiling - they just associate all that with your account. This is also why Google hasn't really cared about IDFA limiting - they just push users to log in for full functionality.

That said, I've heard rumors for decades about Apple pushing back accumulating such data, and building firewalls in-house against sharing collected data across groups - and have invested in techniques like Differential Privacy in some cases to prevent even the possibility of correlation and user profiling.

There have been companies looking _mighty hard_ for double standards here to take Apple to court to keep this from going live.

Second question would be, how enforceable this requirement would be? Will big companies just slip through via some sort of special Consideration?

If Facebook and Google don't get a special consideration, I doubt anyone else would. The push-back is pretty obvious - if a feature is so beneficial and vital, why is it equally vital that you do it without informing the user or letting them opt-out?

 

[dwaite]

I believe you are completely correct here. As you say, for example Facebook can track you across Instagram, Messenger, WhatsApp, Facebook main app etc. because they own all those platforms. However, they probably have to use their own tracking solution since the IDFA on iPhones (iPads too?) is now blocked if the user chooses to stop it. Consequently, they can no longer lean on Apple's conveniently placed IDFAs.

Facebook can track a user by having the user log in. They can correlate all their first-party apps via shared data if they are all published by Facebook.

However, any attempt to do third-party device tracking without the user opting in is against the App Store reviews, and can have publication of an app denied or even your account revoked. The new dialog is not (just) to gate access to IDFA, it is to get approval to participate in third-party tracking _at all_.

 

[LeadingHeat]

Yeah, nice try. Maybe if Apple says a couple thousands more times it will become law.

What benefit do they have from lying? If they do collect identifiable information about a customer from their app, and they get caught with their hands dirty... that would be horrible for their image. Especially when they’ve been marketing privacy so hard this year and last. I don’t think that they’d risk it, not even for a second. It ultimately would hurt their bottom line because trust would be out the window so people wouldn’t buy apple products anymore.
(Not that they have ANYwhere else to go to for products/services that actually do respect privacy, but that’s another story)

 

[Moccasin]

I was wondering why I was getting no tracking requests from any apps, given that some are already apparently doing so, but as I already have “Allow apps to request to track” turned off I guess this means that I’ve already said no by default.

I expect Facebook etc will leave it until the very last minute to release their updates.

 

[nycgeo]

Apple today reminded developers that its App Tracking Transparency rules will be enforced starting with the launch of iOS 14.5, iPadOS 14.5, and tvOS 14.5.

When these updates are released, developers will need to get express permission to access the IDFA or advertising identifier on a device to track users across apps and websites for ad targeting purposes.Apple clarifies that developers are not allowed to use specific device data with the intent of fingerprinting a user to replace the IDFA, which is something that Chinese app developers and mobile measurement companies have already been doing.

Apple earlier in March warned app developers not to use alternate methods to collect user data for tracking purposes, and last week, rejected several app updates from developers using an SDK from mobile measurement company Adjust, which used data like software version and charge level to keep track of users.

All of the framework for App Tracking Transparency is already in place and some developers have already begun asking users for IDFA access permission, but it will be a requirement for all apps that use the IDFA when iOS 14.5 and its sister updates are released.

We don't yet know when iOS 14.5 will see a release, but in an interview with Kara Swisher that came out this morning, Apple CEO Tim Cook said that iOS 14.5 will be coming in "just a few weeks."

Article Link: Apple Reminds Developers About Upcoming App Tracking Transparency Enforcement in iOS 14.5

“A few weeks” seems crazy at this point, when I’ve felt like a release is imminent for “a few weeks” already. The only thing I’m waiting for is “unlock with Apple Watch” which I’m reminded of many times a day wearing my mask and having to enter a passcode. Can’t they just release that in a .00 build?!
I can’t remember “needing” an OS release like this...smh

 

[KrisAK]

Let’s see how quickly Apple flip flops on this rule if Epic wins the anti-trust trial. This is a rule that could only exist without competitors, as many developers would clearly leave the App Store on this basis alone for that sweet ad revenue.

I guess I don't understand: if developers have become overly reliant on slack privacy practices, then what's wrong with encouraging them to change said practices?