Some popular iPhone apps and games can still track you even if you opt out


Posts: 1,183   +20
Staff member
Facepalm: An investigation has revealed that some iOS app makers have managed to find a new way to track users across apps even after they've opted out via the new App Tracking Transparency feature in iOS 14.5 and newer versions.

Back in April, Apple started rolling out iOS 14.5 and iPadOS 14.5 with an option for iPhone and iPad users to opt out of ad tracking. The feature is called App Tracking Transparency, and forces app developers to ask for user permission before they can track activity for targeted advertising -- at least, in theory.

It shouldn't surprise anyone that advertisers are against such functionality, considering the potential to spook users into opting out of tracking and taking away potential revenue with that choice. Facebook has been the most vocal against App Tracking Transparency, going so far as describing it as the bringer of the "adpocalypse" and publishing multiple newspaper ads to stir more public debate.

However, it turns out that Facebook's fears are somewhat unfounded. According to an investigation by The Washington Post and app developer Lockdown, at least three popular iPhone games are still sending user data to third-parties even after you've opted out of app tracking. And this data includes everything and anything except your ID for Advertisers (IDFA) number, which is used as a fingerprint for whatever information is collected about your activity and preferences on your Apple device.

For instance, telling Subway Surfers that you don't want to be tracked still results in the game sending a company called Chartboost no less than 29 specific data points about your device -- including your IP address, free storage space, the volume level to a precision of three decimal points, and the battery level to 15 decimal points. The advertiser won't be able to use your IDFA, but this other information can be used to give you a unique identifier and allow companies to track you across apps and websites.

Apple says it's not possible to be tracked once you've opted out, but advertisers have found a way to keep doing it. It's more complex and not nearly as accurate, but it proves that companies who want to skirt Apple's privacy rules can do so with a bit of creative thinking. However, app makers that go this route also run the risk of getting their apps booted from the App Store.

Lockdown co-founder and former Apple iCloud engineer Johnny Lin notes that "when it comes to stopping third-party trackers, App Tracking Transparency is a dud. Worse, giving users the option to tap an ‘Ask App Not To Track’ button may even give users a false sense of privacy."

So far, no app has been banned for bypassing ATT. Considering the overwhelming majority of Apple users opt out of tracking altogether, you'd think the company would be more vigilant, but several weeks after being notified about the offending apps, nothing has changed.

Permalink to story.



Posts: 4,310   +2,317
This is why I laugh when people say they have removed telemetry and tracking on their devices and machines, or won't use this browser over that one. This phone over that one. This OS over that one. This app over that one.


Posts: 985   +738
Apple probably is much better than Google - there was an article on here a short while ago about Google asking you to rescind rights to little used apps - Happen to me android asked me if I wanted to change permissions on some old apps - So we are getting there . I don't use my compass app, or first aid app - but kind of like they are on my phone


Posts: 66   +39
> So far, no app has been banned for bypassing ATT.

I always wondered how would Apple implement the ban even if they mean to. Unless a developer is dumb enough to brag about how they bypassed ATT, just sending a bunch of device info alone doesn't prove they are trying to fingerprint users. At worst, apps could collect those info and send them out in encrypted form. How would Apple ever prove they are using those for purpose of bypassing ATT, instead of general debugging?