Probing into Apple’s heralded ‘App Tracking Transparency‘ privacy feature, a collaborative effort between researchers at privacy software maker Lockdown and The Washington Post has discovered the privacy system cracking down on them, most iPhone apps still collect (and transmit) some user data.
Apple’s App Tracking Transparency feature lets iPhone users control which apps get to track their activity for ad targeting. When a user opens an app for the first time, they get the App Tracking Transparency popup, which asks them whether they want to “allow” the app in question to track them, or ask the app not to track them.
Tapping on the “Ask app not to track” option is supposed to prevent the app from collecting your data and/or sharing it with third-parties like advertisers and data brokers. Testing ten popular iPhone apps on iOS 14.8 and the newly released iOS 15, however, the research effort found that to not be the case.
In fact, the researchers found that even with App Tracking Transparency instructed to prevent tracking, the apps they tested still reached out to third-party trackers, and the number of times they tried transmitting data to these trackers only went down by 13%.
Furthermore, the investigation uncovered another alarming fact: when they’re instructed not to track the user, most of the tested apps resort to recording and relaying an array of device-specific technical data points from the iPhone (volume, battery level, IP address, etc) that can be combined to create a unique image of your device (and then track it) through a process known as digital “fingerprinting”.
In the absence of an iPhone’s unique ID for Advertisers (IDFA), which App Tracking Transparency prevents apps from fetching, digital fingerprinting could be the next best thing for user tracking.
Courtesy of The Washington Post, here’s a comprehensive list of the data points apps like Subway Surfers, Streamer Life!, and Run Rich 3D recorded (and attempted to share with third-parties) despite App Tracking Transparency’s efforts:
- Device Name (e.g., “John’s iPhone X”)
- Accessibility Setting: Bold Text
- Accessibility Setting: Custom Text Size
- Display Setting: Dark Mode
- Screen Resolution
- Time Zone
- Total Storage Space (bytes precision)
- Free Storage Space (bytes precision)
- Currency (e.g., “USD”)
- iOS Version
- Audio Output (e.g., “Speakerphone”/”Bluetooth”)
- Audio Input (e.g., “iPhone Microphone”)
- Accessibility Setting: Closed Captioning
- Cellular Carrier Name (E.g., “AT&T”)
- Cellular Carrier Country
- Last Restart Time (Exact Timestamp, Second Precision)
- Calendar Type (E.g., “Gregorian”)
- Enabled Keyboards (E.g., “English, Emoji, Arabic”)
- Current Battery Level (15 decimals precision)
- Current Volume Level (3 decimals precision)
- Accessibility Setting: Increase Contrast
- Current Screen Brightness (15 decimals precision)
- Portrait/Landscape Mode
- Battery Charging State (E.g., “Plugged In”)
- iPhone Model (E.g., “iPhone X”)
- User Agent (Browser Agent)
- IP address
The research effort was not able to unearth exactly what this data is used for downstream — that is a question only the developer of an app collecting this data can answer.
“Apple believes that tracking should be transparent to users and under their control,” said company spokesman Fred Sainz to The Washington Post. “If we discover that a developer is not honoring the user’s choice, we will work with the developer to address the issue, or they will be removed from the App Store.”
The Post said when they shared their findings with Apple, the iPhone maker said it would contact developers to learn more about what data was still being collected. “After several weeks, nothing appears to have changed,” wrote the Post.
What is certain, though, is that these findings are worrying for Apple, considering the Cupertino giant’s longstanding penchant to promote privacy as a key feature of the iPhone.