What we’ve been suspecting all along has now been proven correct: Apple’s app anti-tracking feature in iOS does precisely nothing to effectively protect your privacy. In fact, it makes things worse. And Apple probably knew this was the case, too.
Today on The Private Citizen, I’m finally catching up with a topic I’ve had on my list for months now: Apple’s bullshit App Tracking Transparency feature.
For the 100th episode, I want to change pace a bit and talk a about myself and where my opinions and attitude comes from. A little bit along the lines of the one year anniversary special, but not as a straight AMA. I am collecting questions for this episode on the forum, though. So if you want to know something about me or my background that I haven’t talked about previously, feel free to ask over there (or via email).
I am also experimenting with soliciting feedback on upcoming episodes ahead of time.
This podcast was recorded with a live audience on my Twitch channel. Details on the time of future recordings can usually be found on my personal website. Recordings of these streams get saved to a YouTube playlist for easy watching on demand after the fact.
Apple’s Bullshit App Privacy Feature
Apple’s App Tracking Transparency feature in iOS 14.5 was lauded as a great leap forward to combat tracking on mobile phones. I proposed in episode 81 in August that the feature couldn’t be working very well, because according to reports back then, Facebook was still tracking people very well using its own apps. They were still posting growing revenues. Back then, I postulated that Apple didn’t introduce this feature because they care about the privacy of their users, but because they were forced to do so by privacy laws in the EU and also because they wanted to take an advantage away from their competitors Google and Facebook.
At the end of September, an independent study seems to have confirmed that App Tracking Transparency is bullshit.
In April 2021, Apple released the App Tracking Transparency (“ATT”) feature with iOS 14.5. ATT claims to give users choice and transparency for third-party tracking in their apps, and it was lauded by many as a step forward in protecting user privacy. Does it really work? Five months after its release, we tested ten of the top apps in the App Store to see if ATT succeeds in stopping tracking.
Using the open source Lockdown Privacy app and manual testing, we found that App Tracking Transparency made no difference in the total number of active third-party trackers, and had a minimal impact on the total number of third-party tracking connection attempts. We further confirmed that detailed personal or device data was being sent to trackers in almost all cases. ATT was functionally useless in stopping third-party tracking, even when users explicitly choose “Ask App Not To Track”.
As The Washington Post describes the research:
Say you open the app Subway Surfers, listed as one of the App Store’s “must-play” games. It asks if you’re OK with the app “tracking” you, a question iPhones started displaying in April as part of a privacy crackdown by Apple. Saying no is supposed to stop apps such as Subway Surfers and Facebook from learning about what you do in other apps and websites.
But something curious happens after you ask not to be tracked, according to an investigation by researchers at privacy software maker Lockdown and The Washington Post. Subway Surfers starts sending an outside ad company called Chartboost 29 very specific data points about your iPhone, including your Internet address, your free storage, your current volume level (to 3 decimal points) and even your battery level (to 15 decimal points). It’s the kind of unique data that could be used by advertisers to identify your iPhone, possibly letting them know what other apps you use or how to target you.
In other words, it’s sidestepping your request to be left alone. You can’t stop it. And your privacy is worse off for it. Apple’s rules say apps aren’t allowed to track people who say they don’t want it. So why is this happening? Privacy advocates say this kind of data-gathering is likely tracking, just by a different name: fingerprinting.
Our investigation found the iPhone’s tracking protections are nowhere nearly as comprehensive as Apple’s advertising might suggest. We found at least three popular iPhone games share a substantial amount of identifying information with ad companies, even after being asked not to track.
When we flagged our findings to Apple, it said it was reaching out to these companies to understand what information they are collecting and how they are sharing it. After several weeks, nothing appears to have changed.
So it seems this new feature is actually making it worse.
To find out what happens when you tap “ask app not to track,” Lockdown says it tested ten popular apps on an iPhone running iOS 14.8 and again with the newest iOS 15, analyzing what personal information flowed out of them.
As part of a technical change that arrived with iOS 14.5, the apps were no longer able to access one valuable piece of data: a kind of social security number for your iPhone, known as the ID for Advertisers, or IDFA. But there’s other information that can identify your phone beyond that number.
Lockdown found most of the apps continued to communicate behind the scenes with a murky industry of third-party data companies that privacy advocates call trackers.
Among the apps Lockdown investigated, tapping the don’t track button made no difference at all to the total number of third-party trackers the apps reached out to. And the number of times the apps attempted to send out data to these companies declined just 13 percent.
“When it comes to stopping third-party trackers, App Tracking Transparency is a dud. Worse, giving users the option to tap an ‘Ask App Not To Track’ button may even give users a false sense of privacy,” said Lockdown co-founder Johnny Lin, a former Apple iCloud engineer.
Even more worrisome for consumers, Lockdown says three of the apps it investigated – Subway Surfers, Streamer Life! and Run Rich 3D – appeared to be collecting data that could be used for a more invasive kind of tracking known as digital fingerprinting. All three also sent ultra-specific characteristics of the test iPhone to an ad company called Vungle. That could allow app-makers and advertisers to connect the dots and track you without your consent.
Of course, there is reporting out there that claims that App Tracking Transparency works and is hurting the advertising industry. But I can’t verify the data these reports are based on and I personally think it’s bullshit – another smoke screen to cover the smoke screen.
It’s stands to reason that if this really worked and we’d actually be private on our phones now, these companies would very quickly be bankrupt or they’d have to drastically change their business model. But in reality, nothing much has changed at all, it seems. Which would underscore the findings from Lockdown Privacy.
Producer Feedback
We had an excellent discussion on the forum with regards to the previous episode. In the course of this discussion, capn.egghead said (among other things):
So, in this episode, you repeated the statement that the Nazis “persecuted a Religion”, which sounds a bit dissonant to me. Like in the case of my previous correction (about “Galileo & Round Earth”), I think that the reason that it irks me is because it reinforces a misconception which is effectively used for the propaganda of certain groups.
However, in this case I believe that your usage of this terminology comes from trying to avoid using the word “race”, which in turn goes back to episode 22 (“Stand together not divided”), and some related topics, on which I have comments, but believe that explaining clearly where my views differ from yours would take me a long time. That is why I kept postponing this feedback until now (for me, this kind of writing is not a regular effort, and it takes several iterations to become coherent enough).
First of all, although the Nazi leadership cared a lot about political beliefs, to the best of my knowledge they did not care much about religion (other than as a tool to serve the state). Certainly the persecution of the Jews and the Roma people did not depend on their religious beliefs.
If you were a Jew by birth, you were an enemy of the state. No belief or statement of loyalty could save you from that – only documents proving the “aryan blood” of your grandparents (well, if you only had one jewish grandparent, then you would be a “Mischling zweiten Grades”, so you could live as a German without getting castrated, provided you followed the restrictions and did not look too jewish).
Saying that the Nazis persecuted a religion reinforces the misconception that the persecution depended on anything that the persecuted people thought, did or believed. This misconception serves the cause of people who want to deny or diminish the holocaust, through the usual “divide and conquer” thinking (“surely that would not happen to me”). Sure, persecution due to religion is also a bad thing that should be banned, but it was certainly not the main case in Nazi Germany.
→ c.f.: Mark Benecke: Menschenrassen
Bazzawill also commented on episode 96:
Some feedback regarding vaccine mandates. In general I am somewhat for vaccine mandates perhaps more so at the company level than the government. You need to be vaccinated to work at certain jobs to attend more risky events like concerts without physical distancing etc. A few comments you made I take issue with.
- What about those that cannot be vaccinated. Simple a medical exemption applies. You will see in my other post my position is all that should be required for a medical exemption is for a doctor to sign off that yes you qualify for a medical exemption. There should be no need for you to disclose the details of this with your workplace etc. Yes, this could leave a door open for dodgy doctors to issue medical exemptions but there could be a system of checks to minimize this.
- Herd immunity, I believe we have discussed this before but I still believe* (this is not the best word, it’s not a belief, but not entirely based on science because I have not had the time to research also see point 3.), My conjecture is the more people that get vaccinated the less chance the disease has to spread. You say what does it matter if person x decides to not get vaccinated, they only put themselves at risk. I disagree, the people with medical exemptions and also people who are vaccinated may be put at higher risk of contracting SARS-COV-2. We know the vaccine is not 100% effect. Surely I am better protected if both myself and my colleagues are vaccinated.
- The science is not certain, while I agree more could be done on the science and more money and better studies done they all take time. If we just sit around waiting for longevity studies we are putting ourselves at greater risk.
- Fund hospitals better, absolutely I agree. However if I can avoid an ICU stay I would much prefer that. I am pretty sure all the best funding would not bring covid-19 mortality to 0.
If you have any thoughts on the things discussed in this or previous episodes, please join our forum and compare notes with other producers. You can also contact me in several other, more private ways.
Toss a Coin to Your Podcaster
I am a freelance journalist and writer, volunteering my free time because I love digging into stories and because I love podcasting. If you want to help keep The Private Citizen on the air, consider becoming one of my Patreon supporters.
You can also support the show by sending money to via PayPal, if you prefer.
This is entirely optional. This show operates under the value-for-value model, meaning I want you to give back only what you feel this show is worth to you. If that comes down to nothing, that’s OK with me. But if you help out, it’s more likely that I’ll be able to keep doing this indefinitely.
Thanks and Credits
I like to credit everyone who’s helped with any aspect of this production and thus became a part of the show. This is why I am thankful to the following people, who have supported this episode through Patreon and PayPal and thus keep this show on the air:
Georges, Steve Hoos, Butterbeans, Jonathan M. Hethey, Michael Mullan-Jensen, Dave, Michael Small, 1i11g, Jaroslav Lichtblau, Jackie Plage, Philip Klostermann, ikn, Vlad, Rhodane the Insane, Bennett Piater, Kai Siers, tobias, Fadi Mansour, Joe Poser, Dirk Dede, m0dese7en, Sandman616, David Potter, Rizele, Mika, avis, Martin, MrAmish, Dave Umrysh, Cam, RikyM, Barry Williams, Jonathan, Captain Egghead, RJ Tracey, Rick Bragg, D, Robert Forster, Superuser, astralc and Noreply.
Many thanks to my Twitch subscribers: Mike_TheDane, jonathanmh_com, Sandman616, jj_guevara, BaconThePork, m0dese7en_is_unavailable, indiegameiacs, l_terrestris_jim and redeemerf.
I am also thankful to Bytemark, who are providing the hosting for this episode’s audio file.
Podcast Music
The show’s theme song is Acoustic Routes by Raúl Cabezalí. It is licensed via Jamendo Music. Other music and some sound effects are licensed via Epidemic Sound. This episode’s ending song is In the Arms of Anger by Under Earth.