You Told Your Apps To Stop Tracking You, but They Didn't Listen

Research shows shady app developers are still grabbing your data without your permission, and Apple hasn't stopped them.

We may earn a commission from links on this page.
Image for article titled You Told Your Apps To Stop Tracking You, but They Didn't Listen
Photo: Ming Yeung (Getty Images)

In 2014, some very pervy creeps stole some very personal iCloud photos from some very high-profile celebs and put them on the open web, creating one very specific PR crisis for Apple’s CEO, Tim Cook. The company was about to roll out Apple Pay as part of its latest software update, a process that took more than a decade bringing high-profile payment processors and retailers on board. The only issue was that nobody seemed to want their credit card details in the hands of the same company whose service had been used to steal dozens of nude photos of Jennifer Lawrence just a week earlier.

Apple desperately needed a rebrand, and that’s exactly what we got. Within days, the company rolled out a polished promotional campaign—complete with a brand new website and an open letter from Cook himself—explaining the company’s beefed-up privacy prowess, and the safeguards adopted in the wake of that leak. Apple wasn’t only a company you could trust, Cook said, it was arguably the company—unlike the other guys (*cough* Facebook *cough*) who built their Silicon Valley empires off of pawning your data to marketing companies, Apple’s business model is built off of “selling great products,” no data-mining needed.

That ad campaign’s been playing out for the last seven years, and by all accounts, it’s worked. It’s worked well enough that in 2021, we trust Apple with our credit card info, our personal health information, and most of what’s inside our homes. And when Tim Cook decried things like the “data-industrial complex” in interviews earlier this year and then rolled out a slew of iOS updates meant to give users the power they deserved, we updated our iPhones and felt a tiny bit safer.


The App Tracking Transparency (ATT) settings that came bundled in an iOS 14 update gave iPhone users everywhere the power to tell their favorite apps (and Facebook) to knock off the whole tracking thing. Saying no, Apple promised, would stop these apps from tracking you as you browse the web, and through other apps on your phone. Well, it turns out that wasn’t quite the case. The Washington Post was first to report on a research study that put Apple’s ATT feature to the test, and found the setting... pretty much useless. As the researchers put it:

In our tests of ten top-ranked apps, we found no meaningful difference in third-party tracking activity when choosing App Tracking Transparency’s “Ask App Not To Track.” The number of active third-party trackers was identical regardless of a user’s ATT choice, and the number of tracking attempts was only slightly (~13%) lower when the user chose “Ask App Not To Track”.


So, what the hell happened? In short, ATT addresses one specific (and powerful) piece of digital data that advertisers use to identify your specific device—and your specific identity—across multiple sites and services: the so-called ID for Advertisers, or IDFA. Telling an app not to track severs their access to this identifier, which is why companies like Facebook lost their minds over these changes. Without the IDFA, Facebook had no way to know whether, say, an Instagram ad translated into a sale on some third-party platform, or whether you downloaded an app because of an ad you saw in your news feed.

Luckily for said companies (but unluckily for us), tracking doesn’t start and end with the IDFA. Fingerprinting—or cobbling together a bunch of disparate bits of mobile data to uniquely identify your device—has come up as a pretty popular alternative to some major digital ad companies, which eventually led Apple to tell them to knock that shit off. But because “fingerprinting” encompasses so many different kinds of data in so many different contexts (and can go by many different names), nobody knocked anything off. And outside of one or two banned apps, Apple really didn’t seem to care.


“Apple believes that tracking should be transparent to users and under their control,” an Apple spokesperson told Gizmodo. “When the user selects ‘Ask App Not to Track,’ the app is informed that the user would not like to be tracked by any means, and all developers—including Apple—are strictly required to comply with the user’s choice. If we discover that a developer is not honoring the user’s choice, we will work with the developer to address the issue, or they will be removed from the App Store.”

It’s the same statement the company offered the Post when it reached out to ask why asking some of these apps not to “track” resulted in those apps sending a slew of data to third party marketing firms, anyway. In some cases, this included everything from the cell carrier a person used to the total storage space on their device, which could be cobbled together to create that person’s unique “fingerprint.”


Apple responded by telling the Post that it would “[reach] out to these companies to understand what information they are collecting and how they are sharing it,” before... seemingly doing the same load of nothing it was doing thus far. As the Post writes, these apps were unchanged even weeks after Apple’s statement.

It’s a move that seems distinctly un-Apple, considering the company’s years-long attempt to position itself as Silicon Valley privacy protector. But perhaps Apple, which is staring down antitrust investigations in multiple countries due to the company’s ironclad grip on its App Store, doesn’t want to crack down on developers who skate around the IDFA by snatching up other bits of data because of where that might lead. One of the antitrust cases forced the company to concede some of its control—over in-app payments, in particular—last month.


Some Apple critics in the marketing world have been raising red flags for months about potential antitrust issues with Apple’s ATT rollout, and it’s not hard to see why. It gave Apple exclusive access to a particularly powerful piece of intel on all of its customers, the IDFA, while leaving competing tech firms scrambling for whatever scraps of data they can find. If all of those scraps become Apple’s sole property, too, that’s practically begging for even more antitrust scrutiny to be thrown its way. What Apple seems to be doing here is what any of us would likely do in its situation: picking its battles.