In May Apple communicated its privacy changes to the wider public, launching an advert that featured a harassed man whose daily activities were closely monitored by an ever-growing group of strangers. When his iPhone prompted him to “Ask App Not to Track”, he clicked it and they vanished. Apple’s message to potential customers was clear — if you choose an iPhone, you are choosing privacy.
But seven months later, companies including Snap and Facebook have been allowed to keep sharing user-level signals from iPhones, as long as that data is anonymised and aggregated rather than tied to specific user profiles.
For instance Snap has told investors that it plans to share data from its 306m users — including those who ask Snap “not to track” — so advertisers can gain “a more complete, real-time view” on how ad campaigns are working. Any personally identifiable data will first be obfuscated and aggregated.
Similarly, Facebook operations chief Sheryl Sandberg said the social media group was engaged in a “multiyear effort” to rebuild ad infrastructure “using more aggregate or anonymised data”.
These companies point out that Apple has told developers they “may not derive data from a device for the purpose of uniquely identifying it”. This means they can observe “signals” from an iPhone at a group level, enabling ads that can still be tailored to “cohorts” aligning with certain behaviour but not associated with unique IDs.
This type of tracking is becoming the norm. Oren Kaniel, the chief executive of AppsFlyer, a mobile attribution platform that works with app developers, said that when his company introduced such a “privacy-centric” tool based on aggregated measurement in July 2020, “the level of pushback that we received from the entire ecosystem was huge”.
But now such aggregated solutions are the default for 95 per cent of his clients. “The market changed their minds in a radical way,” he said.
It is not clear whether Apple has actually blessed these solutions. Apple declined to answer specific questions for this article but described privacy as its North Star, implying it was setting a general destination rather than defining a narrow pathway for developers.
Cory Munchbach, chief operating officer at customer data platform BlueConic, said Apple had to stand back from a strict reading of its rules because the disruption to the mobile ads ecosystem would be too great.
“Apple can’t put themselves in a situation where they are basically gutting their top-performing apps from a user-consumption perspective,” she said. “That would ultimately hurt iOS.”
For anyone interpreting Apple’s rules strictly, these solutions break the privacy rules set out to iOS users.
Lockdown Privacy, an app that blocks ad trackers, has called Apple’s policy “functionally useless in stopping third-party tracking”. It performed a variety of tests on top apps and observed that personal data and device information is still “being sent to trackers in almost all cases”.
But the companies aggregating user-level data said the reason apps continue to “leak” information such as a user’s IP address and location was simply because some require such information to function. Advertisers must know certain things such as the user’s language or the device screen size, otherwise the app experience would be awful.
The risk is that by allowing user-level data to be used by opaque third parties so long as they promise not to abuse it, Apple is in effect trusting the very same groups that chief executive Tim Cook has lambasted as “hucksters just looking to make a quick buck”.
Companies will pledge that they only look at user-level data once it has been anonymised, but without access to the data or algorithms working behind the scenes, users won’t really know if their data privacy has been preserved, said Munchbach.
“If historical precedent in adtech holds, those black boxes hide a lot of sins,” she said. “It’s not unreasonable to assume it leaves a lot to be desired.”