[HN Gopher] Study: Effectiveness of Apple's app tracking transpa...
___________________________________________________________________
Study: Effectiveness of Apple's app tracking transparency
Author : clircle
Score : 109 points
Date : 2022-02-16 17:44 UTC (1 days ago)
(HTM) web link (blog.lockdownprivacy.com)
(TXT) w3m dump (blog.lockdownprivacy.com)
| bmarquez wrote:
| I use Lockdown for iOS, and Blokada or TrackerControl on Android
| (they're all very similar, on-device vpn + block list).
|
| Even with tracking disabled, apps will still contact third party
| ad/tracking servers. Just this morning on iOS:
|
| - app-measurement.com
|
| - play.googleapis.com
|
| - googleads.g.doubleclick.net
|
| - mobile-collector.newrelic.com
|
| - inapps.appsflyer.com
|
| - api.mixpanel.com
|
| - graph.facebook.com (this is a major offender, even if you don't
| have Facebook apps installed, other apps love to feed FB data)
| blakesterz wrote:
| I've tried using Lockdown and I also tried NextDns on things as
| well. Lockdown was good, but I like nextdns because I can run it
| on anything. I don't think I can do the same on Lockdown?
| Lockdown and Next aren't exactly the same thing, but they do the
| job quite nicely from what I can see. Checking out the logs on
| both is always interesting.
|
| https://apps.apple.com/us/app/lockdown-privacy/id1469783711
|
| https://apps.apple.com/us/app/nextdns/id1463342498
| olliej wrote:
| I think the core thing here is that in a lawsuit a user can now
| point to an explicit action that they took, and the apps decision
| not ignore that decision, despite having agreed to obey that
| decision as part of the use of that app.
|
| The fact that stuff like this isn't caught in the automated
| portion of review is fairly appalling though.
| hangonhn wrote:
| Anyone know how Lockdown is funded? The app is free and open
| source so how are they able to make money and operate?
|
| Someone on HN wrote that they always look at how a company is
| funded before engaging with them so they know where their
| incentives are. I thought that's a pretty good idea and am trying
| to apply the same idea here.
|
| I can find the backstory but I don't know how the company is able
| to operate and continue developing.
| bmarquez wrote:
| They try to upsell VPN services in addition to the free
| tracker-blocking. They charge $59/year for iOS and $99/year for
| all Apple devices (according to my app settings). Unfortunately
| the VPN doesn't support Android or Windows, so I can't use
| their paid product.
| ysleepy wrote:
| Apple could start allowing users to disable internet access for
| an app.
|
| Before that happens Apple's privacy campaign is just a lot of hot
| air.
| ordx wrote:
| Expect "Please enable internet access to use this app" popup
| messages in this case. A lot of apps already do this with
| camera/photos access.
| bduerst wrote:
| Given the need for almost all apps to have network access, I
| feel like this would become another website cookie popup that
| people just click through.
|
| i.e. Has the right intentions but just ends up forcing a
| worse user experience for everyone.
| sebzim4500 wrote:
| Apple could ban that if they wanted to. Basically just
| require that as much functionality as possible should work
| without internet.
| Razengan wrote:
| > _A lot of apps already do this with camera /photos access._
|
| And location, including demanding "precise" tracking (why
| does Apple even let them detect that?)
| snazz wrote:
| I think you can prevent network access for an app over Wi-Fi on
| iPhones sold in China, but for some reason this feature hasn't
| been made available globally. For now the only option is to
| disable cellular for an app and disconnect from Wi-Fi.
| olliej wrote:
| it does?
| jcranberry wrote:
| > It relies too heavily on trusting the very tracking companies
| that the policies are supposed to be protecting users against:
| Apple's definition allows apps to secretly send any and all of
| your data to third parties, and as long as those third parties
| publicly claim they won't link your data to other sites or sell
| it, it's not considered "tracking" by Apple. It is a 100% trust-
| based honor system, which means that the only way for these
| companies to get caught "tracking" is to literally pen a public
| confession of guilt or wrongdoing -- something that profit-driven
| companies are not exactly known for doing.
|
| >...
|
| >Not only do these trackers allow their clients to break Apple's
| rules, but they specifically built features to help their clients
| easily circumvent Apple's ATT privacy rules.
|
| >First, we created a dummy app that used the Kochava tracking
| service. With just a few clicks, we configured Kochava to violate
| Apple's "ATT Opt-Out" by asking it to tracking users across apps
| (using "IP address" and "User Agent") for the purpose of ad
| targeting ("Paid Media"). Basically, Kochava made it really
| convenient for any app developer to violate even Apple's narrow
| definition of tracking.
|
| >We later performed the same test with the AppsFlyer tracking
| service (which, as previously mentioned, hides the data it sends
| off your device), and it was even easier to enable "privacy cheat
| mode" and track users against their consent -- all it took was
| clicking a single button.
|
| Wow.
| nathanyz wrote:
| Seems like the solution would be for Apple to blanket ban any
| service that has this option to break the rules. Go nuclear on
| the analytics/tracking SDK's so that none of them even allow
| this to go on.
| simonh wrote:
| There's no way for Apple to stop developers watching what users
| do in their app, if that app has any kind of server backend at
| all, and no way to stop developers taking that data and doing
| whatever they want with it. I mean how is Apple supposed to
| stop developers accessing data on the developer's own servers?
| So the only way to disincentivize this behaviour is with
| policies that ban it and the threat of expulsion from the App
| Store if you're caught.
|
| I know some of these tracking APIs send data to third parties
| directly, but if that was banned all this traffic would just be
| re-routed through the app developer's back end so it would just
| sweep the problem under the carpet.
|
| We can see from history with Facebook that shady dealings with
| data to third parties has been caught in the past, it's quite
| possible to get away with it but also we know that it also has
| a tendency to come to light.
|
| Anyway, what's the alternative?
| odshoifsdhfs wrote:
| > I know some of these tracking APIs send data to third
| parties directly, but if that was banned all this traffic
| would just be re-routed through the app developer's back end
| so it would just sweep the problem under the carpet.
|
| I quit a job over this. I don't remember exactly which
| service it was we were using (mixpanel maybe?) and we found
| out some users where blocking access to service servers
| (either at router level or something else). The solution?
| make a proxy api endpoint that would just re-route the calls
| to the service.
|
| I beg and begged, saying 'look, these are users that
| specifically blocked 'service', lets respect that and get our
| data from the users that haven't' (this was before the Apple
| privacy changes a couple years ago). I was steamrolled
| because they knew better than users. I handed my notice the
| moment the ticket landed in the board.
| doctor_eval wrote:
| That's awesome that you quit over that. Good on you.
|
| I care deeply about this stuff, and I've read a couple of
| contemporary public studies - both corporate and state
| funded - that suggest that end-users really do care about
| this stuff too, and that abandonment due to poor privacy
| policies can be on the order of 40%. Forty percent!!
|
| So I started my last business with this in mind: a pro-
| privacy fintech business. We were gonna be proud of our
| privacy policy and implement it using technical means.
|
| But the moment the investors came along, I got stonewalled.
| They didn't care about the research. They didn't care about
| the users. They just had this belief that a user friendly
| privacy policy would somehow hurt the business and they
| refused to commit to what I saw as a key advantage of the
| product. Our privacy policy was a nightmare. We had almost
| nothing to give users.
|
| I quit too, and to this day, I have no idea what could
| possibly be worse than 40% abandonment in a sales oriented
| fintech.
| ASalazarMX wrote:
| I feel like investors have too much influence in business
| decisions they don't quite understand. I understand that
| it's their money at risk, so they want the greatest
| return in the least time, but their excessive influence
| has soured many great things.
|
| Maybe something like small stockholders would work, as
| they are not even allowed to vote in the direction the
| company takes, so their only influence is selling stock
| (voting with their wallet). It would certainly widen the
| door for fraud, but it's not like fraud in uncommon with
| the current system, and I'm tired of seeing how this tale
| keeps repeating in practically any area of commerce.
| Apocryphon wrote:
| > So the only way to disincentivize this behaviour is with
| policies that ban it and the threat of expulsion from the App
| Store if you're caught.
|
| Then despite all of the anger against restrictive App Store
| policies and behaviors, the App Store is _still_ insufficient
| to prevent intrusive user tracking.
|
| > Anyway, what's the alternative?
|
| OS-level protections that obfuscate on-device data in such a
| way that third party apps cannot collect the actual data. Or
| restricting developer access to that information in the first
| place.
| b3morales wrote:
| What specific protection are you envisioning here? An OS
| that completely locks down access to user input is one that
| you can't write a useful application for in the first
| place. Once the OS has handed the program a string the user
| entered, or a button tap, it can't _prevent_ the program
| from recording that.
| Apocryphon wrote:
| Something like Apple's user anonymizer patents
|
| https://venturebeat.com/2012/06/20/new-patent-will-apple-
| clo...
|
| Looks like they have a recent patent for obfuscating
| location data, too
|
| https://patent.nweon.com/21429
| simonh wrote:
| Can you give me an example of a third part app that might
| need access to on-device data outside the app, but for
| which obfuscated data would be sufficient?
|
| Let's say I have a calendar app and ask users for
| permission to access their address book, how would
| obfuscated address data be useful to the app? Of if I
| have a navigation app and need access to location data,
| how would you obfuscate that and still have it capable of
| navigation? I suspect you haven't thought this through.
| Apocryphon wrote:
| Here, Apple has also invented something that has a use
| case (albeit an edge one) that is applicable: obfuscating
| _visual data from a camera_ for the purposes of
| protecting confidential data (from guest users,
| presumably): "Obfuscating the display of information and
| removing the obfuscation using a filter"
|
| https://www.patentlyapple.com/patently-
| apple/2012/01/apple-w...
|
| https://patents.google.com/patent/US20110206285A1/en
|
| And a follow-up: "gaze-dependent visual encryption"
|
| https://appleinsider.com/articles/20/03/12/gaze-
| detection-ma...
|
| And even more articles:
|
| https://www.patentlyapple.com/patently-
| apple/2011/05/apple-w...
|
| https://www.patentlyapple.com/patently-
| apple/2011/08/apple-i...
| simonh wrote:
| I know obfuscation is possible, that's fine, but you're
| not answering my question. How is that applicable in this
| case?
|
| Can you give me an example of how obfuscation prevents an
| app, with access to data it needs to function, from
| sharing that data with the developers. Because as far as
| I can see it's irrelevant to this issue.
| simonh wrote:
| They already have heavily locked down permissions for
| various forms of on-device data outside third party apps.
| That was put in place years ago. This is mainly about in-
| app activity tracking and sharing that with third parties,
| not data outside the app. They are separate issues.
| bduerst wrote:
| >all this traffic would just be re-routed through the app
| developer's back end
|
| If it's any consolation, running a proxy at least increases
| the baseline cost of using 3P trackers. User telemetry and
| other data is small, but for popular apps that adds up and
| gets factored into the equation on whether or not to use 3P.
| Grollicus wrote:
| They could also report this behavior to the appropriate
| regulators and let them handle the enforcement. Maybe they'll
| take their time, but they will get there.
|
| In the end this is not a technical problem but a juristical
| one.
| abakker wrote:
| Dumb question: Why don't we just use fuzzing instead of privacy?
| e.g. the tracking APIs are just filled with noise data when you
| want to not be tracked? It seems the big issue is that companies
| doing the tracking know the data is there and then use it
| inappropriately. What about just giving them garbage data
| instead?
| changoplatanero wrote:
| It must be effective at stopping something, right? Otherwise why
| is Facebook revenue suffering?
| polyomino wrote:
| Facebook follows the rules because they are a big target,
| others not so much...
| bduerst wrote:
| Yeah, FB has much more to lose than a margin hit if it were
| blocked from iOS.
| organic_popcorn wrote:
| I thought Facebook was having people leave their platforms over
| the last year.
| reaperducer wrote:
| Facebook told investors publicly that the Apple privacy
| measures cost it something like $10 billion.
|
| Though I may be remembering that wrong. It was discussed
| extensively on HN at the time.
| blitzar wrote:
| Shocker: Company CEO blames outside forces for reduction in
| profits rather than admitting the truth...
| JimDabell wrote:
| Their CFO said this, not CEO. Are you suggesting their
| CFO committed securities fraud by lying to shareholders?
| blitzar wrote:
| My mistake, but yes I am.
| viktorcode wrote:
| It's weird that former Apple engineers don't explain how IDFA
| which is blocked by answering "ask app not to track" works. It is
| the only thing that's prevented by Apple, and the rest lies on
| the developer. Try to circumvent it, and risk ban (of course some
| apps are still trying, driven by their risk/reward calculations
| but bans aren't unheard of).
|
| Another thing, the "ask app not to track" doesn't mean that data
| won't be collected. It means that this particular user must not
| be identifiable across different apps / web sites, even if
| personally identifiable data is being sent. Authors completely
| ignore this point.
| reaperducer wrote:
| _It is the only thing that 's prevented by Apple, and the rest
| lies on the developer._
|
| It is the major visible prevention method.
|
| App developers who track anyway live in fear of Apple finding
| out and executing its nuclear option: banning them from the App
| Store.
|
| Smart companies don't risk $10,000,000 in app revenue in order
| to sell $10,000 in user data.
| Apocryphon wrote:
| When your company makes Apple $3m, you cease to become
| someone casually banned by Apple, and rather a quasi-partner
| with some leverage. Epic's ban from the App Store was
| deliberately engineered by that company's leadership to force
| a legal challenge and to garner public attention; most
| companies of that size with apps on the App Store are met
| with more kid glove treatment by reviewers.
| jenny91 wrote:
| I'd imagine the threshold is a lot higher. Remember that
| Apple is in the end a hardware company and it makes sense
| to give up revenue/pay a fair bit for the legwork of their
| privacy marketing.
| BbzzbB wrote:
| You're not much of a partner at 0.0008% of yearly revenue.
| Now if a Netflix or Spotify was caught with a hand in the
| forbidden cookie jar, I'd expect the solution to be more
| diplomatic than straightforward perma-ban. If not for
| directly financial reasons, because their iOS user base
| would feel the void of these apps missing, unlike "Casino
| Slots 3D - Dolphin Edition".
| flutas wrote:
| Uber was famously caught trying to circumvent reviewers
| to hide their device fingerprinting and the result was a
| phone call from Tim Cook threatening them, but not
| outright removal. At the time I'm not sure if any profit
| from Uber actually flowed to Apple either.
|
| https://www.theverge.com/2017/4/23/15399438/apple-uber-
| app-s...
| BbzzbB wrote:
| I do think these ubiquitous "mega-apps" (whatever the
| word is) hold leverage on Apple as well. Telling their
| billion users they can't access an app like Uber because
| they broke some privacy rule or stood their ground on the
| Apple tax could be a hard sell. Although obviously not
| impossible like we've seen with Fortnite (not that I'd
| rank it alongside the Uber/Netflix/Spotify/YouTube and co
| of this world).
| Apocryphon wrote:
| Even a threatening phone call is at least Apple treating
| an app developer with enough regard to actually include
| human interaction in the process (from the CEO, no less),
| as opposed to a boilerplate two sentence non-explanation
| for rejection. That only applies to the makers of apps
| with enough users to warrant a personal touch.
| kmeisthax wrote:
| So, FWIW what Uber was doing was flagging if banned
| iPhones had been wiped and reset. Apple actually gave
| Uber specific APIs to persistently flag iPhones as banned
| (as part of DeviceCheck).
| Apocryphon wrote:
| Fine, the numbers should be inflated a bit, but the
| original post was most likely referring to Netflix and
| Spotify anyway, as opposed to whatever mid-tier companies
| make $10m annual app revenue somewhere in the vast gap
| between FANG and Casino Slots 3D.
| BbzzbB wrote:
| Sorry I was just being snarky with the trash app
| mentioned, I could've done without it I just had a talk
| [0, fun one] in the back of my head when writing. There
| must indeed be hundreds (dozens?) of companies which fall
| in a grey area that Apple wouldn't be inclined to ban
| straight up at first offense.
|
| 0: https://www.youtube.com/watch?v=E8Lhqri8tZk
| Apocryphon wrote:
| Nah, I quite appreciated it. It amuses me quite a bit how
| bizarrely specialized a lot of trash software are, which
| mobile platforms tend to heighten. From blatantly
| fraudulent ads that depict bogus gameplay, to Dr. Phil
| shilling Solitaire Grand Harvest on his show, the plain
| tawdriness of the trash app game ecosystem is
| fascinating. And who even wants to play slots on their
| phone anyway?
| BbzzbB wrote:
| Those Dr. Phil 4 minute sponsors for _Solitaire Grand
| Harvest_ kill me just thinking of it with those "live
| demos". I find it absolutely hilarious, yet
| simultaneously depressing to think how many people
| watching him will fall into a trap like and proceed to
| burn their money on - which is assuredly an unfathomable
| amount given his show's size and the duration of the ads.
|
| I also have no clue why those apps work (aside from the
| vague notion it triggers our lizard brains to gamble even
| with fake money), but I'd sure recommend you listening to
| the linked talk if the subject entertains you, I had
| found it really interesting and the speaker is a great
| story teller (IMO anyway).
| VanillaIceWater wrote:
___________________________________________________________________
(page generated 2022-02-17 23:01 UTC)