Apple Warns Chinese Tech Companies Not to Circumvent App Tracking Transparency Rules

[InGen]

Oh good, now how do I stop my cell service company tracking me?

Unfortunately this is a bigger problem than what information Apps are able to record from a person. Telco’s can see your location at all times while you’re connected to their network and depending on local laws they record this data and keep it stored for years at a time. This includes a full point to point map of all your movements at all times (going back even years).

In Australia a controversial law was passed years ago that enforced Telcos to retain custom metadata (including all customer location movements) for 24months for purposes of “crime prevention” and “anti-terrorism”.

And unfortunately until we lose our dependence on these companies by moving over to Starlink type networks or a (hopefully) future Apple equivalent, the only way to currently avoid this collection of all your movements throughout the world is to have your phone always on Airplane mode and only switch it on when you really need it.

With all the debate that happens here over App related privacy issues I really wish more people knew that literally all their movements are being recorded by their Telco providers and shared freely with Law Enforcement and Intel Agencies.

The benefit of the doubt can be given to data-thirsty apps who ultimately have a profit motive and ultimately don’t care who you are so long as they profit over your spending. But the Intel & Gov agencies however want nothing more than to know everywhere you go and everything you do, and this seldom discussed privacy flaw is a far greater risk to public safety and privacy than Instagram wanting to sell me targeting items.

 

[hot-gril]

Understood, but I meant that Google does not operate the Google Play Store in China (nor Google Search for that matter).

I see. Not totally sure what happened with Google Play in China, but it doesn't seem like Google chose it to be that way. Either way, you're probably right that Apple has a better relationship with China if the government isn't acting as hostile against them. Google Search pulled out much earlier because they were being blocked, sued, and hacked.

 

[hot-gril]

No, you can't fake an IMEI. For one, it's illegal, and second, there are legitimate uses for an IMEI.

Ok, but how is a third-party app getting the IMEI? They have no use for it, and I didn't even think Apple allowed it.

 

[now i see it]

funny that many companies will get all screwed up if they cant spy on us

 

[Abazigal]

As opposed to what we've had for decades with Macs & PC's right......

I have never understood this mentality. Just because something has been done that way for decades on Macs and PCs means that it’s perfect and in no need for improvement?

 

[contacos]

Yes because gassing millions of people is exactly like Chinese developers grabbing the IMEI off your phone.

did you just skip over the part where I mentioned the camps in China?

 

[DeepIn2U]

Apple is cracking down on Chinese tech companies that are working on ways to get around upcoming App Tracking Transparency rules, reports Financial Times.

Starting in iOS 14.5, Apple plans to begin requiring app developers to obtain express user permission before accessing an iPhone's advertising identifier or IDFA, and earlier this week, news suggested that the state-backed China Advertising Association was testing a tool to skirt Apple's rules.

Apple on Thursday sent warnings to at least two Chinese app developers using methods to track app usage without user permission. "We found that your app collects user and device information to create a unique identifier for the user's device," reads Apple's email, which says that the developer must update the app to comply with App Store rules within 14 days or risk its removal from the App Store.

According to Financial Times, the app developer in question was using a tool called CAID, which was developed by the aforementioned China Advertising Association. The China Advertising Association this week said that CAID it is not "in opposition" to Apple's privacy policy, but that may not be accurate given the warnings that Apple sent out today.

A Chinese marketing industry veteran told Financial Times that "big and small firms" in China are all considering CAID, but Apple's recent actions "will put a stop to these tests." Some of the biggest tech companies in China, such as Baidu, ByteDance, and Tencent, are all testing or implementing CAID to identify users.

ByteDance, for example, has recommended that developers use its SDK to issue CAID1 and CAID2 identifiers. One is based on a user's IP address and the other is based on the phone's IMEI, which is a unique identification number. The CAID1 and CAID2 identifiers violate Apple's rules because they do not ask for user permission before collecting this data. ByteDance has also recommended that developers use "fingerprinting and probabilistic matching" to identify users, which is also against the App Store Guidelines for App Tracking Transparency.

The China Advertising Association said that it is developing additional services that will collect and store personal data from users to create a "fingerprint" for each person. Any app that uses the CAID system will collect user data and send it to a central server to create a CAID identifier that will be used for cross-app user identification purposes. The CAA claims that users can opt out of CAID, but by Apple's definitions, it is not allowed in the first place.

Tech experts believe that Chinese apps plan to tweak their apps in "numerous ways" to get past Apple's App Store review team, with one likening it to a "cat-and-mouse" game. Apple has said multiple times that apps that disregard user preference when it comes to ad tracking will be rejected, which could lead to difficulties with Chinese companies and the Chinese government going forward.

Article Link: Apple Warns Chinese Tech Companies Not to Circumvent App Tracking Transparency Rules

YES! Finally Apple (and somebody within) showing some big cojones!

’bout time Apple is really fighting back, not just fighting for the user but upholding and standing their ground.

Boys ‘n‘ girls ... this is what’s called ‘shots fired!’

 

[DeepIn2U]

I know the market is too big and Apple would never even consider it (especially considering all the products assembled there), but in a perfect world, Apple should just pull out of China. Let Google have it. More trouble than it's worth.

Apple has already begun pulling out. This isn’t about the country mind you - let’s not go there with that line of thinking, please. This is about privacy for the platform and the users. There is enough vitriol regarding people of any nation. Let’s not perpetuate this here in the forums.

PS: I know you may not intend(ed) to - just pointing out for all of us, myself included, to avoid any perception leading to that.

CHeers.

 

[SDJim]

The CCP can f*k right off

 

[ikramerica]

I had a strong feeling it would be IMEI based.

 

[Tech198]

Chinese is always on the targeted attack.. No one really likes letting users make up their own minds do they.. First it was Facebook, and now China... FB walked down on ths as being a "good" thing, but China ? Well. they just don't play nice anyway with anyone.

 

[0924487]

A bit off topic, but China does not allow non-Chinese applications... Why do we?

China does. For example, Air Canada app is in the Chinese App Store.

 

[DeepIn2U]

Deleted: ignore nothing to see bout my post here.

 

[applicious84]

Never's a good time, but now especially...maybe Sinophobic sentiment is not the way to go. Whether veiled or overt, it's wild to see how freely people spurt their prejudice on this forum

 

[gnasher729]

If developers want to play a "Cat and Mouse" game, there is a risk: If Apple figures out that you intentionally try to get around their App Store rules, they absolutely have the right to cancel your developer account. Which means your app is dead. Now if there are _many_ Chinese companies trying this, cancelling just a few developer accounts will probably teach the others a lesson.

(In a previous life I learned about a major German company that wasn't just accused of violating safety rules - if that happens, you fix it and life goes on - but was threatened with an accusation of not taking safety rules seriously at all. Which would have shut down a billion dollar company).

 

[gnasher729]

Simple: Apple please let us know if you suspect an app is flouting the rules in an App Store warning and then we won't download the app.

Also alert us to the Country of the developer more clearly at the top of the page.

It doesn't work like that. If Apple felt a need to warn you about an app, that app wouldn't be on the App Store.

 

[jlc1978]

Hah. When the western ad companies fighting Apple find themselves in the public eye being on the same side as the Chinese wanting to track people… This could actually turn into something really fun to watch play out in media.

I doubt we'll see that - the messaging will be very different.

 

[Suckfest 9001]

Honestly they should just make scanning device info permission-based as well. I’m totally fine answering it once per app install if the app tries to do it

 

[I7guy]

Oh ofc he will. Soon as Xi Jinping hears about this warning you can bet Cook will issue a statement saying "Certain apps" will be exempt from the new rules.

His duplicity and hypocrisy knows no bounds.

Not much we can do about it. In spite of the criticisms Tim Cook has taken Apple to $2T. Personally he has been paid very well. He has money and power.

All we can do is criticize him in an online forum and hope the universe notices he speaks from both sides of his mouth. /s

 

[svanstrom]

Would it be possible for Apple to design iOS to generate burner identifiers apps see? Something the user turns on. That way even if apps circumvent the rules. They don’t know if they are seeing the real identifiers or the burner identifiers the phones generated for the app.

That's basically what the IDFA was meant to be; and the whole thing making the trackers upset rn is that Apple is adding that the users must opt-in allow trackers access to it:

Identifier for Advertisers - Wikipedia

en.wikipedia.org

 

[gnasher729]

Apple is so reliant on China they don't really have any leverage to enforce much of anything do they?

There is a guy at Apple with a big button who can throw any app off the AppStore. And they have a lawyer who can cancel anyone’s developer contract. Just ask Epic if Apple has any leverage.

 

[UnusedLoginID]

Chinese tech company:
“Wait... What?... You can do that? (Circumvent app tracking transparency rules)… Thank you Apple for letting us know…”

 

[svanstrom]

Chinese tech company:
“Wait... What?... You can do that? (Circumvent app tracking transparency rules)… Thank you Apple for letting us know…”

Tracking anyone that basically isn't a senior developer or better, that actively takes very serious and inconvenient precautions, is ridiculously easy to do.

In many ways this whole hullabaloo is about almost nothing but a play to the galleries as code, behind the scenes, is rewritten to work differently but give the same results.

For instance, if tracking can't be easily done with just a line of javascript it will instead be integrated into the backends; and if devices don't have a sanctioned device ID it will fall onto things like login libraries to essentially call home and drop clues about the devices they're on (including that the remove server out of necessity will get the remote IPaddress; which is just an extremely simplified example of what actually can be done with networking to keep track of individual units).

The tracking companies are upset, but unless completely incompetent they are just stalling for time to change around how their code/products work.

 

[Abazigal]

This kind of thing is like playing “whack a mole”. Developers are always finding ways of gaming the system, and Apple can only keep monitoring the situation and match them move for move.