This will be more similar to giving location or push permissions that a cookie warning. You have to actively opt-in to allowing an app access to your IDFA on an app-by-app basis. They can ask you to do this one time and if you say no the only way that setting will ever change is if you go to the iOS settings app and enable tracking for that app. Currently you can opt out on a system level. The change will make it opt in on an app level.
The pop-up is literally “allow tracking” and “disallow tracking” and disallowing does not give the advertisers any kind of information about cross-app usage. It is not something you can as a developer circumvent.
There are hundreds of ways to fingerprint you and your device, without an avertising ID. You just need a few (5-7?) To uniquely identify someone.
A few examples that come to my mind:
Current battery level, typing speed, phone model, OS version, battery wear (guessable from charge/discharge rate), charge rate (depends on the charger), finger width, propensy to use features differently (scrolling, zooming, selecting text), clipboard contents, RTC lag, microbenchmark performance... System preferences alone is probably enough (brightness level, airplane mode, dark mode).
If a fingerprinting library is present in more than one app, I find it unlikely that both fingerprints couldn't be linked to the same user. If one of these apps has a log-in, they can probably link that up with the rest of browsing history, on-device and cross-device.
Sounds far-fetched? I don't think so. I rather think I'm underestimating the issue.
I think one technical answer to that would be to "taint" every measurement of a potential identifier, and track its usage across the program. If the app tries to submit information that is somewhat related, block it.
Alternatively, compute a score and block it above a certain threshold (that will be gamed, but could help a transition). Or use a RR-like mechanism to change the measurement to a dummy value, and replay up to the exfiltration point.
What you've said is accurate, but one thing that's different in this case compared to the web is Apple's walled garden.
The walled garden certainly has problems but in this case a real benefit is that Apple forbids these kinds of technical workarounds. You can implement them, but do you want to run the risk of your app being banned from the only distribution channel on iOS because of it?
That walled garden still appears to have major holes in its fences, as shown by the Facebook SDK having infected every single mainstream app for the sole purpose of stalking the user in the background (over time Facebook can correlate the traffic by date/time, IP address, device type, etc and link different instances of the SDK together).
Yes, but this what the feature is aiming to address. Apps that use the Facebook SDK will have to ask for permission to track the user and if the user says no they shouldn't intialize the Facebook SDK, at least not the parts that relate to ad analytics and tracking.
It seems to me that this feature only restricts access to the IDFA/Advertising ID. It does not prevent the app from loading a piece of malware that uses other means (device & network fingerprinting) to stalk you regardless of the availability of the IDFA.
Apple have been very clear about you being responsible for the SDKs you use and while the technical limitations are only about IDFA Apple have also stated that other methods of fingerprinting are not allowed when the user asked not to be tracked. Thus, App A that uses SDK B can be banned from the App Store if the user asked not to be tracked but B still tracks using something like fingerprinting.
> other methods of fingerprinting are not allowed when the user asked not to be tracked
We'll need to see how well this is enforced and whether they will challenge bullshit excuses. I can already imagine the Facebook SDK sending its usual amount of PII and them saying "this is only for fraud protection (or a similar BS reason) and we pinky-promise to never use this information for anything else".
Except there will be an option to deny tracking. Hopefully Apple will require and enforce a genuine free choice and opt-in.
With GDPR cookie warnings, you’re required to opt in, but everybody uses dark UI patterns to make you “opt in” (like forcing you to uncheck each tracker individually, and claiming it takes several minutes to “update your preferences”)
The problem with the GDPR is the lack of enforcement which allows criminal companies to get away with bullshit like this. With the potential of huge fines (and the fact that the cases seem very straightforward and there's plenty of strong evidence of a breach) I think the only explanation for this blatant lack of enforcement is that the same people who are supposed to enforce the law are in bed with those that break this same law.
