The privacy changes that Apple made in iOS 14 to stop apps from tracking users’ data have not fully stopped developers from the illegal practice and several apps are still tracking data despite the user having asked the apps not to be tracked, a study has revealed.
The study of 1,759 iOS apps from the UK App Store before and after Apple implemented the major privacy feature last year found that Apple’s new policies live largely up to its promises in making tracking more difficult.
“At the same time, apps still widely use tracking technology of large companies, and send a range of user and device characteristics over the Internet for the purposes of cohort tracking and user fingerprinting,” said the team from the University of Oxford in the UK in a paper.
The researchers found real-world evidence of apps computing a mutual fingerprinting-derived identifier through the use of “server-side code” — a violation of Apple’s new policies and highlighting the limits of Apple’s enforcement power as a privately-owned data protection regulator.
“Indeed, Apple itself engages in some forms of user tracking and exempts invasive data practices like first-party tracking and credit scoring from its new privacy rules,” claimed Konrad Kollnig, Department of Computer Science, University of Oxford.
“Apps’ Privacy Nutrition Labels were often inaccurate and are currently misleading for consumers. These observations are in conflict with the company’s marketing claims and the resulting expectations of many iOS users,” the team noted.
Despite positive developments over the recent months and years, especially through initiatives by Apple, there is still some way to go for app privacy.
The researchers lamented that the violations of various aspects of data protection and privacy laws remain widespread in apps while enforcement of existing data protection laws against such practices stays sporadic.
“Apple’s privacy efforts are hampered by its closed-source philosophy on iOS and the opacity around its enforcement of its App Store review policies. These decisions by Apple remain an important driver behind limited transparency around iOS privacy,” the emphasised.
The team also found that Apple’s Privacy Nutrition Labels were often inaccurate and are currently misleading for consumers.
“These observations are in conflict with the company’s marketing claims and the resulting expectations of many iOS users,” they said.
In defence of user privacy, Apple last year introduced two significant changes with iOS 14: App Tracking Transparency (ATT), a mandatory opt-in system for enabling tracking on iOS, and Privacy Nutrition Labels, which disclose what kinds of data each app processes.