Click to Skip Ad
Closing in...

Some iPhone apps break iOS privacy protections and keep tracking you – here’s proof

iPhone 11

Tim Cook marked his 10th anniversary last year as Apple CEO. And while he shows no signs of slowing down anytime soon in his leadership role at the iPhone maker, it’s already pretty clear what legacy he’ll leave behind for whoever follows him. It encompasses everything from Apple TV shows to wearables. To, also, the privacy architecture that underpins the scores of iPhone apps that populate the company’s App Store.

Steve Jobs’ handpicked successor, as noted, has ever-so-subtlely tilted Apple’s focus away from an over-reliance on hardware sales. He’s built up a huge services business, bringing in recurring revenue for things like Apple TV Plus. He’s also taken Apple deep into health and wellness, via the Apple Watch and services like Apple Fitness Plus.

And he’s also made privacy a top priority. Via a push that’s seen Cook emerge as a leading foil of Facebook CEO Mark Zuckerberg, while also overseeing a big shift in the way iPhone apps treat customer data.

App Tracking Transparency

apple event wwdc 2021
Apple SVP Craig Federighi, shown at the iPhone maker’s WWDC 2021 event. Image source: Apple

New data, however, punctures that bubble — at least, a little bit.

A new research paper out in recent days analyzed two versions of more than 1,700 iOS apps from the UK version of Apple’s App Store. One version from before the rollout of iOS 14, which brought two huge new privacy changes, and one version from after that rollout. That is, after the apps had to comply with the new privacy framework.

The two changes included, first, so-called privacy nutrition labels for apps. Which now lets users know, in granular detail, what data an app is collecting from them. Similar to food nutrition labels that give you insight into what ingredients comprise the foods we eat.

The more dramatic change was the launch of App Tracking Transparency. ATT essentially made it harder for companies like Facebook to track users around apps. “We find that Apple’s new policies, as promised, prevent the collection of the Identifier for Advertisers (IDFA), an identifier used to facilitate cross-app user tracking,” the new research paper notes.

“Smaller data brokers, who used to engage in some of the most invasive data practices, will now face higher challenges in tracking users – a positive development for privacy.”

There’s a caveat, though.

Some iPhone apps still getting sneaky

Apple CEO Tim Cook at WWDC 2021
Apple CEO Tim Cook on stage during the WWDC 2021 keynote. Image source: Apple Inc.

The aforementioned paper from researchers in the UK goes on to note the following. That the number of tracking libraries in apps has stayed “roughly the same” in the apps studied post-iOS 14. “Many apps still collect device information,” the paper goes on to say, “that can be used to track users at a group level (cohort tracking) or identify individuals probabilistically (fingerprinting).”

But that’s not all.

“We find real-world evidence of apps computing and agreeing on a fingerprinting-derived identifier through the use of server-side code, thereby violating Apple’s policies and exposing the limits of what ATT can do against tracking on iOS,” the paper continues.

What’s even more concerning is that the researchers said they explicitly refused opt-in to tracking as part of this study. And consent is a legal requirement as a function of EU and UK data protection law.

Bottom line: Apple’s App Tracking Transparency did bring a valuable change to the way iPhone apps handle user privacy. It’s not perfect, though, and Apple never claimed it was. This new research paper raises some valuable points about the flaws inherent in the system. But beware of taking that too far.

Using the findings to beat up on Apple also feels a little like criticizing the utility of seat belts because they, alone, don’t guarantee everyone who uses them will survive a car wreck. Nothing is perfect.


More iPhone coverage: For more iPhone news, visit our iPhone 14 guide.

Andy Meek profile photo

Andy Meek is a reporter based in Memphis who has covered media, entertainment, and culture for over 20 years. His work has appeared in outlets including The Guardian, Forbes, and The Financial Times, and he’s written for BGR since 2015. Andy's coverage includes technology and entertainment, and he has a particular interest in all things streaming. Over the years, he’s interviewed legendary figures in entertainment and tech that range from Stan Lee to John McAfee, Peter Thiel, and Reed Hastings.