Late in 2020, Apple activated its anti-tracking technology. App Store apps were required to disclose all data they collected from users, and before an app was allowed to track your activity, it was required to ask permission. Apple already had brought privacy protections to the Safari browser. Now it was bringing them to the iPhone and iPad. But as the cynical reader might expect, it didn’t work out quite as planned. The disclosure labels in the App Store are spottily enforced, and—according to a Washington Post report—the worst app developers have found workarounds and are still stealing plenty of your data.  “Even if users disable access to tracking using ATT [app tracking transparency], there’s still a chance that the app is tracking you with third-party trackers because the uncomfortable truth is that some developers are still going to find loopholes and workarounds for such policies,” Eden Cheng, CEO of a people-tracking site, told Lifewire via email. 

App Tracking Transparency—Plan vs Reality

App Tracking Transparency (ATT) does not block apps from tracking your activity while you use them. What it does is allow the user to deny these apps permission to use an IDFA (Identifier for Advertisers). The IDFA is a unique identifier expressly made to allow tracking, but while protecting user data. It’s a decent idea, but the problem is that apps can track you in many other ways. For example, they can collect your IP address, and from this, infer your physical location with surprising accuracy. They can know what model of iPhone you’re using, how much storage is left on your device, and even things like the current volume level and screen brightness. After all, apps are apps, and they have to know about your device to interact with it. But unscrupulous developers can use this data to create a “fingerprint” of your device to enable it to track your activity inside and outside the app. And it’s not just tracking. Apps are connected to the internet, so they can take any data and send it anywhere. If you grant a weather app permission to know your location, it can share or sell that data. Ditto your contact list, which may be even worse as it stores other people’s data, not your own.

Ask Not To Track

When an app wants to use the IDFA, it has to ask. Most users tap to deny permission, and the effect has been dramatic. Last week, Facebook’s stock dropped when it reported that iOS’s anti-tracking features would continue to affect its ad business.  But as we have seen, denying permission to the IDFA doesn’t improve your privacy beyond disabling this basic tracking token. Instead, it could make things worse by tricking users into believing that the apps in question no longer will be able to track them.  There are ways to protect yourself, but this only helps savvy users. The best way is to install a firewall app on your devices. A firewall monitors and filters all internet connections that leave and enter your iPhone or iPad. Some, like Lockdown, use blocklists to deny connections. Others, like the anti-tracking app Guardian, send all your data through a VPN and block trackers at the server level.  Guardian even offers a feature that gives real-time alerts when apps try to make unexpected connections, which shows how common the problem is. “I personally feel it helps hammer in how pervasive this kind of activity is. With some apps, they appear to be pinging trackers almost nonstop,” Will Strafach, creator of Guardian, told Lifewire via direct message.  The downside of these options is that you have to vet and trust the vendors because you give them access to your internet traffic. But until Apple builds in better protection, third-party options are all we have, and some, like Guardian and Lockdown, are on the level in my experience. Apple’s anti-tracking continues to improve, with new features coming in iOS 15. But right now, it’s still a bit of a mess. So if you care about this stuff (and you should), it’s worth looking into your options for better protection.