Goodbye Tracking? Impact of iOS App Tracking Transparency and Privacy
Labels
- URL: http://arxiv.org/abs/2204.03556v4
- Date: Sat, 7 May 2022 09:54:52 GMT
- Title: Goodbye Tracking? Impact of iOS App Tracking Transparency and Privacy
Labels
- Authors: Konrad Kollnig, Anastasia Shuba, Max Van Kleek, Reuben Binns, Nigel
Shadbolt
- Abstract summary: Apple introduced two significant changes with iOS 14: App Tracking Transparency (ATT), a mandatory opt-in system for enabling tracking on iOS, and Privacy Nutrition Labels.
This paper addresses the impact of these changes on individual privacy and control by analysing two versions of 1,759 iOS apps from the UK App Store.
We find that Apple itself engages in some forms of tracking and exempts invasive data practices like first-party tracking and credit scoring.
- Score: 25.30364629335751
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Tracking is a highly privacy-invasive data collection practice that has been
ubiquitous in mobile apps for many years due to its role in supporting
advertising-based revenue models. In response, Apple introduced two significant
changes with iOS 14: App Tracking Transparency (ATT), a mandatory opt-in system
for enabling tracking on iOS, and Privacy Nutrition Labels, which disclose what
kinds of data each app processes. So far, the impact of these changes on
individual privacy and control has not been well understood. This paper
addresses this gap by analysing two versions of 1,759 iOS apps from the UK App
Store: one version from before iOS 14 and one that has been updated to comply
with the new rules.
We find that Apple's new policies, as promised, prevent the collection of the
Identifier for Advertisers (IDFA), an identifier for cross-app tracking.
Smaller data brokers that engage in invasive data practices will now face
higher challenges in tracking users - a positive development for privacy.
However, the number of tracking libraries has roughly stayed the same in the
studied apps. Many apps still collect device information that can be used to
track users at a group level (cohort tracking) or identify individuals
probabilistically (fingerprinting). We find real-world evidence of apps
computing and agreeing on a fingerprinting-derived identifier through the use
of server-side code, thereby violating Apple's policies. We find that Apple
itself engages in some forms of tracking and exempts invasive data practices
like first-party tracking and credit scoring. We also find that the new Privacy
Nutrition Labels are sometimes inaccurate and misleading.
Overall, our findings suggest that, while tracking individual users is more
difficult now, the changes reinforce existing market power of gatekeeper
companies with access to large troves of first-party data and motivate a
countermovement.
Related papers
- Honesty is the Best Policy: On the Accuracy of Apple Privacy Labels Compared to Apps' Privacy Policies [13.771909487087793]
Apple introduced privacy labels in Dec. 2020 as a way for developers to report the privacy behaviors of their apps.
While Apple does not validate labels, they also require developers to provide a privacy policy, which offers an important comparison point.
We fine-tuned BERT-based language models to extract privacy policy features for 474,669 apps on the iOS App Store.
arXiv Detail & Related papers (2023-06-29T16:10:18Z) - ATLAS: Automatically Detecting Discrepancies Between Privacy Policies
and Privacy Labels [2.457872341625575]
We introduce the Automated Privacy Label Analysis System (ATLAS)
ATLAS identifies possible discrepancies between mobile app privacy policies and their privacy labels.
We find that, on average, apps have 5.32 such potential compliance issues.
arXiv Detail & Related papers (2023-05-24T05:27:22Z) - SPAct: Self-supervised Privacy Preservation for Action Recognition [73.79886509500409]
Existing approaches for mitigating privacy leakage in action recognition require privacy labels along with the action labels from the video dataset.
Recent developments of self-supervised learning (SSL) have unleashed the untapped potential of the unlabeled data.
We present a novel training framework which removes privacy information from input video in a self-supervised manner without requiring privacy labels.
arXiv Detail & Related papers (2022-03-29T02:56:40Z) - AirGuard -- Protecting Android Users From Stalking Attacks By Apple Find
My Devices [78.08346367878578]
We reverse engineer Apple's tracking protection in iOS and discuss its features regarding stalking detection.
We design "AirGuard" and release it as an Android app to protect against abuse by Apple tracking devices.
arXiv Detail & Related papers (2022-02-23T22:31:28Z) - Analysis of Longitudinal Changes in Privacy Behavior of Android
Applications [79.71330613821037]
In this paper, we examine the trends in how Android apps have changed over time with respect to privacy.
We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers.
We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
arXiv Detail & Related papers (2021-12-28T16:21:31Z) - Are iPhones Really Better for Privacy? Comparative Study of iOS and
Android Apps [25.30364629335751]
We present a study of 24k Android and iOS apps from 2020 along several dimensions relating to user privacy.
Third-party tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children.
Across all studied apps, our study highlights widespread potential violations of US, EU and UK privacy law.
arXiv Detail & Related papers (2021-09-28T13:40:32Z) - The AppChk Crowd-Sourcing Platform: Which third parties are iOS apps
talking to? [0.76146285961466]
The platform consists of an iOS app to monitor network traffic and a website to evaluate the results.
Monitoring takes place on-device; no external server is required.
Results are used to detect new trackers, point out misconduct in privacy practices, or automate comparisons on app-attributes like price, region, and category.
arXiv Detail & Related papers (2021-04-13T13:19:50Z) - Emerging App Issue Identification via Online Joint Sentiment-Topic
Tracing [66.57888248681303]
We propose a novel emerging issue detection approach named MERIT.
Based on the AOBST model, we infer the topics negatively reflected in user reviews for one app version.
Experiments on popular apps from Google Play and Apple's App Store demonstrate the effectiveness of MERIT.
arXiv Detail & Related papers (2020-08-23T06:34:05Z) - Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy.
We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z) - TAO: A Large-Scale Benchmark for Tracking Any Object [95.87310116010185]
Tracking Any Object dataset consists of 2,907 high resolution videos, captured in diverse environments, which are half a minute long on average.
We ask annotators to label objects that move at any point in the video, and give names to them post factum.
Our vocabulary is both significantly larger and qualitatively different from existing tracking datasets.
arXiv Detail & Related papers (2020-05-20T21:07:28Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.