Will Apple blink? ByteDance, Tencent, others ready new ad-tracking tech in defiance of iOS privacy protections

Middle Kingdom tests backup plan for when iGiant starts blocking app stalkers

The Chinese Advertising Association has developed an identifier called the China Anonymization ID, or CAID, to ensure the continued ability to track iOS users after Apple implements its App Tracking Transparency (ATT) framework.

The technology is currently being tested by some of China's largest technology companies, including ByteDance and Tencent, according to The Financial Times, and represents a threat to Apple's ability to constrain developer data-harvesting behavior.

The concern is that if enough apps in China implement CAID, via an ad SDK that supports it, Apple will be unwilling to risk the economic and political blowback from banning them all.

Apple introduced its ATT privacy framework in June, 2020, at its Worldwide Developer Conference (WWDC). As the company explained at the time, apps operating under iOS 14 will be required to ask permission to track users through the ATT framework. Implementing this code means the user will be presented with a permission dialog box to opt-in to being tracked, thereby granting permission to use Apple's IDFA (Identifier for Advertisers).

CAID aims to be a fallback and/or replacement for Apple's IDFA.

Apple intended to debut ATT around the time iOS 14 launched last September but the outcry from ad companies like Google and Facebook, which stand to lose ad revenue if people have to actually choose to be tracked on iOS devices, has delayed the technology. The current iOS release is 14.4.1 and ATT is expected to be deployed in iOS 14.5, now in beta.

The arrival of ATT has alarmed ad tech companies enough that several in the US have banded together to form the Post-IDFA Alliance, a group focused on "addressing the concerns of mobile marketers and app publishers in the wake of Apple’s recent update to IDFA policies."

Photo of the Google page

We've got some really bad news about Apple's privacy measures, Google tells iOS app devs: It'll hurt your Google ad revenue


Details about CAID are not yet widely available but a mobile ad tech firm based in China, TrackingIO previously posted its take on the technology. Those details have been preserved in the Internet Archive's Wayback Machine.

The documentation, as algorithmically translated, states, "Because CAID does not depend on Apple IDFA and can generate device identification ID independently of IDFA, it can be used as an alternative to device identification in iOS 14 and a supplementary solution when IDFA is not available..."

TrackingIO's summary claims CAID does not collect private data and only transmits an encrypted result.

App developers implementing CAID in China will need to integrate an ad SDK that supports it into their code. It's not yet clear how Apple will respond to mass developer disobedience, if it comes to that.

Eric Seufert, a mobile marketing consultant and analyst, argued on Twitter that Apple is caught in an impossible situation: It's unable to make ATT a viable privacy project if it exempts companies in China and it's unlikely to sanction Chinese companies en masse when Apple itself depends upon the favor of the China government to operate in the country.

Part of what makes CAID problematic for Apple, Seufert contends, is that "CAID is effectively a data co-op: a central server maintains persistent IDs of users that are contributed to by a consortium of companies."

Zach Edwards, co-founder of web analytics biz Victory Medium, told The Register that the US government purchases a lot of iPhones and Apple is not going to want to put that business at risk by allowing SDKs that flout its privacy requirements.

He said that the number one way Apple can reduce potential harm is to update its App Privacy labels in its App Store so that all SDKs present are disclosed.

"There are growing lists of Chinese and global companies who seem to be working on the CAID standards, or have code mentioning them on their websites/dev docs, and this should basically be part of a growing list of SDKs/apps that are banned by the US government," he said.

Apple did not respond to a request for comment. ®

Other stories you might like

  • Woman accused of killing boyfriend after tracking him down with Apple AirTag
    New meaning for accessory to murder

    A woman in the US has been charged with murder after she allegedly tracked down her boyfriend using an Apple AirTag and ran him over after seeing him with another lady.

    Gaylyn Morris, 26, found her partner Andre Smith, also 26, at Tilly’s Pub in an Indianapolis shopping mall with the help of the gadget in the early hours of June 3, it is claimed.

    A witness said Morris had driven up to him in the parking lot and inquired whether Smith was in the bar, stating she had a GPS tracker that showed he was inside, according to an affidavit [PDF] by Detective Gregory Shue. Morris, the witness said, subsequently spotted Smith within the establishment.

    Continue reading
  • TikTok US traffic defaults to Oracle Cloud, Beijing can (allegedly) still have a look
    Alibaba hinted the gig was worth millions each year

    The US arm of Chinese social video app TikTok has revealed that it has changed the default location used to store users' creations to Oracle Cloud's stateside operations – a day after being accused of allowing its Chinese parent company to access American users' personal data.

    "Today, 100 percent of US user traffic is being routed to Oracle Cloud Infrastructure," the company stated in a post dated June 18.

    "For more than a year, we've been working with Oracle on several measures as part of our commercial relationship to better safeguard our app, systems, and the security of US user data," the post continues. "We still use our US and Singapore datacenters for backup, but as we continue our work we expect to delete US users' private data from our own datacenters and fully pivot to Oracle cloud servers located in the US."

    Continue reading
  • Apple dev roundup: Weather data meets privacy, and other good stuff
    No AR/VR glasses but at least RoomPlan will let you make rapid 3D room maps

    WWDC Apple this week at its Worldwide Developer Conference delivered software development kits (SDKs) for beta versions of its iOS 16, iPadOS 16, macOS 13, tvOS 16, and watchOS 9 platforms.

    For developers sold on seeking permission from Apple to distribute their software and paying a portion of revenue for the privilege, it's a time to celebrate and harken to the message from the mothership.

    While the consumer-facing features in the company's various operating systems consist largely of incremental improvements like aesthetic and workflow enhancements, the developer APIs in the underlying code should prove more significant because they will allow programmers to build apps and functions that weren't previously possible. Many of the new capabilities are touched on in Apple's Platforms State of the Union presentation.

    Continue reading

Biting the hand that feeds IT © 1998–2022