The Chinese Advertising Association has developed an identifier called the China Anonymization ID, or CAID, to ensure the continued ability to track iOS users after Apple implements its App Tracking Transparency (ATT) framework.
The technology is currently being tested by some of China's largest technology companies, including ByteDance and Tencent, according to The Financial Times, and represents a threat to Apple's ability to constrain developer data-harvesting behavior.
The concern is that if enough apps in China implement CAID, via an ad SDK that supports it, Apple will be unwilling to risk the economic and political blowback from banning them all.
Apple introduced its ATT privacy framework in June, 2020, at its Worldwide Developer Conference (WWDC). As the company explained at the time, apps operating under iOS 14 will be required to ask permission to track users through the ATT framework. Implementing this code means the user will be presented with a permission dialog box to opt-in to being tracked, thereby granting permission to use Apple's IDFA (Identifier for Advertisers).
CAID aims to be a fallback and/or replacement for Apple's IDFA.
Apple intended to debut ATT around the time iOS 14 launched last September but the outcry from ad companies like Google and Facebook, which stand to lose ad revenue if people have to actually choose to be tracked on iOS devices, has delayed the technology. The current iOS release is 14.4.1 and ATT is expected to be deployed in iOS 14.5, now in beta.
The arrival of ATT has alarmed ad tech companies enough that several in the US have banded together to form the Post-IDFA Alliance, a group focused on "addressing the concerns of mobile marketers and app publishers in the wake of Apple’s recent update to IDFA policies."
We've got some really bad news about Apple's privacy measures, Google tells iOS app devs: It'll hurt your Google ad revenueREAD MORE
Details about CAID are not yet widely available but a mobile ad tech firm based in China, TrackingIO previously posted its take on the technology. Those details have been preserved in the Internet Archive's Wayback Machine.
The documentation, as algorithmically translated, states, "Because CAID does not depend on Apple IDFA and can generate device identification ID independently of IDFA, it can be used as an alternative to device identification in iOS 14 and a supplementary solution when IDFA is not available..."
TrackingIO's summary claims CAID does not collect private data and only transmits an encrypted result.
App developers implementing CAID in China will need to integrate an ad SDK that supports it into their code. It's not yet clear how Apple will respond to mass developer disobedience, if it comes to that.
Eric Seufert, a mobile marketing consultant and analyst, argued on Twitter that Apple is caught in an impossible situation: It's unable to make ATT a viable privacy project if it exempts companies in China and it's unlikely to sanction Chinese companies en masse when Apple itself depends upon the favor of the China government to operate in the country.
Part of what makes CAID problematic for Apple, Seufert contends, is that "CAID is effectively a data co-op: a central server maintains persistent IDs of users that are contributed to by a consortium of companies."
Zach Edwards, co-founder of web analytics biz Victory Medium, told The Register that the US government purchases a lot of iPhones and Apple is not going to want to put that business at risk by allowing SDKs that flout its privacy requirements.
He said that the number one way Apple can reduce potential harm is to update its App Privacy labels in its App Store so that all SDKs present are disclosed.
"There are growing lists of Chinese and global companies who seem to be working on the CAID standards, or have code mentioning them on their websites/dev docs, and this should basically be part of a growing list of SDKs/apps that are banned by the US government," he said.
Apple did not respond to a request for comment. ®