Sophos Cloud Optix
Apple got caught with its hand in the cookie jar when privacy experts protested the use of a universal device identifier, or UDID, to track the online preferences of iPhone and iPad users.
The problems with that model became all too apparent after hackers compromised systems belonging to digital media firm Bluetoad and made off with close to a million device IDs.
Enough is enough, right? Well, maybe not.
It looks like device tracking is back with iOS 6, courtesy of a new tracking technology: IDFA, or identifier for advertisers.
Like the UDID, the IDFA uniquely identifies your Apple device.
Websites that you browse with your iPhone or iPad device can request the IDFA. Unlike UDID, however, the IDFA can’t be traced back to individuals, it merely links a pattern of online behavior with a specific device.
Also unlike the UDID, IDFA can be disabled from within iOS, though Apple leaves it enabled, by default.
The Cupertino company has said little about IDFA since releasing the latest version of iOS last month. According to published reports, however, the IDFA acts like a persistent cookie on the phone: allowing advertisers to track user surfing behavior on their phone and record interactions up to and including “conversion” – a purchase or download.
Writing on his company’s blog in June, prior to the release, Michael Oiknine, the CEO of mobile application analytics firm Apsalar said that IDFA offered many advantages over the discredited UDID.
Among other things: the IDFA is reset when the device, itself, is reset. That will prevent user data from being corrupted when they sell or transfer their phone to a new owner, Oiknine said.
Giving users the ability to opt-out of tracking will satisfy privacy concerns.
And, because Apple is the 600 pound gorilla of the mobile space, IDFA stands a good chance of being adopted universally, clearing up confusion created by competing standards like OpenUDID and ODIN, he said.
But others expressed skepticism about the privacy protections included with IDFA.
Among other things, critics have noted that the IDFA is enabled by default, and that Apple opted to put the feature for disabling tracking in the mostly-ignored “About” section under the General settings – which mostly lists technical information about the phone.
Critics argued that it more properly belongs under the iPhone Privacy settings.
Furthermore, the company asks users to disable tracking by enabling the “Limit Ad Tracking” option – a tricky bit of mental misdirection that may leave users who manage to track down the opt-out option believing that they’re already opted out.
If you want to turn off device tracking using the IDFA on your iOS6 device, do the following:
1) Click on Settings.
2) Click on General to access the General Settings.
3) Click About
4) Scroll down and click on Advertising.
5) Set Limit Ad Tracking to “ON”.
Happy mobile surfing, stranger!
“If you choose to limit ad tracking, apps are not permitted to use the Advertising Identifier to serve you targeted ads”
This smells like weasel-wording. Most people would expect that when they set a preference like this, they’re protecting their privacy by telling their device not to give out certain information. But this wording doesn’t do that; it still allows the advertisers to collect all of the same information about you; it just means that they agree not to use it to show you targeted ads. This preference just gives the user the illusion of control by letting them choose not to see the effect of the advertisers getting their data.
If Apple really intends to give the user the ability to protect their privacy, they should say something like:
“If you choose to limit ad tracking, apps will not be given access to your Advertising Identifier”
is there an equivalent of ghostery to use on the iphone to stop cookies in safari?
Hi,
Very interesting article, providing both the threats and opportunities afforded by the new IDFA.
You claim that "Websites that you browse with your iPhone or iPad device can request the IDFA". Can you substantiate this? I've only managed to confirm that the IDFA is exposed to apps, and have been looking for evidence that it's also exposed to websites you visit through your browser. Could you please confirm what your sources are, as I'd love to find out more?
Many thanks!
Hi,
Is it really gives us safe side on privacy manner ? How this IDFA cop with third party supports ? Tell me some source that help me in this regards.
Apple has now again eradicated this feature from the next-generation iOS 10 beta. I have been running the beta from last 1 day, and figured out lots of stuff that is coming now.