Feeds

back to article A lesser-known new feature in iOS 6: It's tracking you everywhere

Apple has enabled user tracking of its customers once again, with the recently released iOS 6 enabling advertisers to see which apps users have run, and which adverts they've seen – all for the benefit of the users, of course. The feature wasn't highlighted by Apple at the launch of iOS 6, as Business Insider points out in its …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

Sensationalistic title

So hang on, before in iOS 5 developers could use UDID to track people and this couldn't be prevented, and now developers can use IFA which *can* be prevented.

How is that a bad thing as portrayed by the author's choice of words in the title?

Although I suppose devs can still use the UDID and carry-on as nothing had happened...

12
9

Re: Sensationalistic title

From reading the article, I gather that UDID is not present in iOS5. So it is true that you can track people in iOS6, while you couldn't in iOS5.

2
4
Anonymous Coward

Re: Sensationalistic title

The article is full of mistakes. IOS 5 did have UDIDs, however as Apple transitioned away from them they rejected app submissions that used them,. Hwever old apps that weren't updated continued to use UDID as before.

The UDID blocking was at the point App Store submission, not on iOS itself.

7
1
Thumb Down

Re: Sensationalistic title

UDIDs were available in iOS 5 - and are actually still available in iOS 6, but (I suspect, not tested it) only to old apps built for older OS versions. I think apple are just not approving new apps that try to use it, as of quite recently. (I'm an iOS developer - but not one that puts adverts / tracking / analytics / other bullshit into any apps :)

So yes, I agree that the title is totally sensationalist. This is actually an improvement, because now we do at least have an opt-out, even if it is pretty obscure.

Also, I read the title (It's tracking you EVERYWHERE!) as meaning it was tracking my location and reporting it back to apple, which is even more sensationalist and even more wrong!

7
1
Anonymous Coward

Re: Sensationalistic title

It's still there in ios6 too, thank god, as I have an app still using it which was released prior to ios5. I'm dreading ever having to update the app :S

0
0
jai
Silver badge

Re: Sensationalistic title

this is El Reg - titles and the facts of the story do not often correlate.

1
3
Thumb Down

Re: Sensationalistic title

Hang on again, so it's okay to track users now? Oh google does it too? Well we're talking about Apple here. They could as easily screw things up inside and allow all your info to be released or some thing like that. They are absolutely incompetent when it comes to online services Ping, iCloud(not so bad now), and recently Maps.

What we want is TURNING IT COMPLETELY OFF! I buy my apps, etc. why should I see any kind of ads.

0
0
Silver badge

Uhm

Cookie law, you must have express permission to store anything on users.

Privacy laws in general, pretty much the same thing

Apple law "If they can't see it it's not illegal" followed by OH SHIT THEY SAW IT. Followed by trying to sneak it in under another name during the next release.

Class action lawsuits in US place your bets now.

13
8
Silver badge

Re: Uhm

It's not a cookie though. The advertisers aren't sticking the id on the phone. The phone OS is generating the id and sending it outwards. Apple could probably argue that users had agreed to it by agreeing to the terms of service of the app store.

1
1
Bronze badge

Not good

I read through the Insider article with a degree of disbelief but then spoke with a colleague who has an iPhone 4 which he upgraded to iOS6. We went through the steps to check and at the end he said "See, it's OK as it is turned off". Then I pointed out the bit where it says you have to turn it ON to stop the tracking........

His face was a picture

11
1
Anonymous Coward

Re: Not good

At least you can turn it off, try doing that for Android.

3
11
Anonymous Coward

Re: Not good

So they are fooling the user.

If the user sees something is OFF they think it's off, but wording it so you have to turn the feature ON not to be tracked is a dirty trick.

Wonder if the EU will get wind of this and get Apple to change the feature so you have to turn it OFF for it to stop tracking you.

6
0
Anonymous Coward

Re: Not good

Also, aside from the confusing wording and clarity about whether you want it on or off, the option is also limit tracking, not stop or disallow, why would anyone normally think to look in 'about' for options to change. About tells you about the device, it provides information, not tweakable settings.

5
0
Facepalm

Re: Not good

Is Firefox's "Do Not Track" setting a dirty trick to fool the user as well?

0
7
FAIL

Re: Not good @AC 10:50

Very funny,

0
0
Bronze badge

Re: Not good

On an iPhone4 with iOS6 set to French (long story), the option is called "Suivi publicitaire limité", roughly translated as "Limited advertising tracking". Arguably this is worse, because it doesn't say what the alternative is. Is it a choice between "limited tracking" and "no tracking" or between "limited tracking" and "rich super powerful privacy destroying tracking"?

2
0
Anonymous Coward

Fragrant Turd [Was: Re: Not good]

On Wednesday 17 October at 11:30 shadowphiar said "Is Firefox's "Do Not Track" setting a dirty trick to fool the user as well?"

DNT is completely toothless. It's just a preference. There is no legal obligation for anyone to follow the users declared preference - we only have the word of the Ad Whores that they will. Quite simply not good enough.

DNT is complete shite dressed as a fragrant turd.

Trust it at your peril as in doing so you are clearly stating that you trust the Ad Whores.

What we need is not DNT or anything similar. What we need is legislation that tells the Ad Whores that my data, my location etc. are mine and that it is illegal to:

1) Assume that anyone can use said data, track me etc. without my explicit consent.

2) Assume implied consent by the use of a service.

DNT? Don't make me laugh.

2
1

This post has been deleted by its author

Re: Not good

"At least you can turn it off, try doing that for Android."

root--->install adaway--->install lbe security master(or pdroid)---->turn off syncing--->sorted.

lbe and pdroid let you block completely or generate a random id/imei/location etc every time an app is run, making all their tracking pointless as to all intents and purpose the app sees a different phone each time it starts.

Adaway stops all advertising in apps and in the browser, making for a much more pleasent experience.

try doing that in IOS.......

6
0
Silver badge
FAIL

@mickey mouse

When step one is "root", it is something for advanced users only. The typical Android buyer will not do this.

0
0

Re: Not good

"At least you can turn it off, try doing that for Android."

Settings > Privacy > Uncheck boxes for GPS and Wireless tracking

Play Store > Settings > Uncheck "Google Admob" to stop google tracking you advertisement-wise

If you're ultra paranoid install LBE Privacy and you can switch off each permission for each app.

Only one thing more fun than a fanboi, and that's an ill-informed fanboi...

2
0
Facepalm

@DougS Re: @mickey mouse

I don't recall the challenge being whether or not "typical buyers" would do it, just whether or not it was possible in the first place. Besides, the technique described by Mr. mouse is just one among quite a diverse selection.

I will agree however that Android is a privacy nightmare. I'd still rather be there though than be in a situation where all my base are belong to Cupertino.

0
0
Bronze badge

Re: Fragrant Turd [Was: Not good]

A wise man once said to me:

"You can't polish a turd, but you can roll it in glitter"

0
0
Anonymous Coward

How does this square with the EU commission's demand that anything that could serve as a personal identifier should also be treated as personal data?

http://www.theregister.co.uk/2012/10/16/when_is_a_cookie_personal_data/

9
2
Anonymous Coward

This is not a personal identifier, it's random and changes over time. Try reading the description net time.

4
13
Anonymous Coward

@A/C 10:13

I did read it thank you. They make it clear that it could change at some point in the future but given the conditional nature of this statement it's entirely possible that it will never change.

From the article:

Apple's new IFA isn't guaranteed not to change – the device could generate a new random number at any time, but Cupertino isn't saying how often, or if, it will.

'Isn't guaranteed not to change' != 'will change'

Next time RTFA before slinging around insults.

11
1
Anonymous Coward

Re: @A/C 10:13

On the IFA, I read this

"The IFA, or Identification For Advertisers, is a random number generated once by the iOS device which is used to uniquely identify that device between applications."

and wondered how if it is randomly generated it is guaranteed unique? How are collisions in the generation between devices avoided, phone home?

0
0
Silver badge

Re: @A/C 10:13 -- uniqueness, and another approach..

My guess:

IFA = sha1( UDID.append( randombits ) )

Meets the uniqueness criterion, but doesn't reveal the originating device.

However, from a privacy point of view, this is no better. If the lifetime of the IFA token is sufficiently long, then it's just as harmful to user privacy as the UDID.

Trying to balance the usefulness of targeted advertising with the privacy concerns is just a matter of knowing when to stop tracking. My preferred approach would be to assign each device/customer a small set of unique-ish IDs, each of which roll over after a short period. Every session (app launch) would use one randomly-chosen ID from this set for the duration of its operation, as follows:

At app start: select randomly-chosen ID from set, optionally hash this with an app-unique signature.

When requested: send that ID to advertising agent in order to identify the user.

every N days: drop oldest ID, generate new one, add it to the set.

This way, apps running on the device can be sandboxed in terms of advertising tracking if required; but even if they're not, no trustable activity history can be assembled beyond the lifetime of one token.

Sure there would be other implementation issues, but I've only outlined this to show that the issues involved in *not* tracking users aren't technical.

1
0
Silver badge

Re: @A/C 10:13

[I] wondered how if it is randomly generated it is guaranteed unique?

They use this cool new thing called Mathematics and generate a random huge number, from a range so big that collisions are not only unlikely, but you could have millions of devices generating millions of ids per second, and you would still have to wait a bloody long time for a collision to occur.

I don't know how Apple generate IFA, but a UUID is similar. If you generate 1 billion random UUIDs per second, after 100 years the chance of generating even one duplicate is only 50%. A UUID is only 128 bits (and only 122 are significant), if they used 256 bit numbers they would have even more space.

2
0

Re: @A/C 10:13

That's wonderful and all, but you're quoting odds and not probability.

The odds of something happening != the probability of it happening.

In your example, the odds maybe 50%, but the probability of the first and second numbers being identical isn't.

0
0
Thumb Down

Re: @A/C 10:13

Indeed, or how if it is "generated once", one can reasonably expect it to change.

0
0

Amazon

You've just bought a TV, how about this one, or this one, or this one...

For the last time "Noooooooo". I have one now you see...

13
0

Re: Amazon

I bought some stuff on Amazon years ago for my kids when they were little. I still get suggestions for similar things, but they are both in college now.....

3
0
Joke

As long as they are tracking via iOS6 Maps......

they'll never find you......

20
1
Bronze badge
Joke

Re: As long as they are tracking via iOS6 Maps......

This being the case, I'm never going to move over to Android...

1
1
Anonymous Coward

This is VERY questionable

For a start, Apple knows damn well it is a privacy violation or it would not have hidden this where nobody would find it (note to self, next time look at ALL options).

Secondly, exactly BECAUSE it impacts privacy it should have been under some central privacy header. But if you use that as argument you would need to add iCloud, iMessage and Siri under that header too as each takes your data and ships it to the US for processing (like Viber and WhatsApp do as apps).

Cue interest from Data Protection officials, I hope - Apple should make this exporting and tracking clear in the T&Cs and ask explicit permission as privacy laws demand (at least in Europe).

13
1
Gold badge

Re: This is VERY questionable

I'm about to defend Apple (at least partially) here, I feel dirty.

At least you can now turn it off. Which is an improvement on what they did where the UID before, and better than the options Android fails to give you.

Win Pho 7 is more honest, and apps all tell you whether they use the 2 unique numbers (even if they've labelled them confusingly). The user number is a random string that's supposedly not identifiable, the phone ID is traceable back to the phone, and therefore you.

You also get warnings on using the navigation apps that they'll be using your Sat Nav and data to build their WiFi maps up, but this is a question of let us do it, or no aGPS for you, same as Google. Although in Android's case you can turn off the Sat Nav chip, which you can't in Win Pho. iOS seems to be even less granular than the others, where it's either location services on (and all tracking enabled), or nothing.

I have 2 Win Pho 7 apps asking for updates now, that I won't allow because of the new info they're trying to steal off me with the updates. I'd really like to run the apps, and control what they can do - but that doesn't seem to be an option anyone gives. I'm hoping for an EU Hammer of Justice [tm] to smite the mobile OS writers, because this piss taking is clearly going to continue until that happens. Most users just aren't up to the technical aspects of self-defence, even if they understood it enough to care. I don't actually mind the advertising side of things (within reason), it's the tracking and lack of control that piss me off. How can I stop some random app downloading my whole address book (which is commercially sensitive), if the OS makers won't allow me to defend myself.

2
1
Bronze badge
Pint

Re: This is VERY questionable

"...hidden where nobody would find it..."

Hmmm... 10: Let's assume for a second that it's true that they intentionally hid the setting. How well is that working out now that it's all over the 'net? Is this outcome in fact perfectly predictable? GOTO 10

0
0

Re: This is VERY questionable

"better than the options Android fails to give you."

As explained in my post above there are simple checkboxes to turn this stuff off in Android. Maybe you should learn a bit more about what you're slagging off...

If you're ultra paranoid you can root and use apps that let you control pretty much every aspect of your device.

0
0
Gold badge

Re: This is VERY questionable

Chet Mannly,

I'm pretty sure there weren't in Android 2.2 or 2.3 (which are the last versions I used). Although it's 6 months since I jumped ship from Anrdroid, so I'm perfectly happy to be proved wrong.

You could turn location tracking off, but then you lost access to aGPS. Or you could have tracking on, but the Sat Nav chip off, which in some ways is better than the options iOS or WinPho 7 give you. You also get told some of the things that apps can do, on a take it or leave it basis when you download, which is better than iOS as well. But I don't recall seeing any options for turning off Ad networks, app-use tracking and all that type of stuff. And I went through every setting on the phone.

However, when you say you can root the phone if you're paranoid - that's not terribly helpful. If I'm paranoid, taking untrusted software off the internet, and giving it root, well that doesn't sound too good to me! OK, it's used by a lot of people, but a lot of the ROMs seem to be one-man projects, so the chances of them getting caught slipping in something naughty, seem quite low. Android gives you a wealth of choices, but you need to do a lot of work to protect yourself, and half the time you've not got the information needed to do it.

Backdoors seem to be the norm on all the modern smartphone OSes, most of the manufacturers are only putting out closed-source drivers, and everyone from Google to app makers seems determined to mine the maximum amount of information they can get away with, with the minimum amount of permissions. I don't see this changing any time soon, without legislation. The commercial disadvantages of offering proper privacy are quite large, so once everyone else is doing it, it's hard not to join them.

1
0
Gold badge

Re: This is VERY questionable

Chet Mannly,

Just looked at your post above. I don't remember that option in the Google Play store to turn off their ad stuff. Don't know if that's a version thing, or just something I missed. I wasn't using many apps on my phone, as I've found I'm not a phone app user. I prefer those on a tablet. Don't think I downloaded any apps after Marketplace turned to Play.

Does that setting affect what third party apps can do, or does it restrict itself to only Google's hooks?

I gave my phone away, so haven't got it to check with.

0
0

Sorry, Fluke phoned you? How?

4
1
Anonymous Coward

I imagine they probably picked up the handset and pressed some of the buttons with numbers on.

7
1
Bronze badge

I suspect the question is really one of how Fluke got the number. That was the first question I asked myself when I read this. If the author didn't give it to them then there should be a lot more noise being made about the Google-smartphone nexus (pun not originally intended but liked enough to not change it.)

3
0
Headmaster

This is ridiculous (as is the usual drivel coming out Business Insider)

Smartphones/computers/tablets have had lots of unique identifiers: MAC addresses, hardware serials - on Android you can even read the persons' phone number.

This method is actually much more anonymous since the identifier is not permanent and you can opt out anyway (trying opting out of a MAC address)

Calling this tracking "everywhere" is also stupid since everywhere implies location tracking, which is not what's happening here. This doesn't even track your web usage - unlike cookies from Admob (Google) et al.

Business Insider is run by a convicted US securities fraudster, shows how much credibility their reports deserve.

6
1
Stop

Re: This is ridiculous (as is the usual drivel coming out Business Insider)

I have two observations to make:

I am not quite wure you can "opt out" since it only says it will track you less, not that it will stop tracking you altoghether.

My other concern is with the "everywere "statement. You say it is not going to track your location. I don`t know exactly how the algorythms asociated with this work, so I have no idea wether it is going to track users using location as part of the logic or if is , perhaps, going to update the ID base on location. Or if it is going to send (ID, current location) to the service in order for marketers to target you and make offers in your general direction. Judging from the marketers "excitement" with this feature, my guess is for the worst.....

1
0
Silver badge

Re: This is ridiculous (as is the usual drivel coming out Business Insider)

The full framework documentation is at http://developer.apple.com/library/ios/#documentation/DeviceInformation/Reference/AdSupport_Framework/_index.html — if an advertiser wants explicitly to post a location then the app will have to request and be approved for location updates. Otherwise all they're getting is the "alphanumeric string unique to each device, used only for serving advertisements. [...] the same value is returned to all vendors. This identifier may change—for example, if the user erases the device—so you should not cache it."

Your 'opt out' appears equivalent to the don't track HTTP flag in that the advertising agent gets told that you don't want to be tracked and is then merely honour bound (or possibly legally bound, depending on your country) to obey. No technical barrier is erected. At best I guess Apple may implement some sort of vetting system for app approval.

0
0
Silver badge

"viewing" adverts

Isn't necessarily the same as seeing them on the screen.

It's not difficult to direct the output to /dev/null while walking adspace(*) - there are a bunch of small programs which exist to generate random web traffic in order to mask what you're really doing.

(*) Advertisers want their ads to be viewed, so why not spider the things repeatedly?

2
0
Anonymous Coward

Re: "viewing" adverts

Interesting. Can you post a few names for those tools?

2
0
Anonymous Coward

"Some months ago your correspondent expressed some interest in a Fluke Thermal Imager, from a technical point of view, and since then at least half the websites visited have shown the same advert for Fluke"

Had the same experience a few months ago ... except I'd Googled to find advice on how to fix a faulty toilet flush ... so I had weeks of adverts from the same plumbing company offering me new flush syphons! Think it got fixed when I bought an electric guitar for my son so I then got adverts from the webiste I'd bought the guitar from trying to sell me a guitar!

1
0

Page:

This topic is closed for new posts.