Apple Doesn’t Want ATT Enforcement To Be A ‘Cat-And-Mouse Game’ – But That’s Exactly What It’s Going To Be

Allison Schiff, senior editor, AdExchanger

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Allison Schiff, senior editor at AdExchanger. It’s part of a series of perspectives from AdExchanger’s editorial team.

If Apple had its way, the narrative surrounding AppTrackingTransparency (ATT) would be a simple one: users deserve a choice, so give them one.

But the enforcement of ATT will be anything but simple, and that’s because of four letters: C-A-I-D.

Putting aside the chaos that led up to the release of iOS 14.5, an event nearly as obsessed over as the birth of a royal baby, there’s simply not enough attention being paid to the China Advertising ID.

CAID is an IDFA replacement that was spearheaded by the China Advertising Association, which has government backing, for the express purpose of getting around ATT on iOS 14. As Alex Bauer, Branch’s head of product marketing, explains, CAID harvests multiple metadata parameters from a device and combines them to create an ID that can be used for ad measurement.

As many have pointed out, the existence of CAID – which, by the way, is an open source standard, meaning that other companies or organizations can use it to develop their own IDFA workarounds – puts Apple in a very awkward position.

For example, the Financial Times recently reported that Tencent adapted CAID to create its own identifier for tracking WeChat users that it’s calling QUAID. (I have no idea what that stands for.)

Apple has stated that it has no plans to give preferential treatment to certain publishers and that its App Store terms and guidelines “apply equally to all developers around the world,” and “apps that are found to disregard the user’s choice will be rejected.”

But here’s the problem. I’ll let Zach Edwards, founder of analytics firm Victory Medium, explain it:

There is nothing stopping western companies, or anyone for that matter, from deploying CAID or a CAID-like workaround other than the fear of getting caught and booted out of the App Store (or, perhaps, getting pilloried in the mainstream consumer press as a data broker and/or killer of kittens*).

And how exactly is Apple planning to enforce ATT? Apparently, for now at least, enforcement is going to be based on the honor system.

In an interview with The Wall Street Journal on Monday, the day iOS 14.5 came out, Craig Federighi, Apple’s SVP of software engineering, called ATT enforcement “a policy issue.”

“There are other techniques that developers over time have developed, like fingerprinting, as a bit of a cat-and-mouse game around other ways that an app might scheme to create a tracking identifier. And it’s a policy issue for us to say, you must not do that … We can’t ensure at the system level that they’re not tracking; we can do so at a policy level.”

That’s why the ATT prompt says, “Ask app not to track” and not something more definitive, like “Do Not Track” or “Opt me out of tracking.”

There’s no doubt that Apple will actively enforce ATT through non-automated means. Apple will surely take a cue from exposé news reports and look for discrepancies between the data a developer says it collects in its App Store privacy nutrition label and what it actually does collect.

It wouldn’t surprise me if Apple kept its eye on ad tech company blog posts for a clue on where to crack down.

But taking it back to CAID and the point that Edwards made: Apple might not want to play a cat-and-mouse game, but what happens if all of the mice decide to rebel at the same time?

The fact is, Apple is going to have to be more clear about its policies on fingerprinting while simultaneously stepping up its use of technology to ensure that when consumers ask not to be tracked, that they aren’t, you know, tracked.

But as Edwards pointed out to me, enforcement doesn’t have to be perfect to be effective. “Apple maybe can’t stop everything,” he said, “but they can certainly see noncompliance” through auditing apps and different SDK attribution packages.

Oh, and the Federal Trade Commission is just a call away.

If users request that a company doesn’t track them and the company ignores that request, that’s all Apple would need in order to tip off the FTC. “The app is basically creating a de facto ‘unfair and deceptive’ agreement with the app maker,” Edwards said.

Although the FTC is currently fighting to regain its right to seek monetary relief on behalf of consumers – the Supreme Court recently limited the Commission’s authority in that regard – you still don’t want to get on the FTC’s bad side.

So, what does it all mean?

Apple might not be able to fight everyone at once, but there are CCTV cameras everywhere.

And even if they’re not filming, do you want to take that chance?

Follow Allison Schiff (@OSchiffey) and AdExchanger (@adexchanger) on Twitter.

* No kittens were harmed in the writing of this column.

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!

1 Comment

  1. Au contraire to Zach’s FTC statement; an opposing viewpoint is that apps who have a clear privacy statement that they can use individual-level data for advertising or measurement purposes, except for use of the iOS IDFA that requires consent, may put Apple in the position of having to defend its own rigid privacy nutrition label/policy definitions that are not customizable by apps to reflect their ‘actual’ privacy policies. A platform that forces its own privacy definitions on the world may be a potentially unfair and misleading practice.