"Data-Driven Thinking" is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today's column is written by Allison Schiff, senior editor at AdExchanger. It's part of a series of perspectives from AdExchanger's editorial team.
If Apple had its way, the narrative surrounding AppTrackingTransparency (ATT) would be a simple one: users deserve a choice, so give them one.
But the enforcement of ATT will be anything but simple, and that’s because of four letters: C-A-I-D.
Putting aside the chaos that led up to the release of iOS 14.5, an event nearly as obsessed over as the birth of a royal baby, there’s simply not enough attention being paid to the China Advertising ID.
CAID is an IDFA replacement that was spearheaded by the China Advertising Association, which has government backing, for the express purpose of getting around ATT on iOS 14. As Alex Bauer, Branch’s head of product marketing, explains, CAID harvests multiple metadata parameters from a device and combines them to create an ID that can be used for ad measurement.
As many have pointed out, the existence of CAID – which, by the way, is an open source standard, meaning that other companies or organizations can use it to develop their own IDFA workarounds – puts Apple in a very awkward position.
For example, the Financial Times recently reported that Tencent adapted CAID to create its own identifier for tracking WeChat users that it’s calling QUAID. (I have no idea what that stands for.)
Apple has stated that it has no plans to give preferential treatment to certain publishers and that its App Store terms and guidelines “apply equally to all developers around the world,” and “apps that are found to disregard the user’s choice will be rejected.”
But here’s the problem. I’ll let Zach Edwards, founder of analytics firm Victory Medium, explain it:
aPpLe cAnT sToP uS aLl iF wE dEpLoY CAID-LiKe IDs, hOw CoUld ThEy SeE tHe dAtA fLoWs??? 🙃🥲⚖️⛈️💸🖖 pic.twitter.com/YOIRCybikt
— ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰 (@thezedwards) March 22, 2021
There is nothing stopping western companies, or anyone for that matter, from deploying CAID or a CAID-like workaround other than the fear of getting caught and booted out of the App Store (or, perhaps, getting pilloried in the mainstream consumer press as a data broker and/or killer of kittens*).
And how exactly is Apple planning to enforce ATT? Apparently, for now at least, enforcement is going to be based on the honor system.
In an interview with The Wall Street Journal on Monday, the day iOS 14.5 came out, Craig Federighi, Apple’s SVP of software engineering, called ATT enforcement “a policy issue.”
"There are other techniques that developers over time have developed, like fingerprinting, as a bit of a cat-and-mouse game around other ways that an app might scheme to create a tracking identifier. And it’s a policy issue for us to say, you must not do that … We can’t ensure at the system level that they’re not tracking; we can do so at a policy level."
That’s why the ATT prompt says, “Ask app not to track” and not something more definitive, like “Do Not Track” or “Opt me out of tracking.”
There’s no doubt that Apple will actively enforce ATT through non-automated means. Apple will surely take a cue from exposé news reports and look for discrepancies between the data a developer says it collects in its App Store privacy nutrition label and what it actually does collect.
It wouldn’t surprise me if Apple kept its eye on ad tech company blog posts for a clue on where to crack down.
But taking it back to CAID and the point that Edwards made: Apple might not want to play a cat-and-mouse game, but what happens if all of the mice decide to rebel at the same time?
The fact is, Apple is going to have to be more clear about its policies on fingerprinting while simultaneously stepping up its use of technology to ensure that when consumers ask not to be tracked, that they aren’t, you know, tracked.
But as Edwards pointed out to me, enforcement doesn’t have to be perfect to be effective. “Apple maybe can’t stop everything,” he said, “but they can certainly see noncompliance” through auditing apps and different SDK attribution packages.
Oh, and the Federal Trade Commission is just a call away.
If users request that a company doesn’t track them and the company ignores that request, that’s all Apple would need in order to tip off the FTC. “The app is basically creating a de facto ‘unfair and deceptive’ agreement with the app maker,” Edwards said.
Although the FTC is currently fighting to regain its right to seek monetary relief on behalf of consumers – the Supreme Court recently limited the Commission’s authority in that regard – you still don’t want to get on the FTC’s bad side.
So, what does it all mean?
Apple might not be able to fight everyone at once, but there are CCTV cameras everywhere.
And even if they’re not filming, do you want to take that chance?
* No kittens were harmed in the writing of this column.