Security News

How will advertisers respond to Apple’s latest privacy changes?

David Strom, May 4, 2021 10:58:29 AM

Digital ad vendors need to learn new ways to target campaigns

Last week, we described the privacy changes happening within Apple’s iOS 14.5. Now, in this post, we'll be presenting the advertiser’s perspective of the situation at hand. While advertisers may think the sky is falling, the full-on Chicken Little scenario might not be happening. The changes will make it harder – but not impossible – for advertisers to track users’ habits and target ads to their devices.

As we mentioned in our previous post, the new operating system enables users to block Apple’s ID for Advertisers (IDFA) tags as well as require that apps ask for permissions to collect and share data. Ars Technica documents the volleys between Apple and Facebook earlier this year over this issue.

Laura Petrone, a senior analyst for GlobalData, says, “Apple's changes deal a heavy blow to targeted advertising, which is the main revenue source for the advertising industry.” While this is true, perhaps the changes aren’t so catastrophic. After all, advertisers have been moving away from older technologies, such as browser canvas fingerprinting and tracking pixels and cookies, for some time now.

In the EU, GDPR regulations have also motivated many app vendors to be more transparent about their tracking. The regulations have resulted in fines to vendors who abuse app permissions. And lest you think this is just about Apple, Google has its own version of IDFA called Android Advertising Identifier that's currently being rolled out (and is subject to a French lawsuit about its privacy implications).

A few points to ponder

First off, it will only be a matter of time before new tracking technologies that take the changes at hand into account are adopted. Petrone says, “A potential and safer replacement could be contextual ad targeting, where ads are displayed based on a website’s content.” As an example, some ad tech companies have developed innovative solutions that honor the Apple privacy restrictions and provide this contextual tracking. One example is AppsFlyer, which is designed to give advertisers tools to measure ad effectiveness while maintaining users’ privacy.

Second, the biggest impact could be more immediate than long-term. The IDFA-related changes could mean that Apple users will now have more privacy than Android users, and this could mean more untargeted ads being seen by the former group. One estimate predicts that “about 70% of iOS users currently share their IDFA with app publishers. After the recent changes it’s estimated that this number will drop to 10% to 15%.” Some blog posts have predicted more dire circumstances. We’ll see what actually happens, but my guess is that ads will still be a big business a year or so from now.

Next, Google, Facebook and other large advertising networks will have other ways to identify your device and map it to your interests. “I suspect Facebook will be fine,” writes Lance Ulanoff at Medium’s OneZero. “And it sounds like your data can still leave your phone if it’s properly anonymized. There’s still ample room for developers to collect data locally and deliver ads based on that information.” There are two ways this can happen —  the first is the case in which you grant permission to the app to collect data. Why would you want to do this, you might ask? Perhaps you care about the kinds of ads that you see, or maybe you're interested in a particular subject. But the second situation is more interesting, where a vendor doesn’t send any data in a way that identifies you specifically. That was the original intent behind the changes and is a good thing for everyone.

Additionally, opting out of tracking or annoying email lists could be easier as a result of the IDFA changes. While I am making no promises, stranger things have happened. Of course, app vendors could bury the opt-out button in an obscure settings menu, which wouldn't help anyone.

Finally, it could be a boon to fighting malware with promiscuous app permissions. We have written about these circumstances in the increasing number of mobile-based threats, and bad actors continue to count on the fact that you don’t really care that a new app that asks for access to your camera, even if it has nothing to do with anything visual. 

In a nutshell, online ad vendors will probably survive and continue to make money. They will have to learn the new ways to collect and target campaigns.

What should you do?

First, take an app census on your mobile devices and delete those that you haven’t used in several months. Next, when you do install new apps on your devices, pay attention when you see the permissions warning dialog messages and make sure you know what is been asked of you and what data you are allowing (or not) to be shared.

We've got some tips on how to manage your Android app permissions. The trick is not just blindly clicking on the warning message, regardless of your operating system and circumstances of apps that you're trying to install.

Finally, use a VPN whenever you leave home, and especially whenever you connect via Wi-Fi.