A cat-and-mouse game has begun between Apple and Chinese technology companies as the iPhone maker tries to enforce its new privacy policy in China.
Apple is expected to implement changes to iPhones in the spring that will give users more privacy over mobile ads, a market that reached $ 240 billion last year, according to App Annie.
The changes will force apps to ask permission before collecting data on users, a move that Facebook has fought bitterly, as most users are expected to say no.
But even before the changes are introduced, Apple has problems in China, where tech companies are testing ways to defeat the system and continue to track users without asking their permission. Apple had earlier said it would reject any apps that “disregard the user’s choice” in the App Store.
On Thursday, Apple sent warnings to at least two Chinese applications, saying they should stop and stop after naming a dozen parameters such as’ setDeviceName ‘, which could be used’ to create a unique identifier for the user’s device ‘.
“We found that your app collects user and device information to create a unique identifier for the user’s device,” reads a screenshot of a warning to one developer using a new way to identify users called CAID , developed by the state. supported by China Advertising Association.
The guidelines suggest that an update must comply with the App Store guidelines for reviewing the App Store within 14 days, otherwise your app will be removed from the sale.
Jackie Singh, former senior cyber security staff at the Biden campaign, said the warnings show Apple’s sophisticated ability to use automated tools to detect violations of its privacy guidelines.
“Apple clearly has the technical ability to deny the existence of apps in their ecosystem that perform activities to uniquely identify people and track their behavior outside of Apple’s walled garden,” she said.
“The real question is whether they will choose to apply these policies broadly or closely within the context of a foreign government’s whims and desires – and how Apple will choose to respond to such challenges from other countries going forward.”
Apple’s move is an attempt to destroy the resistance to its new policy, which was very unpopular with developers worldwide, many of which offer free programs that make money from advertising.
A veteran in the marketing industry who wishes to remain anonymous added: ‘Apple’s new policy will harm the advertising industry’s ability to verify their traffic. In China, large and small businesses were testing the CAID, but Apple’s recent actions will put an end to these tests. ”
The Financial Times has obtained information about the software development kits from five of China’s largest technology companies, including Baidu, ByteDance and Tencent, which show that they are testing or implementing CAID as a way to identify users in the future.
The ByteDance guide recommends that developers use its SDK, “Ocean Engine,” to release two new identifiers, CAID1 and CAID2, one based on the user’s IP address and browser and phone type; another on the IMEI of a phone – a unique number that identifies a device in a mobile network.
Both new IDs violate Apple’s rules, which require developers to obtain permission to use ‘other IDs with a third-party advertising network.’
As a ‘relapse’, ByteDance also recommends that developers use ‘fingerprint and probable customization’ methods to identify users – another offense.
A warning Apple sent to a Chinese app developer © FT
Technical experts believe that the fact that Chinese technology companies are creating multiple identification systems suggests that Chinese apps will adapt their submissions in numerous ways to get past Apple’s application.
‘The SDKs propose this [Chinese app developers] is ready to play that cat-and-mouse game, ”says Irene Knapp, formerly a senior software engineer at Google and now a member of the Tech Inquiry campaign group.
Singh noted that CAA’s privacy terms, which are publicly available, indicate that a CAID can initially be created on servers offered by app developers, rather than on the device itself. She said this could indicate that developers could try to get their apps approved by Apple by making changes at the server level that are harder to detect.
“If the app is written in such a way that the actual CAID code exists remotely and the parameters are sent to a server, it can make detection more difficult,” she added.
Efforts to undermine Apple’s new privacy pressure will put the $ 2 – ton technology giant in a decisive position.
‘Or [Apple] “it upsets Chinese enterprises – in some cases government ownership or support – that may stop its meteoric growth in China over the past decade and disrupt a core part of its supply chain, or it gives Chinese developers special privilege and opens the can of worms.” said Alasdair Pressney, director of product strategy at AdColony, a mobile in-app network and marketplace.
Apple declined to comment.
How does CAID work?
© Getty Images
The state-sponsored China Advertising Association, which led the development of CAID and earned revenue from its use, said it plans to provide “more personalized services” to consumers by collecting and storing personal information, including “device boot time, country, language, device name, system version, physical memory, hard disk, system last update time, device model, time zone.”
These seemingly trivial data points, when compiled, can create an almost unique “fingerprint” of a device.
When an iPhone user installs an app that uses the system, it will collect this data and send it to a central server to create a CAID to identify the user.
If the user then clicks on an ad for another app and downloads it, the app will generate a CAID in the same way.
If the two CAIDs match, the first app can prove to the second that the ad worked, proving that the money spent on ads was worth it.
The CAA says users will be able to extract CAID so as not to be detected, but Apple’s new rules do not allow for exceptions to the transparency of app tracking, it’s a framework for any developer who collects data about users want to collect.