„Apple to Ad Tech: Fingerprinting is Never Allowed“
Als Facebooks Software Development Kit vor zwei Jahren zahlreiche App-Store-Apps crashte, diskutierte man laut über „third-party SDK creep“. Nachdem Apples Anti-Tracking-Dienst ATT – App Tracking Transparency – im letzten Jahr kräftig einschlug, gewann Fingerprinting bei Datenhändlern an Popularität.
Dieses Jahr gibt’s trotzdem nur eine Art Warnschuss. Apple könnte den In-App-Datenverkehr über die „Private Relay“-Server schleusen, und damit diese Form der Datenzuordnung unpräziser gestalten. Noch tun sie das aber nicht.
If Apple has utilized the app approval process to police fingerprinting before, why won’t it now? As I explain here, app rejections punish app developers first and foremost, and regulating fingerprinting through wholesale ad tech SDK rejection (vs. just one specific ad tech SDK) would cause app updates from every scaled app to be disrupted.
But if Apple appears sufficiently serious about eradicating the practice (and rejecting app updates in the process), maybe the threat of being caught will motivate the general abandonment of the practice. Or Apple may reject enough updates that word of enforcement spreads and the offending SDKs are either updated or stripped out of apps by developers en masse. So while no apparatus or consumer feature, like an expanded Private Relay, was introduced at WWDC to regulate fingerprinting, Apple did assertively and very visibly proscribe its use.