Security Cloud Privacy Tech
Apple vs. Facebook Battling For Your Privacy

Apple vs. Facebook Battling For Your Privacy

6 minute read | Last updated 4-Jun-2021 | An icon depicting a retail tag with a heart for 'favourite' PrivacyAppleSocial Media

I discussed this issue with Omar Dabaghi-Pacheco on CBC Ontario Today on Tuesday, 01-Jun. Have a listen to our conversation and calls with concerned consumers around Ontario.

Open Fire

After years of quiet moves behind the scenes, Facebook came out swinging at Apple in December of 2020…

We’re standing up for small businesses everywhere | Facebook ad in the New York Times

They took out ads in the New York Times, the Wall Street Journal, and the Financial Times. The ads claimed that Facebook was standing up for small business against aggressive moves by Apple.

Given Facebook’s “interesting” history with small businesses over the years, this was an interesting tactic. It’s fair to say that Facebook is stretching with this approach.

But why did Facebook take out this ad at all?

It all stems from the Apple’s 2020 Worldwide Developer Conference or WWDC. This is the conference where Apple announces what’s coming next to Apple platforms for developers. This happens in the late spring which gives developers enough time to update their apps for the fall release cycle of iOS, iPad OS, tvOS, watchOS, and macOS.

At WWDC 2020, the announcements that made the biggest waves were around IDFA, App Tracking Transparency, SKAdNetwork, and Privacy Labels. The a user friendly (vs. developer friendly) description of the new systems sums it up nicely citing the word “privacy” 10 times on the page and the word “tracking” 40 times!

The tl:dr, Apple was making moves to technically enforce more stringent privacy controls on the devices it makes.

Ad Tech

Facebook gets almost all of its revenue from ads. They made $84 billion USD in 2020.

The digital ad market is complicated with a lot of moving parts but for the purposes of this battle, the key point is that the more that a company that is selling digital ad space knows about the viewers of those spaces, the more ads they will sell.

Facebook is designed to gather data from as many sources as possible in order to build out a behavioural profile on you.

This includes what you do on Facebook, the sites you visit via the Facebook mobile apps, what you like and engage with on Instagram, the sites you visit that use Facebook for logins or comments, the apps you use that leverage Facebook’s software development kit (SDK), and many more touch points.

Don’t worry (?!), Google and other networks do this too. This is why ad tech and adjacent technologies are often referred to as surveillance capitalism.

The moves Apple announced at WWDC 2020 would reduce the amount of data that Facebook would be able to gather about users outside of Facebook’s direct control (3rd party websites and other apps). Facebook did the math and decided to fight back.

IDFA

The target of their ire? The IDFA or identifier for advertisers, a unique code for every Apple device on the planet. Apple’s changes to the IDFA fall under the name App Tracking Transparency.

The IDFA makes it easier for apps to distinguish your iPhone from your iPad but it extends further than that. For companies like Facebook, it allows them to link back activities in other apps (that use the Facebook SDK) to your Facebook account.

If you are using app A on your iPhone and it includes the Facebook SDK, Facebook will use the IDFA to link that fact back to your account. As you use that app, there is the potential for Facebook to gather further data about what you’re engaging with or the websites you visit through that app.

Without the IDFA, Facebook is unable to make that link to your account and loses out on some of the details in the profile it’s is constantly building on you.

But it’s important to call out that Apple isn’t blocking access to the IDFA. They are simply asking users if they would like to provide access to it.

Ask App Not To Track | IDFA tracking prompt example

This prompt is very similar to the access prompts for the camera, microphone, location, and other resources on your device. In this case, the wording it even weaker. “Ask App Not To Track” isn’t exactly a definitive statement.

More Ways To Track

The reason that isn’t a definitive statement is because there are a lot of other ways that an apps track users. With Facebook, you’ve logged into the app (or Instagram) and everything that you do in those apps would fall under “tracking”.

Looking at the larger ad tech landscape, we start to see techniques like browser fingerprinting (figuring out your specific browser based on it’s properties and your IP), third party cookies, and more.

So if it doesn’t actually stop tracking, what is the point of Apple’s new prompt?

Awareness & Branding

Apple makes money from hardware. Yes, they have an ad business as well as service revenue (like Apple One) but these are a fraction of their revenue.

In 2020, Apple’s total revenue was $274 billion USD. $2 billion USD of that was from ads.

For the record, Google is king of ad revenue at $150 billion USD in 2020, followed by Facebook (again at $84B), with Amazon in third place at $15 billion USD.

Apple makes it money by continuing to grow its community of users and convinced those users to upgrade continuously. Based on revenue and their 1.65 billion worldwide users, it’s a plan that is working.

But Apple isn’t without competition, Google’s Android platform continues to offer strong competition on a number of fronts. Where Apple can differentiate is an area where Google dare not tread, privacy.

What’s Next?

Apple released the App Tracking Transparency feature on 26-Apr-2021 with iOS 14.5 (and other operating system updates). After this was installed on a device, that device no longer shares the IDFA with an app unless that app has implemented ATT, the prompt.

A few weeks in, the data looks promising from a privacy perspective. It’s hard to put the reaction to one number but the early data suggests that over 85% of users are not allowing apps to track them via the IDFA.

This isn’t a complete solution but at least it’s bringing the conversation to the forefront.

Facebook and other online services are free of charge. You’re paying with your behaviour data. That might be ok for you, it might not be. My problem with it as a security and privacy professional is that the agreement must be explicit and today it’s not.

The tracking prompt will get more people to start asking questions about their data and no matter your perspective on Apple vs. Facebook, asking those questions and having those discussions is a very, very good thing.

Thoughts? Let me know on Twitter, where I’m @marknca.

More Content

Prev: TFiR: Does The Cloud Hold The Key To Security Nirvana?

Next: Privacy at WWDC21

Back to top

Related Content