Hacker News new | ask | show | jobs
by rjvir 2841 days ago
I bet Apple will crack down on these location tracking SDKs, but it likely wouldn't eliminate this type of tracking.

The main reason these apps are getting caught is because they are blatantly including the SDKs of the monetization firms in their client apps, and transparently sending data directly to the servers of those firms.

But what's to stop a weather app from just doing it server-side, so it's undetectable to third parties?

For instance, a weather app must send location data to some backend, in order to fetch weather data. That backend could send the location data to these exact same monetization firms. It would be difficult for Apple to detect and block this behavior.
1 comments
willstrafach 2841 days ago
The firms would then have a much harder time knowing if the information is genuinely from end users, if they no longer collect directly from user devices.
link
TeMPOraL 2841 days ago
Basically, the scoundrels don't trust other scoundrels. That's what's saving us from getting server-rendered first-party ads on most websites, that would make adblocking much more difficult.
link
reitanqild 2840 days ago
Actually server side rendered ads would be a whole lot more acceptable to me compared to what we have today: less bloat, less risk of malware injection.

Personally, I could live with a some advertising if that is how it was served and it was slightly relevant.

When they want to try to track me around the web to see what technical and news sites I visit and then serve me ads for dating sites then I'll just turn on ny adblock again ;-)

link
throwawaymath 2840 days ago
What you're describing already happens. The only way to defeat that is with client-side mitigations like uBlock. DNS-level mitigations like Pi-Hole will stop the content from loading if the ads aren't loaded.
link
throwawaymath 2840 days ago
A lot of firms (maybe most?) which buy this data actually don't care about that much as long as you can otherwise demonstrate the data is valid. If the data is predictive over time, it's valid, and most firms will happily accept that demonstration (with the proviso that they cease working with you once the data loses predictive value).

The reason the apps use those SDKs directly is because there's a hierarchy of resellers. The app developers themselves are lazy and typically want the SDK functionality which is provided free in return for their users' data. They're not always in the business of selling data themselves, they're just ambivalent.

Then the SDK providers abstract their own involvement in any particular app while still getting data.

link