[Despegar]

Apple needs to ban these SDKs from being included in apps. No one reads the privacy policies and they leak data to another party that the user doesn't have a relationship with.

Provide first party services, intermediate between apps and ad networks and/or white list a handful of companies to provide these services that are audited and have separate contractual relationships with Apple.

I think a good idea would be to stipulate to Facebook, Google, and every purveyor of "analytics" SDKs that they need to serve iOS app developers and their users from EU subsidiaries that are subject to GDPR.

[hedora]

The article doesn’t mention Apple. Do these apps also do this on iOS?

[judge2020]

Apple has a policy that apps (and their SDKs) must comply with IDFA, so if a user doesn't want to be tracked across the apps they use they can go to settings -> privacy -> advertising to turn off the tracking.

[Rjevski]

Doesn’t solve the issue of device fingerprinting. There are a lot of data points that can be used to create a near-unique fingerprint of a device.

[pseudalopex]

Many iOS apps connect to graph.facebook.com without asking.

[Rjevski]

iOS doesn’t provide a system-wide unique ID however there is still more than enough data (WiFi network names, device name, device type, IP address, etc) that Shitbook can uniquely fingerprint a device and identify a user.