[mobjack]

You don't need an IDFA to track someone in the same app. You can generate your own UUID to use.

The value of the IDFA comes from coordinating user behavior across apps.

Targeting ads is one use case, but it is also used in conversion tracking, which is very valuable to advertisers. They can know if ads in one app resulted in people buying things in another app.

Edit: fixed typo

[thenewnewguy]

The point is that the app can just record the old IDFA, and when the IDFA changes whoever is doing the comparison between two apps knows that the old and new IDFA are one and the same.

[tgsovlerkhgsel]

A likely-good-enough fix would be for Apple to first make extremely clear that this is not allowed, then catch one ad framework/library provider violating the rule and ban every single app/publisher using it to ensure the rule is actually taken seriously.

[scarface74]

How do you “catch” them? The ID is sent from the app and not in plaintext.

[tgsovlerkhgsel]

Through the usual software analysis methods (reverse engineering, static and dynamic analysis, ...)

[afiori]

I imagine with the usual review process

[scarface74]

The review process can’t tell the contents of the data being sent back.

[marc3842h]

What I think is that if the ID would be reused this would be kinda eliminated? I don't see a reason to not make them reusable.

[jessaustin]

How many users would care about this distinction you're attempting to draw between "targeting ads" and "conversion tracking"?

[kevinh]

How many users care about either of those at all?

[jessaustin]

That's the premise of this thread, that we care about these things.

[mrgreenfur]

Generating your own UUID is forbidden I thought?

What if apple sandboxed it to each app to make it safer/easier?

[tinus_hn]

You can’t look through device identifiers like the MAC address or the serial to create ids.

[varenc]

since iOS 7 Apple always returns "02:00:00:00:00:00" for the WLAN MAC address for this very reason.

Besides the IDFA Apples seem to have tried hard to get rid of the obvious ways for different apps to link activity between their users. Of course if you login or provide an email it becomes easy...and there's plenty of trickier less reliable ways like looking at IP address