| > The threat vector is facebook telling users to install Instagram/FB from their own app store PSA, do not install Facebook on your iPhone. Use your browser. Apple does deserve credit for forcing some privacy improvements on iOS for the Facebook app but it is in no way comparable to the privacy of a web browser. If you are using Facebook's app because you're on iOS and you're thinking, "oh it's fine, Facebook can't track me" -- please uninstall it, a native app on iOS still has far more tools at its disposal to track you than it should have. As just one example, I would like to say that Facebook's in-app browser code on iOS is now blocked (https://www.engadget.com/meta-can-track-facebook-and-instagr...) but I'm not sure if that's actually the case. I hope it is, a quick cursory search couldn't tell me but it's very possible that Apple patched this by now. But what I do know is that Apple made a lot of noise about blocking tracking code before this article came out and while Facebook still had these capabilities. Don't use known untrustworthy native apps. Don't use them on Android, and don't use them on iOS. --- Also to be clear, the privacy improvements Apple has pushed for on iOS are in no small part to stop allowing access to an advertising ID that should not be on iOS at all. I don't want to act like there's no meaningful improvement here, Facebook's reaction is proof enough that Apple's changes did increase privacy. And I fully support Apple improving privacy. But some of that improvement is Apple putting controls in front of systems that shouldn't exist or covering for systems that are way more open and way less sandboxed than they should be. So part of the difficulty of talking about Apple's security models and the role that the app store plays in that process is that some of Apple's policies are really only enforced on the app store, even though they should be enforced at an OS level that would apply to every app regardless of what app store it came from. Of course, not every permission can be expressed that way, but some permissions can. Web browsers are proof of that -- Safari doesn't have a quality control system in place to block abusive websites like Facebook, but despite that, it still manages to be better for your privacy for you to use Facebook from Safari instead of via a native app on iOS. I worry that Apple's app store polices are sometimes used as an excuse to avoid building much more robust protections against tracking into the OS itself, and I worry that better privacy standards on the iOS app store get interpreted as proof that native apps on iOS are just generally safe and private. But Apple's standard of what counts as private "enough" to be on the app store is not always as strict as it could be. Generally speaking, until we get much better sandboxing controls on mobile devices than we have today, known malicious or known privacy-intrusive apps like Facebook, Twitter, Instagram, or Threads should not be installed period from any app store 1st or 3rd-party, they should be used in a web browser. Reasonable people can disagree whether a 3rd-party app store would make this problem worse, but please don't have the takeaway of "a 3rd party app store would make the Facebook app suddenly unsafe and my parents would get fooled into installing it." The Facebook app is already unsafe, and your parents already shouldn't be using it. |
In 2010, Apple launched its own ad system called iAds[0]. Around that time, they started to crack down on other ad networks using UDID/mac addresses to target users with ads[1]. I imagine that Apple only made the IDFA in a compromise with advertisers[2].
While I understand the sentiment that any tracking identifier shouldn't exist, Apple needed iOS to continue to succeed in the iOS 6 days and probably didn't want to deal with any anticompetitive lawsuits that early in the lineup's lifetime.
0: https://www.apple.com/newsroom/2010/06/07Apple-to-Debut-iAds...
1: http://www.cultofmac.com/160248/what-the-hell-is-a-udid-and-...
2: https://www.businessinsider.com/ifa-apples-iphone-tracking-i...