Privacy, Policy

Earlier this week, Patrick McGee and Yuan Yang explained in the Financial Times how some high-profile developers based in China were seeking to evade tracking permission requests on iOS. Here is today’s update:

On Thursday, Apple fired pre-emptive warnings to at least two Chinese apps, telling them to cease and desist after naming a dozen parameters such as “setDeviceName” that could be used “to create a unique identifier for the user’s device”.

“We found that your app collects user and device information to create a unique identifier for the user’s device,” reads a screenshot of a warning to one developer who was using a new way of identifying users called CAID, which was developed by the state-backed China Advertising Association.

This is promising news; it appears that Apple will be taking seriously any attempt at tracking users without their permission, something which was unfortunately unclear in McGee and Yang’s earlier report.

There are two reasons this is noteworthy. The first is that this tracking ID and these developers are connected to the government of China, a country with a human rights record as of late that has differed from Apple’s professed values. Apple has been mostly compliant with escalating demands, presumably because of its manufacturing dependence. So, the thinking goes, would Apple risk challenging apps from politically-connected companies?

The second reason is that Apple has also shown more deference to rule-breaking from big-name developers. Uber, for example, was granted an in-person meeting after it was found to be tracking device serial numbers in a manner disguised from App Review by geofencing, and was not punished for this insidious privacy violation. As Michael Tsai observed:

That said, it’s got to be a tough situation for Apple to be in. They’re trying to protect their customers, but denying them access to an important transportation service would harm them far more than what Uber did. And what if this were an app that provided an essential medical function? The store is full of apps that flout the rules, but I don’t think Apple could ignore the geofencing. It looks like it tried to thread the needle by getting Uber to comply with the rules but then being lenient.

What if high-profile developers just stop playing by the App Store rules? If ByteDance implements the CAID tracking mechanism anyway, would Apple pull TikTok from the store, particularly as there is that ongoing Epic Games lawsuit? I recognize that Apple has nothing that competes with TikTok and, so, this is not a comparable case. Still, that would surely look like a risky move to pull with lawmakers watching.

But if Apple is deferential, that looks like it is permitting different rules for some developers: perhaps because they are from China, perhaps because they are well-known, or perhaps because of antitrust litigation. None of those are acceptable options.

The only choice is for Apple to permit no leeway for any developer, big or small, if they break its rules. Apple has long promised that this is the case anyhow, but it has granted plenty of exemptions. If it only wants to allow native iOS apps to be installed from its own moderated store, it must be especially careful in enforcing these privacy rules evenly.