Meta Sued For Tap Dancing Around Apple’s New App Privacy Rules
from the privacy-theater dept
Last year, Apple received ample coverage about how the company was making privacy easier for its customers by introducing a new, simple, tracking opt-out button for users as part of an iOS 14.5 update.
Apple marketing and press reports heavily hyped the App Tracking Transparency system, which purportedly gave consumers control of which apps were able to collect and monetize user data or track user behavior across the internet. Advertisers (most notably Facebook) cried like a disappointed toddler at Christmas, given the obvious fact that giving users more control over data collection and monetization, means less money for them.
But we also noted how Apple’s changes were being a bit overstated. About a year ago researchers began to notice that Apple’s opt-out system only really blocked app makers from accessing one bit of data: your phone’s ID for Advertisers, or IDFA. There were numerous ways for companies to ignore Apple’s changes and track users anyway, so they quickly got to work doing exactly that.
That includes Meta. Apple security researcher Felix Krause found that Facebook was getting around Apple’s system by directing any link a user clicks on in the Facebook app to a new in-app browser window, where Meta was able to inject a code, alter the external websites, and track user behavior online… without user consent or awareness.
As a result, Meta is now facing two different class action lawsuits accusing it of violating state and federal privacy laws, including the Wiretap Act, the California Invasion of Privacy Act (CIPA), and the California Violation of the Unfair Competition Law. Both suits cite Krause’s research, noting it “revealed that Meta has been injecting code into third-party websites, a practice that allows Meta to track users and intercept data that would otherwise be unavailable to it.”
Granted this is the same company busted for pitching users on a “privacy protecting VPN” that wound up to be little more than glorified spyware that tracked user behavior when they went to other platforms. Meta has whined endlessly about Apple’s opt-in changes, claiming that they’re already costing the company around $10 billion in revenues annually.
But they’re lucky Apple (or the market in general) hasn’t taken things further. Keep in mind Apple’s privacy changes, while important, are being dramatically overstated for branding purposes. Numerous app makers have been simply tap dancing around the restrictions for some time, often without any penalty by Apple months after being contacted by reporters.