Chinese state-run China Advertising Association is developing proprietary technology to circumvent new privacy restrictions implemented by tech giant Apple in the coming iOS 14.5, and China’s ByteDance and Tencent are leading the charge.
Apple announced in February that in its next iteration of its mobile operating system, iOS, it would require developers which implement Identifier for Advertisers (IDFA), a tracking system companies who advertise on Apple’s platform rely on to track user data and metrics, to obtain explicit permission from users in order to use the functionality in their apps.
In the promotional site for the new iOS, Apple says privacy is a “fundamental human right and at the core of everything we do,” describing its new measures further as “Starting in early 2021, receive a prompt when an app wants to track you across apps or websites owned by other companies for advertising, or wants to share your information with data brokers. Then decide if you’ll give permission.”
The new privacy controls are naturally at odds with Chinese Communist Party (CCP) policies, which heavily revolve around near-ubiquitous surveillance, monitoring, and control of citizens in a society which has transformed from traditional life to cashless, entirely online, and technocratic.
On March 16, communist China blocked end-to-end encryption privacy chat program Signal with its Great Firewall censorship scheme in an attempt to keep Chinese netizens welded into using Tencent’s WeChat, which heavily monitors and uses big data analysis of both domestic and foreign users to enhance censorship of topics the regime deems as a threat to its power.
According to reports by Business Insider and Financial Times, state-backed trade group the Chinese Advertising Association (CAA) has taken steps to develop a tracking workaround for the coming iOS 14 rollout, allowing users to be tracked regardless of whether they opt in or opt out of IDFA.
According to Chinese search engine Baidu, the CAA is a state-run company established in 1983, and is registered under the Ministry of Civil Affairs.
The China Advertising Association approach
Business Insider obtained documentation of the CAA’s China Advertising Identification (CAID) software development kit, which read in a Manadrin-to-English translation via Google, “Because CAID does not depend on Apple IDFA and can generate device identification ID independently of IDFA, it can be used as an alternative to device identification in iOS14.”
“The tech spec also states (again, translated from Mandarin to English) that the CAID does not collect private data and that it only transmits an encrypted, irreversible result, which the document says would protect user privacy,” said Business Insider
Apple enthusiast website MacRumors reported on the specifics of how CAID is to work, saying ByteDance, parent company of the widely popular CCP-backed social video influencing app TikTok, “recommended that developers use its SDK to issue CAID1 and CAID2 identifiers. One is based on a user’s IP address and the other is based on the phone’s IMEI, which is a unique identification number.”
According to MacRumors, “The CAID1 and CAID2 identifiers violate Apple’s rules because they do not ask for user permission before collecting this data.”
“ByteDance has also recommended that developers use ‘fingerprinting and probabilistic matching’ to identify users, which is also against the App Store Guidelines for App Tracking Transparency,” said MacRumors.
According to Business Insider, the U.S. and China are the only two countries which comprise at least 10 percent of Apple’s net sales in 2020, which draws questions as to how Apple intends to ramificate their new privacy policies with the rollout of their software ecosystem in Mainland China.
Jürgen Galler, CEO of 1plusX told Business Insider, “Apple is now in a tricky situation because I don’t think they can generally say, ‘Oh China is special’,” regarding policy implementation.
MacRumors reports Apple “sent warnings to at least two Chinese app developers using methods to track app usage without user permission,” which read “We found that your app collects user and device information to create a unique identifier for the user’s device,” threatening removal from the App Store unless compliance is achieved within 14 days.
“The China Advertising Association said that it is developing additional services that will collect and store personal data from users to create a ‘fingerprint’ for each person. Any app that uses the CAID system will collect user data and send it to a central server to create a CAID identifier that will be used for cross-app user identification purposes. The CAA claims that users can opt out of CAID, but by Apple’s definitions, it is not allowed in the first place,” said MacRumors.
America’s Big Tech data sweep
Tracking of personal data by advertisers is also incredibly prevalent on big tech platforms such as Facebook, Google, and Amazon, unbeknownst to most users.
According to a March 14 article by Washington Examiner technology writer, Nihal Krishan, Facebook “collects information on its 2.4 billion monthly users even when they are not on the platform by tracking their browsing history, including the news they read, pornography they watch, websites they shop at, and more.”
Users can see how their data is tracked using Facebook’s own app Off Facebook Activity.
A February 2019 report in the Wall Street Journal showed numerous apps use various tools to record user data and send it to Facebook for tracking and analysis regardless of whether a Facebook account is logged in and regardless of if the person is even a Facebook user.
Washington Examiner says for Google, the search engine giant has purchased control of most of the Internet’s web advertising capabilities and is auctioning targeted third party ad placement in the user experience daily, based on demographics a buyer wishes to target.
They also found that Google reports information to law enforcement, “Some of Google’s user data even makes it into the hands of law enforcement through a database called ‘SensorVault,’ which stores detailed user location data indefinitely,” said Washington Examiner.
“The data is so precise that one deputy police chief told EFF that it ‘shows the whole pattern of life.’ The location data is collected by cellphone towers and GPS signals, even when people are not making calls or using Google apps.”