Apple shopfront with iPhone advertisement showing IDFA and ad tracking

Apple Privacy Chief: “Regrets” Creating IDFA, Did Not Intend for Some Ad Tracking Uses to be Implemented

An Apple software manager that heads up the user privacy division has expressed regret over creating the Identifier for Advertisers (IDFA) since 2016, saying that developers continued to find ad tracking loopholes that the team did not anticipate.

The IDFA was created as something of a compromise to make ad tracking possible while protecting user privacy, but a report from The Information cites internal sources who say that a string of loopholes and workarounds discovered by app developers enabled them to sop up personal information anyway, and that designer Erik Neuenschwander (now head of privacy at the company) eventually came to openly regret having ever created the system.

Apple internal sources: IDFA failed in its mission

A team at Apple headed up by Neuenschwander developed the IDFA in 2011 and ultimately deployed it in 2012. The idea was for it to be a more private replacement for cookies and for Apple’s own hardware-based Unique Device Identifier (UDID), both of which were able to connect to a worrying amount of user personal information that was in turn being belt-fed into ad tracking systems.

Apple seemed to be sincere in its intentions for the IDFA, hoping it would facilitate ad tracking that could follow the interests of individual users without tapping into any of their personal information. Each Apple device would be assigned a unique IDFA, which users would be able to change at any time if they wanted to reset their history of activity. The IDFA could also track them across multiple devices via their online accounts such as iCloud, a strong selling point for the ad tracking industry.

It was a reasonable idea on paper, but Neuenschwander and his team quickly found themselves chasing after app developers that were able to find various loopholes and tricks to allow them to tie device user personal information to the IDFA. The unintentional consequences in this area were so beneficial to ad tracking that it ended up becoming the industry standard, with Google adopting its own clone (the Google Advertising ID) for Android devices.

One example of abuse of the system was advertisers finding ways to continue to access the IDFA even when the end user had turned it off. Neuenschwander’s team made substantial updates to the system in 2014 and 2016 to address this illicit access, but determined developers eventually found ways to defeat these new measures as well.

Anonymous inside sources told The Information that after the 2016 updates were defeated by the ad tracking industry, apparently within the same year, Neuenschwander began expressing to Apple colleagues inside the company that he regretted ever developing the IDFA. He was apparently also concerned that the model had become an industry standard used by Google and others, where safeguards against abuse were not necessarily as strong as they were at Apple.

Apple’s running battle with ad tracking industry

Internal concerns about the IDFA came to a head in 2019, when software chief Craig Federighi ordered the privacy team to “do something about it.” This ultimately translated into the App Tracking Transparency framework, which forbids apps from accessing the IDFA for ad tracking until the user gives their express consent. As soon as the mandatory prompts for permission were added to iOS 14.5, the ad industry was estimated to have lost some 70 to 80% of Apple users. The impact is so strong that Meta projects a $10 billion loss in 2022 due solely to this factor.

App Tracking Transparency is not necessarily a settled solution for Apple, however. The company is facing a variety of antitrust suits and probes over it, with the ad tracking industry making the argument that Apple controls roughly half of the entire mobile phone market and is thus positioned to impose unfair terms on those that publish apps and advertise with it. Probes and challenges have been opened in France, Germany, Poland and the United States, and that is not the privacy system’s only issue.

App Tracking Transparency continues to face the same challenges that the IDFA has throughout its history, as enforcement appears to be lax in the early going and app developers have at least some degree of latitude to use other ad tracking alternatives (such as device fingerprinting) that are supposed to be banned. A study conducted by former Apple engineers in late 2021 determined that App Tracking Transparency was “functionally ineffective” for stopping ad tracking even when users opt out, with 10 popular apps either simply failing to ask for permission or including other types of trackers not reliant on the IDFA.

Apple’s ad tracking approach also continues to be under assault from the organizations that are taking the most damage from it, such as Meta, as they wage a PR war and advocate for even more antitrust action throughout the world.