I read somewhere (sorry can't remember where but it was quite recent) that Apple has defined "tracking" as "allowing third parties to monitor you over multiple sites and apps".
My that definition, Apple, as a first party, is not tracking you (and likewise, I can monitor you over my apps but not allow anyone else access to that data)
UPDATE: It was from AppStore Connect itself, when you fill out the privacy data form.
Also here: https://support.apple.com/en-gb/HT211970 "data from the app that is linked with your data collected from other companies’ apps, websites or offline properties, and used for ads or shared with a data broker."
This definition is not necessarily wrong. It’s easier for them to argue that they need telemetry to provide (and improve) their own services than it is to argue some third party advertising behemoth needs it. The former is perfectly acceptable, also according to the GDPR (first party advertising is also A-Ok according to he GDPR, btw).
Ultimately their business model - we don't need to log/track/whatever your behaviour to show you advertising because we make our money off hardware - was a big differentiator for them compared to all the other tech companies. If they remove that, then they're removing one of the main reasons I stay with them.
And that's really the point - at some time soon they will stop being the "iPhone company" and they'll become "just another company" and this is just them preparing for that day.
Because "Ask App Not To Track" refers to (for all apps, not just the App Store) tracking across different systems/companies.
For example, a Weather app collaborating with an ad sales company to provide them tracking data would violate "Ask App Not To Track," but Facebook tracking you within the Facebook app does not because it's all internal.
The reason for this is just about the practicality of enforcement: You cannot enforce companies not doing internal tracking because they still have to collect data for their business, so how do you distinguish it.
I'm only picking things up passively but as far as I have read, it is because the App Store does not track you across OTHER COMPANIES apps and websites. If they only track you within their own Apple ecosystem, they don't need to ask for permission (same as other apps).
Facebook kept their shadow profiles to themselves, but that didn't make it any less gross. Defending Apple's data collection on the basis that "they don't share it" is like defending a guy taking creepshots of you in the bathroom because he doesn't look like the sort of person who would cause you trouble.
The sharing's not what makes it "tracking", by Apple's definition, it's collecting data on other companies' sites and apps. As in, following you around wherever you go. Tracking.
It's the difference between Wal-Mart recording you with camaras in their stores, and recording you with camaras in all stores... and at the public park, and in your home, and....
FWIW I think a whole hell of a lot more than what Apple calls "tracking" ought to simply be illegal, but they've been pretty clear about what they mean by the term, and their definition does make sense, and that is one of the worse behaviors among the spyware industry (which is basically all software, at this point, which, WTF, how did norms change so incredibly fast?)
Tracking is about following breadcrumbs across activity in third party apps. So if the Facebook app uses identifiers in common with Uber, and can see what you do in Uber or something, that’s tracking. Recording what you do in a single app, or apps from one company that isn’t strictly necessary for providing the service is telemetry.
Apple doesn’t share user data and identifiers with third parties except as necessary to provide specific services, so it doesn’t track. It does record telemetry though, most of that is in a non personally identifying way, but some of it can be traced to a user.
Obviously identifying information necessary to provide a service is different. If I buy an app off the App Store, they need to identify who bought it. The edge cases are things like, do they need to know I searched for fitness apps on the App Store and associate that with my ID. Amazon does on their web site so they can show ads related to my recent searches, but it’s not strictly necessary for providing the service.
Agreed that is the technical distinction made today, but for an end user that really is splitting hairs.
When Apple is offering first-party services that compete with Netflix, Spotify, etc. my privacy concern is that someone is tracking and aggregating data on what I watch and listen to.
As a user I don't really care if that's two separate corporations sharing unique identifiers or two departments in the same umbrella corporation, it's still a privacy concern.
You don't think who the data is shared with, whether or not you know or consent to it, and how it is propagated is a significant factor in privacy concerns?
Of course that's a significant factor, but that wasn't my point. I care if Apple Music and Apple TV aggregate my data just as much as if Spotify and Netflix do it.
This isn't anything new, we've known that Apple does this for years. If data sharing is within one umbrella corporation it's technically easier to subpeona and investigate, but that also means they have that much larger of a pile of cash to defend themselves with.
Consider another aggregious Apple policy, mobile browsers. They have had a much more oppressive browser policy than Microsoft ever did and they have done this openly since iOS 2 when the app store first launched. They've never been held accountable though - they get away with it even though Gates was dragged in front of Congress multiple times for simply shipping his OS with a pre-installed browser. Why? And if that obvious issue goes unpunished why should I expect anything better with regards to their data collection practices, simply because one parent Corp is owning all the data?
That’s exactly the point. We can hold Apple accountable. That’s what’s happening with these investigations of what data they are holding and how it’s used. If the data was shared far and wide that would be difficult or even impossible.
There's probably a line in the T's and C's that nobody reads when you first start up the phone where you give them permission. Reading the other comments, it will be in there if they even need to ask; on websites, websites do not need to ask for permission for functional cookies.
App do not have an advantage here. the EU 'cookie law' doesn't mention cookies at all. All it says is that you cannot track users without permission, and that this permission must be freely and explicitly given. It's just that this is usually done using cookies on websites, but the specifics don't matter. Apps absolutely have to ask for permission before tracking a user.
Now if this is actually enforced or not is a different matter.
The usability nightmare is not caused by lawmakers. The usability nightmare is caused by businesses who think they need to put Google analytics on every single page.
It is possible to create websites completely without cookie banners. You just have to not track your customers unnecessarily.
I love how GDPR apologists love to deflect blame from the law and lawmakers who were the initial cause of the problem.
And what affect did have? Did the 99 section 11 chapter law have any deleterious affect on adTech? Did it make browsing better or worse?
We see the effect that of an effective strategy, when Apple made tracking opt in, publicly traded companies like FB admitted that it caused billions in lost revenue.
The only thing the GDPR did was give us cookie banners.
Why do 3rd party apps have to ask for permission to track, but Apple's apps do not?