Power moves in mobile ad tracking

The WSJ made an excellent video explaining why Apple making its ad tracker opt-in rather than opt-out is a big deal.

IDFA is Apple's ID for Advertisers and allows advertisers to track users. It is the equivalent of Google's Ad ID.

OEM Apple will still be able to track users' tastes itself but will potentially limit the sharing of that information to rivals like Facebook under update iOS 14.5.

Facebook and other social media companies prefer implicit capture models that require users to actively opt-out rather than actively opt-in.

Either way, the debate shines a light on the model of 'free' services in exchange for Personally Identifiable Information (PII), which has been the industry standard for 20 years in the consumer space.

PII capture to OEMs and their local and foreign partners has been a concern for government, law enforcement, and businesses using mobile device for years. It can be used to target staff by nation states, terrorists, and criminal gangs.

Can anything be done for organizations concerned about security?

The only way to limit location tracking and data exhaust for organizations is by using custom Operating System (OS) builds.

User settings, Mobile Device Management (MDM) and Mobile Threat Defense (MTD) tools only make requests to the underlying OS reducing but not eliminating the problem.

Older security standards like NIAP and CSfC, or using so-called STIG builds are helpful in general but don't address these particular issues.

About the author

Simon's focus is the business of cybersecurity, building and hardening critical infrastructure over the past few decades for government and industry, beginning with civilian nuclear energy in Europe, to securing cloud and communications infrastructure in the US today.

He is a Certified Information Systems Security Professional (CISSP), with a BSc (Hons) in Physics from the University of Manchester, England, a Masters in Law & Cybersecurity from the University of Maryland Carey Law School, and an Executive MBA from the University of Maryland Smith Business School.

#cybersecurity #privacy #mobilesecurity