TikTok, Tencent bite a hole in Apple's ad privacy plans

ByteDance and Tencent are among the Chinese tech giants now working furiously on a way around Apple's coming new privacy rules.

CAID, for China Anonymization ID, is currently being tested by the state-backed China Advertising Association.

It lets these companies continue to track iPhone users and show them targeted ads without the users' consent.

Figure 1: Ticking clock: Chinese companies like ByteDance – the people behind TikTok – are looking for loopholes.
(Source: Solen Feyissa on Unsplash)

Apple will be introducing an update to iOS14 in the next several weeks that will allow users to opt out from being tracked, and preventing apps from tracking users if they do.

When the update arrives, users will have the nifty ability to choose which of their apps can access their Apple Identifier for Advertisers (or IDFA). Apple calls this App Tracking Transparency (ATT).

It will be a big blow for apps, including Facebook, which bankroll themselves by offering highly precise targeting capabilities to ad buyers.

"Senator, we run ads," Mark Zuckerberg famously said in 2018.

Device fingerprinting

TikTok owner ByteDance has already given its developers an 11-page guide on how to use the CAID to track users if they've opted out of sharing their IDFA.

(A sneak preview is here, if you fancy using Google translate.)

It uses device fingerprinting, an approach which is against Apple's rules but can be hard to detect.

Your usage patterns, language, battery habits and hardware characteristics can taken together be pretty good signs a particular device is yours.

Many app vendors have been exploring approaches along these lines to get around Apple's new Damascene conversion to the virtues of privacy.

For app vendors, the tough question is whether to go without advertising pennies, or risk Apple's ire and being thrown out of the App Store, the world's most lucrative shopfront.

But where it gets interesting is that Apple may find itself turning a blind eye to the CAID tool, in order not to upset China's government.

No bothering Beijing

The situation is a dicey one as China is now one of Apple's most important international markets, already worth $44 billion in sales to Cupertino in 2019.

And then the China market soared in 2020, after China's successful 5G rollout, when Apple tapped pent-up demand for its 5G-enabled iPhone 12.

Apple sold $21.31 billion worth of iPhones in China, between October and December 2020.

This represented a 57% boost in Chinese iPhone sales from the same three months a year earlier.

So you can see why Apple could be a bit reluctant to annoy a wealthy country with 1.44 billion people, many of whom are mad about iPhones.

We saw a glimpse of Apple's vulnerabilities in China last September, when the Trump administration ordered China to remove Tencent's WeChat from the App Store.

Banning the hugely popular app, without which it's difficult to do anything in China, would likely have led Chinese iPhone sales to drop by 25-30%, said analyst Ming-Chi Kuo.

Usefully for Apple, San Francisco judge Laurel Beeler blocked this order before it took effect.

Teacher can't flunk all of us

Companies outside China, including a French gaming company, have shown interest in using CAID too.

Other international companies are applying to use CAID through their Chinese subsidiaries.

"The strategy for these Chinese companies is: Teacher can't flunk all of us," analyst Eric Seufert writes on Twitter.

All companies operating in the Chinese market do so at the pleasure of China's government, and many of Apple's devices are even manufactured in China.

Want to know more about security? Check out our dedicated security channel here on Light Reading.

But if Apple turns a blind eye to CAID to avoid a Beijing bellyache, the end result might be a China-shaped hole in its new ATT privacy strategy, which any company could crawl through.

And the Western regulators and politicians in Washington, London and Brussels Apple was trying to impress?

They may not be so dazzled after all.

Related posts:

— Pádraig Belton, contributing editor special to Light Reading