Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Ad networks using new tracking methods to bypass iPhone security measures

Tightened security measures that ban user-tracking apps from Apple's App Store have forced ad networks to adopt alternative techniques in an escalating arms race between the booming cottage industry and consumer privacy advocates.

Sources from The Wall Street Journal say that ad networks are quickly finding workarounds as Apple attempts to limit user tracking amid privacy concerns voiced by both consumers and the U.S. government.

The mobile advertising industry, which was born when Apple launched the App Store alongside the iPhone 3G in 2008, relies on user data to effectively monetize ad space by tailoring advertisements to specific demographics. Without user tracking data, it is estimated that ad networks could lose millions of dollars in revenue each week. The mobile ad industry as a whole is expected to bring in $2.61 billion in 2012, according to eMarketer.

A vast majority of free apps depend on ad-supported revenue and ad servers contend that the money would dry up without user tracking.

"If there is no advertising the majority of apps would die," said Ouriel Ohayon, co-founder of mobile marketing company Appsfire. "It would wreck the whole industry."

Previously, unique device identifiers (UDIDs) were employed to track what apps were being used by iPhone and iPad owners, but a number of high-profile media reports raised the ire of consumers who felt their privacy was being violated. The issue was first broached in 2011, with concern reaching as high as the U.S. Senate, when it was revealed that iOS 4 regularly logged and stored location data in a local database file. Apple subsequently plugged the hole after clarifying that the information wasn't being used nefariously, though other the topic of user privacy cropped up again as other issues were unearthed in iOS 5.

A New York Times article in February exposed an authorization loophole that allowed an app to upload geo-tagged photos in the background, theoretically granting access to sensitive location data without a user's knowledge. In another case, social networking app "Path" came under fire for uploading the contents of an iDevice's address book to an offsite server.


Example of a mobile ad seen in the free Pandora iOS app.

The government re-entered the mix when Congress sent two letters to Apple CEO Tim Cook requesting a briefing on what the company was doing to remedy the perceived iOS privacy issues.

In response to the media outcry, Apple moved forward with plans to limit UDID access and began blanket rejections of apps that accessed the data. At the time, ad networks were said to be experimenting with MAC addresses and OpenUDID as substitutes for the UDID access ban.

Monday's report claims that ad providers are now using Open Device Identification Network (ODIN) as well as the aforementioned OpenUDID to bypass Apple's security measures, though it is unclear what workaround the networks will finally settle on to deliver the data they require.