Risk
10/12/2012
09:02 AM
50%
50%

iOS6 Ad Tracking: How To Opt Out

By default, iOS 6 tracks iPhone and iPad owners' browsing history to serve advertisements.

Apple One Year After Steve Jobs: Hits And Misses
Apple One Year After Steve Jobs: Hits And Misses
(click image for larger view and for slideshow)
Value your privacy? Listen up. Apple's iOS 6 platform, which ships on the iPhone 5 and can be installed on older iPhones and iPads, is tracking your browsing history. It's doing this to more effectively target you for advertising. This behavior isn't necessarily nefarious, but it might irk some iOS device owners.

Apple no longer allows app developers to use the UDID (unique device identifier) code to track devices and device behaviors. The UDIDs are permanent numbers that can be tied to a specific device and, ultimately, a person. The lack of anonymity in this system forced Apple to look for another way to give advertisers the information they need. Well, it found one.

BusinessInsider spoke to advertising executives in order to understand the inner workings of the new system, and this is what's going on.

iOS 6 now uses something called an IFA--or "identifier for advertisers." The IFA is an anonymous number assigned to devices and users at random. Thankfully, it is temporary and can even be blocked. As iOS device owners use their apps or surf the Web, those apps and Web pages serve ads. In order to do that, the app publisher or website owner scans the IFA and passes it to the ad server, which logs the device's behavior and serves an ad based on what that person is doing with his or her device. Creepy.

Keep in mind, the IFA does not give away your personal identification. It doesn't tie John Q. Public to a specific device and behavior pattern.

[ Consumer privacy: is it a joke? Advertisers' 'Do Not Track' Protests Fail Smell Test. ]

The key part of this system, reports BusinessInsider, is that the IFA can be tracked by the ad company all the way to something called "conversion." This typically means when an iOS users sees an ad, clicks the link for that ad, and downloads an app or other content associated with that ad.

This system is on and active by default. I confirmed this on my own iOS devices. Thankfully, it can be turned off. Here's how.

The ad tracking setting is found by following the Settings -> General -> About -> Advertising path. Under that setting, you'll see something called "Limit Ad Tracking." When you encounter it for the first time, the toggle is in the "off" position. This actually means that ad tracking is turned on. In other words, your behavior is being tracked if the Limit Ad Tracking feature is turned off. If you want to opt out of targeted advertising and stop advertisers from following your online moves, switch "Limit Ad Tracking" to the on position.

As mentioned, this system is anonymous doesn't identify anyone personally. Even so, if you care to opt out, follow the steps above and you can feel slightly better than you're sharing less info about yourself with advertisers.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2808
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a rel...

CVE-2014-9713
Published: 2015-04-01
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

CVE-2015-0259
Published: 2015-04-01
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

CVE-2015-0800
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2...

CVE-2015-0801
Published: 2015-04-01
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.