Risk
10/12/2012
09:02 AM
50%
50%

iOS6 Ad Tracking: How To Opt Out

By default, iOS 6 tracks iPhone and iPad owners' browsing history to serve advertisements.

Apple One Year After Steve Jobs: Hits And Misses
Apple One Year After Steve Jobs: Hits And Misses
(click image for larger view and for slideshow)
Value your privacy? Listen up. Apple's iOS 6 platform, which ships on the iPhone 5 and can be installed on older iPhones and iPads, is tracking your browsing history. It's doing this to more effectively target you for advertising. This behavior isn't necessarily nefarious, but it might irk some iOS device owners.

Apple no longer allows app developers to use the UDID (unique device identifier) code to track devices and device behaviors. The UDIDs are permanent numbers that can be tied to a specific device and, ultimately, a person. The lack of anonymity in this system forced Apple to look for another way to give advertisers the information they need. Well, it found one.

BusinessInsider spoke to advertising executives in order to understand the inner workings of the new system, and this is what's going on.

iOS 6 now uses something called an IFA--or "identifier for advertisers." The IFA is an anonymous number assigned to devices and users at random. Thankfully, it is temporary and can even be blocked. As iOS device owners use their apps or surf the Web, those apps and Web pages serve ads. In order to do that, the app publisher or website owner scans the IFA and passes it to the ad server, which logs the device's behavior and serves an ad based on what that person is doing with his or her device. Creepy.

Keep in mind, the IFA does not give away your personal identification. It doesn't tie John Q. Public to a specific device and behavior pattern.

[ Consumer privacy: is it a joke? Advertisers' 'Do Not Track' Protests Fail Smell Test. ]

The key part of this system, reports BusinessInsider, is that the IFA can be tracked by the ad company all the way to something called "conversion." This typically means when an iOS users sees an ad, clicks the link for that ad, and downloads an app or other content associated with that ad.

This system is on and active by default. I confirmed this on my own iOS devices. Thankfully, it can be turned off. Here's how.

The ad tracking setting is found by following the Settings -> General -> About -> Advertising path. Under that setting, you'll see something called "Limit Ad Tracking." When you encounter it for the first time, the toggle is in the "off" position. This actually means that ad tracking is turned on. In other words, your behavior is being tracked if the Limit Ad Tracking feature is turned off. If you want to opt out of targeted advertising and stop advertisers from following your online moves, switch "Limit Ad Tracking" to the on position.

As mentioned, this system is anonymous doesn't identify anyone personally. Even so, if you care to opt out, follow the steps above and you can feel slightly better than you're sharing less info about yourself with advertisers.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3971
Published: 2014-12-25
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

CVE-2014-7193
Published: 2014-12-25
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site ...

CVE-2004-2771
Published: 2014-12-24
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

CVE-2014-3569
Published: 2014-12-24
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshak...

CVE-2014-4322
Published: 2014-12-24
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or c...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.