Risk
10/12/2012
09:02 AM
Connect Directly
RSS
E-Mail
50%
50%

iOS6 Ad Tracking: How To Opt Out

By default, iOS 6 tracks iPhone and iPad owners' browsing history to serve advertisements.

Apple One Year After Steve Jobs: Hits And Misses
Apple One Year After Steve Jobs: Hits And Misses
(click image for larger view and for slideshow)
Value your privacy? Listen up. Apple's iOS 6 platform, which ships on the iPhone 5 and can be installed on older iPhones and iPads, is tracking your browsing history. It's doing this to more effectively target you for advertising. This behavior isn't necessarily nefarious, but it might irk some iOS device owners.

Apple no longer allows app developers to use the UDID (unique device identifier) code to track devices and device behaviors. The UDIDs are permanent numbers that can be tied to a specific device and, ultimately, a person. The lack of anonymity in this system forced Apple to look for another way to give advertisers the information they need. Well, it found one.

BusinessInsider spoke to advertising executives in order to understand the inner workings of the new system, and this is what's going on.

iOS 6 now uses something called an IFA--or "identifier for advertisers." The IFA is an anonymous number assigned to devices and users at random. Thankfully, it is temporary and can even be blocked. As iOS device owners use their apps or surf the Web, those apps and Web pages serve ads. In order to do that, the app publisher or website owner scans the IFA and passes it to the ad server, which logs the device's behavior and serves an ad based on what that person is doing with his or her device. Creepy.

Keep in mind, the IFA does not give away your personal identification. It doesn't tie John Q. Public to a specific device and behavior pattern.

[ Consumer privacy: is it a joke? Advertisers' 'Do Not Track' Protests Fail Smell Test. ]

The key part of this system, reports BusinessInsider, is that the IFA can be tracked by the ad company all the way to something called "conversion." This typically means when an iOS users sees an ad, clicks the link for that ad, and downloads an app or other content associated with that ad.

This system is on and active by default. I confirmed this on my own iOS devices. Thankfully, it can be turned off. Here's how.

The ad tracking setting is found by following the Settings -> General -> About -> Advertising path. Under that setting, you'll see something called "Limit Ad Tracking." When you encounter it for the first time, the toggle is in the "off" position. This actually means that ad tracking is turned on. In other words, your behavior is being tracked if the Limit Ad Tracking feature is turned off. If you want to opt out of targeted advertising and stop advertisers from following your online moves, switch "Limit Ad Tracking" to the on position.

As mentioned, this system is anonymous doesn't identify anyone personally. Even so, if you care to opt out, follow the steps above and you can feel slightly better than you're sharing less info about yourself with advertisers.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.