Apple tells Chinese apps not to bypass App Tracking Transparency

Apple is warning Chinese app developers and companies not to bypass its upcoming App Tracking Transparency privacy feature, according to a new report.

The ATT feature, which will require apps to obtain permission from users before tracking them, is slated to launch in the spring. But an earlier report indicated that Chinese app companies were already testing workarounds for the feature.

According to The Financial Times, Apple has sent warnings to at least two Chinese app companies that were testing methods to track users without their permission.

"We found that your app collects user and device information to create a unique identifier for the user's device," Apple's email said, before stating that the developers must comply or risk their apps being removed from the App Store

The Financial Times reports that at least one of those developers was using a tool called CAID, which was developed by the state-backed Chinese Advertising Association. Earlier in the week, the CAA said that its tool is not "in opposition" to App Store privacy policies.

The CAA also said it's developing new methods for collecting and tracking user data to create fingerprints. Apps that use the CAA's CAID identifier will collect user information and send them to a centralized server to create a new CAID identifier, which will then be used to track users across other apps and websites.

Major Chinese companies like Baidu, Tencent, and ByteDance are all reportedly testing CAID to continue tracking users. However, one Chinese marketing insider said that Apple's recent actions "will put a stop to these tests."

Some tech experts believe that Chinese app companies will continue to tailor their tracking methods in what has been likened to a "cat-and-mouse" game. For example, some developers may implement CAID tracking on their own servers rather than a user's device. That could allow Chinese app developers to make changes at the server level that are harder for Apple to detect.

ByteDance, the company that created TikTok, recommends that developers use its own SDK to issue two new user identifiers. One is based on a user's IP address, while the other on a device's unique IMEI number. Both of those tracking tags violate Apple's App Store rules, since the company requires developers to obtain permission before using "other IDs with a third-party advertising network."

As a backup plan, ByteDance is recommending that developers use "fingerprinting and probabilistic matching" to track users. That's also a violation of Apple's rules.

Apple, which declined to comment to The Financial Times, has maintained that apps that violate its policies will be rejected from the App Store.