Skip to main content Skip to footer

How Apple Uses Privacy-Enhancing Technologies (PETs) in AdTech

How Apple Uses Privacy-Enhancing Technologies (PETs) in AdTech

Natalia Figas

Content Marketer

Apple prioritises user privacy by incorporating privacy-enhancing technologies (PETs) across their range of services. 

To illustrate, Safari, Maps, Health, and the SKAdNetwork mobile measurement framework are all examples of Apple services with built-in encryption features. 

In this article, we delve into how Apple employs PETs to protect user privacy and offer greater transparency in an ever-connected digital landscape. 

This is also the fourth entry in our series of articles on tech giants adopting PETs. 

Key Points 

  • Apple prioritises user privacy with built-in privacy-enhancing technologies (PETs). Users have granular control over their data, including health and fitness data, location data, payment information, and data sharing with third-party apps. 

  • Many of Apple’s features, such as facial recognition or Siri, process data on the user’s device rather than in the cloud, which helps enhance privacy. 

  • Apple’s SKAdNetwork framework allows advertisers to measure ad campaign effectiveness without compromising user data or privacy. Unlike other tracking methods, SKAdNetwork APIs can be used without explicit user tracking authorisation, maintaining user privacy. 

  • Apple ensures that PETs are applied consistently across all of their devices, including iPhones, iPads, Macs, and more. 

How Is Apple Adopting Privacy-Enhancing Technologies? 

Apple emphasises the importance of user consent in data sharing, putting control back in the hands of the user. The company combines technological innovation and a user-centric approach to protect user privacy and enhance the overall user experience across their ecosystem. 

First, let’s take a look at what PETs are included in Apple’s systems designed for individual users.

What Privacy-Enhancing Technologies Does Apple Use

Privacy-Enhancing Technologies in iOS, macOS, iPadOS 

Apple is committed to protecting user data. To that end, their products and features minimise user data access. Since Apple offers a really wide range of services, we’ll describe a few selected ones to showcase how the company incorporates PETs. 

Safari 

The Safari web browser prioritises user privacy with several privacy features, including Intelligent Tracking Prevention (ITP), passkeys, Privacy Reports, password monitoring, social widget tracking prevention, fingerprinting defence, Private Browsing, the Smart Search field, and extension control. 

To be more accurate, Safari leverages the following privacy-enhancing technologies: 

  • Cryptographic techniques 

  • Defence mechanisms against fingerprinting 

  • On-device data processing 

  • Obfuscation of the system configuration so more devices look identical to trackers 

  • Minimising data collection 

  • Differential privacy 

  • Various security protocols 

Most of these features are active by default, so users don’t have to take any additional actions to turn them on. However, it depends on the user whether they want to keep the features on or off. 

But how exactly do the key privacy features in Safari work? 

  • Intelligent Tracking Prevention employs on-device machine learning to halt cross-site tracking, while maintaining website functionality. 

  • Smart Search limits the amount of data shared with third-party search engines, excluding precise location details and cookies from search data transmission. 

  • The Private Browsing mode prevents the retention of a user’s browsing history, especially in shared-device scenarios. 

  • Seamless Apple Pay integration prioritises security by avoiding sharing credit card numbers with Apple or vendors. 

  • Through iCloud Keychain, users can securely synchronise passwords, credit card details, and autofill data across devices without compromising security or requiring logins for other services. 

Maps 

Similarly to Safari, Maps offers a wide range of built-in safety features. 

Apple uses device data to create personalised experiences. However, data transmitted from your device to the Maps service is minimal and linked with random identifiers, ensuring that Apple doesn’t keep a record of the user’s browsing and location history. 

Moreover, Maps employs end-to-end encryption for the user’s personal data across all devices. 

Maps goes a step further to obscure the user’s location on Apple servers. A process known as “location fuzzing” converts the user’s precise search origin to a less precise one after 24 hours, safeguarding their identity. Apple also refrains from retaining a history of users’ searches or locations visited. 

The company applies privacy safeguards to Maps extensions used in ride-booking and reservation apps, as well. These extensions operate within their secure environments (sandboxes), sharing permissions with their parent apps. For ride booking, only the user’s start and end points are shared with the extension, while table reservations reveal only the tapped point of interest. 

Apple Maps leverages the following privacy-enhancing technologies: 

  • End‑to-end encryption 

  • Random identifiers 

  • Location fuzzing 

  • Sandboxes 

Image storage and management as well as communication applications are other services that utilise PETs. Below, you’ll learn more about specific data security technologies and techniques incorporated by Apple. 

Face recognition in Photos 

Face recognition, scene detection, and object detection are performed entirely on a user’s device rather than in the cloud. Additionally, apps can only access photos with explicit permission, putting the user in control of their data. 

The Photos app boasts features like locked Hidden and Recently Deleted albums, which require an authentication method (Face ID, Touch ID, or passcode) on the user’s device for access. 

Memories and Sharing Suggestions leverage on-device intelligence to categorise photos by faces and places, facilitating easy retrieval. All of this happens on the user’s device, without granting Apple access to the photos. 

When using iCloud Photos, a user’s photo library is safeguarded with encryption on Apple’s servers. While sharing photo data between devices with iCloud Photos enabled, the user retains control over including location, edit history, or depth data when sharing a photo. 

Furthermore, the user decides which images to share with third-party apps, offering granular control over photo access. 

Apple’s Photos service leverages the following privacy-enhancing technologies: 

  • On-device intelligence 

  • Encryption 

  • Sharing controls for photo metadata and location 

  • Limited Photos library access for third-party apps 

  • Selective photo sharing with apps 

  • Controlled app access to a user’s photos 

Communication apps 

Apple’s iMessage, FaceTime, and Mail services put user privacy at the centre by leveraging PETs such as hiding IP addresses, end-to-end encryption, and random identifiers. 

The features that ensure privacy in Apple’s communication applications include: 

  • Mail Privacy Protection hides the user’s IP address to prevent email senders from creating a profile of the user’s online activity. It also ensures they can’t determine if the user opened their email. 

  • Messaging apps encrypt communication on a user’s device, and Apple cannot access the messages during transit. Additionally, Link Tracking Protection removes extra information from URLs shared in messages to prevent tracking by websites. Last but not least, each app is provided with a random identifier for each participant, which is reset when the app is uninstalled. 

  • FaceTime and Group FaceTime calls aren’t stored on Apple’s servers, and they’re protected with end-to-end encryption during transit. 

  • Live Voicemail provides live transcription of voicemail messages and processes them entirely on the device. 

  • NameDrop in AirDrop allows secure sharing of contact information by holding iPhones near each other. 

Siri 

Another service that has integrated privacy-enhancing technologies is Siri, a virtual voice-activated assistant developed by Apple. 

Siri is available on various Apple devices, including iPhones, iPads, Macs, Apple Watches, and HomePod smart speakers. Siri uses natural language processing and speech recognition technology to understand and respond to user commands, questions, and requests. 

Users can interact with Siri by saying voice commands or asking questions, and Siri provides answers, performs tasks, and offers information based on the user’s input. Siri can integrate with various apps and services to provide more personalised and context-aware assistance. 

To ensure user privacy, Apple incorporates various privacy-enhancing technologies into this product, such as: 

  • On-device processing to eliminate sending unnecessary information to Apple’s servers 

  • Random identifiers and encrypted protocols to protect users’ privacy when sending the necessary information to Apple servers 

  • Location fuzzing to avoid sharing precise locations with Apple’s servers 

Payment services 

The convenience of effortless data guarding goes beyond the basic services of Apple. Applications for payments, health, and location ensure no less security than previously mentioned Safari, Maps, image management, and communication apps. 

Apple Wallet is a mobile app that allows users to store and manage various types of digital items, such as credit and debit cards, boarding passes, event tickets, loyalty cards, coupons, and more — all in one convenient location on their iOS devices. It uses encryption techniques and data processing in the device’s sandbox (Secure Element). 

Apple also offers payment services where a unique Device Account Number is created, encrypted, and stored in the Secure Element on the user’s device. 

To secure payment processing, Apple creates a dynamic security code, while Apple Card, another service of theirs, uses on-device intelligence to process any transactional information. 

The company requires all apps and websites using Apple Pay to have a privacy policy, so users can view and educate themselves on how their data is being used. 

Lastly, to protect users’ privacy when they use Apple Cash, Apple created Apple Payments Inc. to separate storing and processing information from other Apple services. 

Health-related services 

Apple’s health-related services incorporate a variety of PETs to prioritise user privacy and data security. One significant aspect is the encryption of health and fitness data within the Health app when a user’s device is locked with a passcode, Touch ID, or Face ID. 

Notably, any Health data backed up to iCloud is encrypted both during transmission and while it’s being stored on Apple’s servers. With two-factor authentication, passcodes, and updated versions of watchOS and iOS, health and activity data is backed up in a way that ensures Apple’s inability to access it. 

Activity sharing allows users to share their Apple Watch Activity data with others. Once sharing is stopped, the recipient’s iPhone deletes historical data stored in the Fitness app. Additionally, users can temporarily hide their activity. 

HealthKit enables developers to create health and fitness apps that can share data with the Health app or among themselves. Users retain control over which HealthKit data elements are shared with different apps. 

To ensure user privacy, apps leveraging HealthKit are prohibited from using or disclosing data for advertising purposes and can only share data for health improvement or research with user permission. Data shared with trusted apps moves directly from HealthKit to the third-party app, bypassing Apple’s network. 

ResearchKit and CareKit, open-source frameworks, harness the capabilities of iPhones for medical research and individual well-being. Users determine their study participation using ResearchKit and can provide information with individual research apps. Data access by apps using ResearchKit or CareKit requires user consent, while approval from an ethics review board is mandatory for certain ResearchKit studies. 

Apple utilises these PETs in their health-related services: 

  • Encryption of health and fitness data 

  • Activity sharing control 

  • Health sharing customisation 

  • HealthKit data sharing control 

  • Consent-based data access for ResearchKit and CareKit apps 

  • Secure data collection and storage in the Apple Research app 

All of this is done in compliance with HIPAA regulations. 

Location-related services 

Apple employs privacy-enhancing technologies in their location-related services to provide users with increased control over their location data. 

Location Services privacy controls serve as a potent tool for users to manage which apps are granted access to their location information. Fine-grained controls are utilised for app location permissions, allowing users to determine the location data shared with apps. Users can choose to grant an app access to their location once or on a per-use basis. 

With the introduction of iOS 14, iPadOS 14, and watchOS 7, users have the option to reveal their approximate location within an area of about 10 square miles to apps, as opposed to sharing their exact location. This empowers users to utilise apps for tasks like finding nearby restaurants or checking the local weather without divulging more information than necessary. 

Notifications are implemented for background tracking, alerting the user when an app is using their location in the background. This ensures that the user is aware of the app’s location usage and can decide whether to continue granting it permission. 

Wi-Fi and Bluetooth location privacy enhancements, introduced in iOS 13 and iPadOS 13, offer users heightened protection. API changes restrict the access of apps to Wi-Fi network names, limiting their ability to determine the user’s location without consent. As for Bluetooth, controls are established so that apps must request permission before accessing Bluetooth for purposes other than audio playback. Users also retain the ability to modify app access to Bluetooth. 

Furthermore, Apple enables users to exercise location controls when sharing photos. On macOS, iOS, and iPadOS, users can choose whether to include location information when sharing a photo with friends or apps. 

In essence, Apple integrates PETs to bolster the privacy of user location data, offering transparent controls and notifications for a more secure and informed experience. 

Privacy-enhancing technologies utilised here are: 

  • Fine-grained app location permissions 

  • Approximate location sharing 

  • Background tracking notifications 

  • Wi-Fi and Bluetooth location privacy enhancements 

  • Location controls for shared photos 

SKAdNetwork 

Aside from PETs incorporated in services for individual users, Apple also adapted their advertising technologies to be secure. 

SKAdNetwork is a framework that aims to validate and report on advertisement-driven app installations. It’s designed to help advertisers measure the effectiveness of their ad campaigns without compromising user data or violating their privacy. 

SKAdNetwork employs several privacy-enhancing technologies to protect user privacy: 

  • Anonymised postbacks 

When an ad impression leads to an app installation, SKAdNetwork generates postbacks that notify the ad network of the successful conversion. These postbacks contain data tiers determined by Apple, which helps ensure crowd anonymity. The postbacks don’t contain user- or device-specific information. 

  • Attribution time window 

SKAdNetwork operates within an attribution time window. If a user launches the advertised app within this window after tapping the ad, the ad impression is eligible for install-attribution postbacks. This time window limits the data collected to a specific period and doesn’t track long-term user behaviour. 

  • Conversion value updates 

The advertised app updates conversion values as users engage with the app. These updates provide a way to measure ongoing user interactions with the app without revealing individual user actions. This is achieved through multiple conversion windows, enabling up to three postbacks for an ad impression. 

  • Limited data disclosure 

The information included in the postbacks is cryptographically signed by Apple and doesn’t contain detailed user or device data. It may include values from the ad network and the advertised app only if they meet Apple’s privacy threshold. 

  • Opt-in postbacks 

Developers can receive postbacks from the ad network if they choose to opt in. This allows them to gather insights about the performance of their campaigns while adhering to privacy guidelines. 

  • No app tracking transparency requirement 

Unlike other tracking methods that require user consent through the App Tracking Transparency framework, SKAdNetwork APIs can be used without needing explicit tracking authorisation from the user. This ensures that user privacy is maintained without compromising the app’s functionality. 

  • Compatibility restrictions 

SKAdNetwork APIs may not function in certain scenarios, on some devices, or within specific app environments, such as iPad or iPhone apps running in macOS or visionOS, Mac apps built with Mac Catalyst, or App Clips. 

App Tracking Transparency 

In iOS 14.5 and later versions, Apple introduced the App Tracking Transparency feature. This requires app developers to obtain user consent before tracking their data across apps and websites owned by other companies for advertising or sharing with data brokers. 

Looking for AdTech & MarTech development services?

Discover how our teams can help you design, build and maintain advertising and marketing software.

 

Learn More