With the rapid development of the digital age, usersprivacy protectionAwareness is awakening, and concerns about privacy protection are clearly on the rise. At the same time, the world has kicked off a major trend in privacy protection, from the GDPR to thePersonal Information Protection ActThe privacy issue has become a "deep pit" that Internet technology giants have to face up to.
A number of giants have fallen foul of it, the most familiar of which is Meta. in 2019, Facebook was fined $5 billion for compromising user privacy, and in 2021, for exposing the personal information of hundreds of millions of users around the world. meta was fined €265 million by Ireland's Data Protection Commission (DPC).
And just recently, Google raised the flag of user privacy protection, began planning to comprehensively disable third-party cookies, has been a small-scale test of 1% users, is expected to be extended to all Chrome users at the end of this year. It is also worth noting that Apple's previously released new 2024 app developer rules mentioned that it will crack down on third-party SDK privacy lists, which will be focused on implementation in the spring of this year.
Google and Apple have undoubtedly released two heavy "bombs" for user privacy protection. These two initiatives not only have a huge impact on the entire technology industry ecosystem, in the field of personal privacy protection is also a landmark event.
Google removes cookies:
This move by Google has been in the works for years. The current cookie ban is aimed at third-party cookies, i.e., cookies placed on websites by the online advertising industry for tracking users and placing relevant advertisements, and will not affect cookies used by websites to store basic content such as login information.
A cookie, known as an HTTP cookie, is a small text file used to pass information between a client and a server. It first appeared in 1994 and was invented by Lou Montulli, a programmer at Netscape. Initially intended to solve the problem of shopping cart functionality, it was later widely used for user tracking and personalized services on websites. Nowadays, cookies have become an integral part of the Internet.
Cookies, as an important part of the Internet, provide us with many convenient features, but also pose some privacy and security risks.
Several organizations and companies have regulated the use of cookies due to data privacy risks. For example, the European Union prohibits the use of unnecessary cookies to analyze or track users without their explicit consent, and Apple prohibits the use of third-party cookies for iPhone and iPad users.
After Google announced the removal of cookies, the advertising industry was very upset about the move. Anthony Katsur, CEO of IAB Tech Lab, a trade organization for the ad tech industry, says the ad industry is far from ready for this. This is because it could affect the extent to which a company's ads reach its ideal audience.
According to data published by Statcounter, Google Chrome accounts for 65% of global Internet traffic, making it a veritable Internet advertising giant, and the advertising industry has always been extremely dependent on Google's powerful traffic. As a result, the price of online advertising may change unpredictably with Google's move after the removal of cookies.
Apple cracks down on third-party SDKs:
Before Google, the global giant Apple Inc. for user privacy protection also has "big action".
Since the introduction of the new IDFA rules in iOS 14.5 in 2021, Apple's privacy policies have been getting stricter and stricter, regardless of whether Apple really wants to protect consumer privacy or, as many of our friends have commented, is essentially trying to increase its own revenue from ad services.
In the winter of 2023, Apple released new app developer rules for 2024, which mentioned that it would crack down on third-party SDK privacy lists; with the aim of protecting user privacy; so that users would be more aware of how third-party SDKs are used and collect data.
SDK, full name is Software Development Kit. Broadly speaking, it is a collection of relevant documents, examples and tools that aid in the development of a particular type of software. As for cell phones, usually, these SDKs are toolkits developed by third-party service providers such as advertising, data, social networks, maps and push platforms to provide specialized services, which encapsulate complex logic implementations as well as the process of request response to make them more user-friendly for developers. In order to shorten development time and increase development efficiency, mobile app developers integrate many types of third-party SDKs (software development kits) into their apps. It is easy to see that third-party SDKs have become an important part of the mobile application ecosystem.
Application developers use SDKs, not only to better reduce the burden of developers, but also to assist in the development of software features, but it is difficult for either developers or users to discover the hidden privacy risks of SDKs.
So at WWDC 2023, Apple announced new SDK privacy lists and signatures to give users a better understanding of how third-party SDKs use and collect data, with a focus on implementation in spring 2024.
Third party SDK privacy list:
A third-party privacy manifest, which essentially allows SDK developers to provide information about how their SDK collects data, enables APP developers to quickly get a detailed report when integrating various SDKs, thus avoiding unnecessary user data on additional phones.
In this new regulation, Apple requires all developers who use third-party SDKs to take responsibility for all code included in the SDK in the APP and to clearly understand how the SDK collects and uses user data.
In this way, developers can better and more clearly provide their APP's privacy label in the background when submitting for APP Store review, and clearly define their APP's data collection and usage scenarios in the background of the APP Store, so that users can clearly guide what data the APP collects and what it will be used for in the detail page.
Third-party SDK signatures:
Apple also requires developers of SDKs to provide an SDK signature. Apple wants to ensure that the SDK is not tampered with during development by means of signature authentication. Once an SDK is signed and certified, Xcode15 will display the corresponding Signature information, and if it is found that the current signature is not the same as the last one, then Xcode will fail the compilation and pop up a warning. While Apple does not currently require all SDKs to be signed, it is important to add a signature if the SDK involves a private phone, especially if it is one of the SDKs in the list below.
API Statement:
Another notable thing in this new policy is the API declaration. Apple has made a new API classification, and developers need to state why they need to call that API interface inside the privacy list. Judging from the current situation, Apple probably expects this move to regulate the use of these APIs by APPs to do various Fingerprinting recognition behaviors. That is to say, if the SDK and the APP use these APIs in the classification, then the developer needs to fill in the privacy list the reason why they need to call these APIs.
Impact:
Google's elimination of cookies and Apple's crackdown on third-party SDKs are two major moves that are a crucial step for user privacy protection.
For user privacy protection:
These two major initiatives will significantly reduce the tracking and collection of user information by third parties and protect users' personal data. Second, because third-party cookies and SDKs often share data with several different companies and services, such initiatives can also reduce the risk of data leakage and misuse. At the same time, restrictions on third-party cookies and SDKs can also raise users' privacy awareness and make them more aware of how their data is being collected and used. When users know their privacy is protected, their trust in using the service or product increases.
For the advertising industry:
These two major moves will have some impact on the advertising industry. Taking Google's abolition of cookies as an example, it means that advertisers will no longer be able to track users' behavior through cookies to deliver more accurate ads. This may lead to a decrease in the effectiveness and accuracy of advertisements, and the revenue of the advertising industry will also be affected.
For app developers:
These two major initiatives will also bring some challenges to app developers. Taking Apple's crackdown on third-party SDKs as an example, this means that developers will need to be more careful when using third-party SDKs to ensure that the SDKs do not infringe on user privacy. Developers also need to be more aware of users' privacy rights and provide more transparent privacy information in their apps.
Summary:
Google's removal of cookies and Apple's crackdown on third-party SDKs are important developments in personal privacy protection in the Internet era. These two major initiatives will have a profound impact on user privacy protection, the advertising industry, and app developers.
Original article by Chief Security Officer, if reproduced, please credit https://cncso.com/en/google-and-apple-take-steps-to-protect-user-privacy-html