Apple WWDC: Reshaping privacy

Author: Manon Dubreuil

Apple Worldwide Developers Conference (WWDC) strikes again with exciting new announcements. Tim Cook kicked things off in front of a frenzied crowd of memojis, then gave the floor to Apple Managers who rolled out the red carpet to mind blowing announcements.

Among the new functionalities and updates on iPhone, iPad, MacOS and Apple Watch, we could see that Apple is really making privacy its pet project. The announcements made by Craig Federighi and his collaborators will dramatically change the way we use Adtech. The watchword: keeping personal data under user control. Let’s dive deeper into these revelations.

Private browsing from A to Z

Apple has been giving marketers a hard time since 2017, when Intelligence Tracking Prevention (ITP) was first implemented. It protects Safari traffic data in an impregnable fortress, from automatically purging third-party cookies to sabotaging finger printing and link decoration tactics – used by marketing teams to track users and force-feed them with advertising. The company keeps thwarting marketer attempts to collect data by continuously improving ITP with new features and capabilities.

Apple is taking its privacy efforts even further! On the paid version of iCloud (rebranded iCloud +), users will discover the joy of incognito browsing with iCloud Private Relay. While browsing, users’ data, identity and browsing history are easily accessible through DNS queries. With fingerprinting techniques, advertisers can collect even more data about users such as the type of device and browser they use.

With iCloud Private Relay, Apple sends the user request to an ingress proxy, setting up a connection with the user’s IP address. Then a connection is made with an egress proxy, forwarding the request to the server, with another IP address that is set by the network provider. For users, it means than no one, including Apple, will know what site they are trying to access. Localising users will also be more complicated as it’s only possible to know in what region they are. iCloud Private Relay protects all Safari browsing and http queries. If users are already using a VPN or another proxy, the traffic they generate will transit through their VPN or proxy.

But Apple is not stopping there. It goes even further with a more private way for users to use Mail.

Mail secrecy

It’s well known that marketing teams rely a lot on email tracking to see how their campaigns are performing. They used to have the possibility to track when users are opening the email, their IP address, whether they interacted with the content or not… Apple will now protect user privacy with Mail Privacy Protection.

When opening an HTML email, remote content helps marketers to track users with invisible pixels or images hosted on their web servers to see how they engage with the email. When using the Mail app on Mac, iPhone, iPad or Apple Watch, users could choose to avoid downloading images. Now they’ll have the possibility to view rich HTML mails with images, while hiding their IP address. This means it’s now impossible for senders to track if an email has been opened, from which location and if the user interacted with it. To do so, every user request to download remote email content goes through Apple’s private relay. It will then be impossible for the sender to know who downloaded the email, besides the region. A major blow for email marketing.

In addition to this, Apple added a new functionality called Hide My Email. This seems to be a bit like an upgraded version of Sign In with Apple, with more capabilities. With Hide My Email, users can generate unique, random email addresses to use, for example, when completing forms or signing up on a website. The emails sent to these random email addresses are then forwarded to the user’s personal mailbox – which is kept secret.

These fake email addresses can easily be deleted to avoid spam emails. This is a clear answer to Google’s announcements about Federated Login. Using the same ID on several websites allows marketers to aggregate and analyse user data, to profile them and facilitate cross-site tracking, among other things. Hide My Email prevents this as users can now use different email addresses each time they register on a website, complete a form, etc.

This is a big revolution for Mail users who will now be able to use their personal mailbox without the fear of tracking thanks to the power combo of Mail Privacy Protection and Hide My Email.

Information sharing transparency

In the Keynote, Apple is showing a real willingness to empower its users by sharing information with them about how their data is used and who can access it. It has already started with the Privacy Nutrition Label in 2020, compelling developers to add privacy information when updating their apps on the Appstore. This update is allowing users to know what data will be used to track them or will be collected about them when downloading and using an app.

Apple is taking this further with App Tracking Transparency. Thanks to a complete App Privacy Report, users can check how apps are dealing with their privacy – including what permission is granted to the app when users download it, what user information the app tries to access and with what 3rd party domain it is shared.

In addition to blocking all third party cookies, Safari is also giving users information on how their data is used and on the trackers that tried to access their data via the Safari Privacy Report.

What’s next for Adtech?

With almost a fifth of international browsing going through Safari, more than a quarter of devices used in the world being iPhones and over 170 million paying iCloud users, this Apple privacy announcement is a big deal. Compared to Apple, Google I/O privacy Sandbox seems like a very small evolution.  

It’s safe to say that these changes will reshape online monetisation. Marketing teams will have a hard time pushing the right content to the right user as they won’t be able to collect data in an Apple environment. When 18,43% of all web traffic becomes inaccessible, marketing automation and analytics tools will no longer provide accurate data.

The future is uncertain. Will marketers now only exploit data from Chrome and Android users? Chrome still represents 64,73% of the international traffic, while 71,45% of mobile devices (smartphone and tablets) are Android users. How will these users react when they realise just how far Chrome and Android go to collect their data? This operating system is hardly exemplary in terms of privacy – even if it’s slowly trying to move in the right direction by also killing third-party cookies.

Apple’s moves are a precursor of major changes that will force advertisers to rethink how they target consumers. Let’s hope it would lead to more contextual advertising and really trying to listen and help users – rather than invading their private lives and profiling them. As the User Agency, it encourages Emakina to rethink our service offering – especially when it comes to campaigns or marketing automation.

But we are ready. Our aim has always been to improve lives and this is a great opportunity for us to offer users more meaningful experiences. It’s a win/win situation for everyone and an opportunity to get users to engage with brands even more.

If everything runs as expected, these privacy announcements will only be integrated in iOS15, MacOS Monterey, iPadOS15 and Apple Watch OS 8 releases by the Fall, when the new iPhone 13 comes out. This might give Cupertino’s competitors a bit of time to think of new strategies to adapt to the new paradigm that Apple is setting. One thing is sure, we need to keep a close eye on what will  happen over the coming months to adapt as fast as possible to this changing environment.

gallery image