Trivially easy. Create an app that generates a random number and store it in the apps local storage. Send that with any interaction to whatever service you're providing. Hiding this feat in plain sight isn't that hard.
Currently there are two things preventing a developer from doing this:
1. you're supposed to be honest and not do that.
2. you could be caught during review by a bot or a human.
But all that does is let one app track your usage in that app. To do tracking outside of that, you'd need other apps to get access to another apps' local storage. Which you need the OS to give you permission to do.
We have toggles for preventing cell data usage, they could trivially do the same for wifi usage, or accessing other app's local storage.
I think computing devices need to have some kind of zero trust sandbox available for installation (kinda like a VM) where any API and system calls that an app use is spoofed. iOS have done this for files and photos (recently), but some is still all or nothing, like contacts. At least camera and microphone access show an indicator when they're in use.
Sure you can create a sandbox that can cater for some app and keep it completely isolated. And yes, whereas previously any app could basically see and do anything, now there are limits at the OS level.
But an app that shows the latest cat video needs connectivity and the server serving that car video now tracks when you were watching it.
Trivially easy. Create an app that generates a random number and store it in the apps local storage. Send that with any interaction to whatever service you're providing. Hiding this feat in plain sight isn't that hard.
Currently there are two things preventing a developer from doing this:
1. you're supposed to be honest and not do that.
2. you could be caught during review by a bot or a human.
Nothing at the OS level to prevent this.
But all that does is let one app track your usage in that app. To do tracking outside of that, you'd need other apps to get access to another apps' local storage. Which you need the OS to give you permission to do.
We have toggles for preventing cell data usage, they could trivially do the same for wifi usage, or accessing other app's local storage.
I think computing devices need to have some kind of zero trust sandbox available for installation (kinda like a VM) where any API and system calls that an app use is spoofed. iOS have done this for files and photos (recently), but some is still all or nothing, like contacts. At least camera and microphone access show an indicator when they're in use.
Sure you can create a sandbox that can cater for some app and keep it completely isolated. And yes, whereas previously any app could basically see and do anything, now there are limits at the OS level.
But an app that shows the latest cat video needs connectivity and the server serving that car video now tracks when you were watching it.
And no one, not even Apple, complains about that kind of tracking nor attempt to stop it.
This is a ridiculous example
Yes, but there’s no way to stop that kind of tracking since those app require you to sign in.
The current App Store already has this kind of tracking.
> Nothing at the OS level to prevent this
This is incredibly common practice and AFAIK not even discouraged by Apple.
The app sandbox constrains the local storage data to the app which created the unique identifier. There is no third-party tracking opportunity here.