Privacy-focused search engine DuckDuckGo called out rival Google for "spying" on users after the search giant updated its flagship app to spell out the exact kinds of information it collects for personalization and marketing purposes.

"After months of stalling, Google finally revealed how much personal data they collect in Chrome and the Google app. No wonder they wanted to hide it," the company said in a tweet. "Spying on users has nothing to do with building a great web browser or search engine."

The "privacy nutrition labels" are part of a new policy that went into effect on December 8, 2020, mandating app developers to disclose their data collection practices and help users understand how their personal information is put to use.

The insinuation from DuckDuckGo comes as Google has been steadily adding app privacy labels to its iOS apps over the course of the last several weeks in accordance with Apple's App Store rules, but not before a three-month-long delay that caused most of its apps to go without being updated, lending credence to theories that the company had halted iOS app updates as a consequence of Apple's enforcement.

An analysis of app data collection practices by cloud storage company pCloud released earlier this month found that 52% of apps share user data with third-parties, with 80% of apps using the collected data to "market their own products in the app" and deliver ads on other platforms.

App Tracking Transparency Explained

In addition, an upcoming privacy update to iOS 14.5 will also require apps to ask for users' permission before tracking them across other apps and websites using the device's advertising identifier (also called IDFA) as part of a new framework dubbed App Tracking Transparency (ATT). The IDFA has been traditionally used by companies and marketers to keep tabs on individuals between different apps in order to serve tailored ads and monitor how their ad campaigns performed.

For example, imagine scrolling through your Instagram feed, and you see an ad for a smartphone. You don't tap the ad, but instead, you go on Google, search for the same smartphone you saw on Instagram, and buy them.

Once this purchase is made, the retailer records the IDFA of the user who bought the phone and shared it with Facebook, which can then determine whether the ID corresponds to the user who saw an ad for the smartphone.

Click to see full version

With the new changes, it's no longer possible for apps and third-party partners to accurately measure the effectiveness of their ads without asking explicit permissions from users to opt-in to being tracked using the identifier as they hop from one app to the other, a move that has riled up Facebook and others that sell mobile ads who heavily rely on this identifier to help target ads to users.

The development comes as tech giants including Apple, Google, Amazon, and Facebook have come under heightened regulatory and privacy scrutiny in the U.S. and Europe for having amassed immense market power and for their collection of personal information, leading to the formation of new data protection laws aimed at safeguarding user privacy.

On Wednesday, France's competition regulator rejected calls from advertising companies and publishers to block ATT on antitrust grounds, stating that the privacy initiative "does not appear to reflect an abuse of a dominant position on the part of Apple," but added it would continue to investigate the changes to ensure that "Apple has not applied less restrictive rules" for its own apps, signaling how measures designed to protect user privacy can be at odds with regulating online competition.

It's worth noting that Google has separately announced plans to stop supporting third-party cookies in its Chrome browser by early 2022 while emphasizing that it would not build alternate identifiers or tools to track users across the web.

Advertisers Test New Tool to Circumvent ATT

But that hasn't stopped advertisers from trying workarounds to sidestep iOS privacy protections, setting them once again on a collision course with Apple.

According to the Financial Times, the Chinese Advertising Association (CAA) has developed an identifier called the China Anonymization ID (or CAID) that's aimed at bypassing the new Apple privacy rules and allow companies to continue tracking users without having to rely on IDFA.

"CAID has the characteristics of anonymity and decentralization, does not collect private data, only transmits the encrypted result, and the encrypted result is irreversible, which can effectively protect the privacy and data security of the end user; the decentralized design allows developers to be more flexible Access to meet business needs," a Guangzhou-based ad-tech firm called TrackingIO explained in a now-removed write-up.

"Because CAID does not depend on Apple IDFA and can generate device identification ID independently of IDFA, it can be used as an alternative to device identification in iOS 14 and a supplementary solution when IDFA is not available," it added.

While CAID is yet to be formally implemented, the tool is said to be currently under testing by some of China's largest technology companies, including ByteDance and Tencent, with "several foreign advertising companies have already applied on behalf of their Chinese divisions," per the report.

It remains to be seen if Apple will green-light this proposal from the CAA, which is said to be "currently actively communicating" with the Cupertino-based company, with the report claiming that "Apple is aware of the tool and seems to have so far turned a blind eye to its use."

"The App Store terms and guidelines apply equally to all developers around the world, including Apple," the iPhone maker told FT. "We believe strongly that users should be asked for their permission before being tracked. Apps that are found to disregard the user's choice will be rejected."