TL;DR
Apple's App Tracking Transparency (ATT), introduced with iOS 14.5, forces apps to request permission before sharing tracking identifiers. Choosing 'Ask App Not to Track' prevents access to a device's IDFA at the system API level, but other tracking methods like IP-based identification and device fingerprinting remain possible.
What happened
In 2021 Apple rolled out App Tracking Transparency, requiring apps to request user consent before sharing data for cross-app tracking. The ATT prompt offers two choices: permit tracking or select 'Ask App Not to Track.' When users pick the latter, apps are blocked from reading the Identifier for Advertisers (IDFA) through Apple's API, interrupting the straightforward linking of behavior across multiple apps and sites. That change substantially reduced the share of U.S. users who could be tracked by advertisers — from roughly 73% before ATT to about 18% more recently. However, the system-level block does not eliminate all data collection. Developers can still tie activity together using information the user supplies (email, phone number) or by relying on IP addresses and the increasingly common practice of device fingerprinting. Advertisers have adapted, moving toward fingerprinting and contextual ad strategies, which are less effective than IDFA-based cross-app profiles but still commercially valuable.
Why it matters
- Gives users a meaningful way to stop apps from accessing the system IDFA, curbing easy cross-app profiling.
- Significantly reduced the portion of users available for cross-app ad targeting, reshaping mobile ad economics.
- Doesn't fully stop tracking: alternative methods such as IP correlation, contact details, and device fingerprinting persist.
- Advertisers shifted tactics (e.g., contextual ads), so privacy gains depend on continued technical and policy enforcement.
Key facts
- App Tracking Transparency (ATT) was introduced in iOS 14.5 (2021) and requires developer permission to track users across apps and websites.
- ATT prompts typically ask: 'Allow [app name] to track your activity across other companies' apps and websites?' with options to Allow or Ask App Not to Track.
- Selecting 'Allow' grants apps access to user-linked data such as age, gender, location, usage patterns, purchases, browsing habits, and which ads were clicked.
- Choosing 'Ask App Not to Track' blocks an app's access to the device's IDFA at the system API level.
- Apple's wording uses 'Ask' because it cannot detect or prevent tracking done via other identifiers developers may obtain (email, phone) or network data (IP).
- Before ATT, about 73% of U.S. users were trackable by advertisers; that share dropped to roughly 18% after ATT's rollout.
- Major ad-dependent companies experienced large revenue impacts (the source cites an estimated $12.8 billion loss for Meta in 2022).
- Device fingerprinting increased on mobile after ATT; it collects attributes like screen size, OS version, time zone and other device signals.
- Apps also moved toward contextual advertising—targeting based on in-app behavior rather than cross-app profiles.
What to watch next
- Growth and sophistication of mobile device fingerprinting techniques and measures to counter them.
- Wider adoption of contextual advertising and first-party data strategies by app developers and ad networks.
- not confirmed in the source
Quick glossary
- App Tracking Transparency (ATT): An Apple privacy framework that requires apps to request user permission before tracking activity across other companies' apps and websites.
- IDFA (Identifier for Advertisers): A unique device identifier provided by Apple to let advertisers link user behavior across apps for targeting and measurement.
- Device fingerprinting: A tracking method that identifies devices by combining many attributes (e.g., screen size, OS version, time zone) to create a persistent identifier without using an official ID.
- Contextual advertising: Ad targeting that relies on the content or behavior within a single app or page rather than aggregating data across multiple apps or sites.
- System API: A set of operating system interfaces apps use to request services or information from the device; ATT blocks IDFA access via the system API.
Reader FAQ
What happens when I choose 'Ask App Not to Track'?
The app is prevented from accessing your device's IDFA through Apple's API, which blocks a primary method used for cross-app tracking.
Does 'Ask' mean Apple only requests apps not to track?
Apple uses 'Ask' because it cannot detect or stop tracking that happens using data you supply (email, phone) or network identifiers like IP addresses.
Has ATT reduced tracking overall?
Yes — the share of U.S. users trackable by advertisers dropped from about 73% before ATT to around 18%, though other methods persist.
Are advertisers still able to target users effectively?
Advertisers adapted by increasing device fingerprinting and contextual advertising; these alternatives are less ideal than IDFA-based cross-app profiles but still commercially used.
Here are six exciting Apple product launches to look forward to in 2026 Michael Burkhardt Dec 27 2025 PRIVACY APP STORE SECURITY BITE Security Bite: What ‘Ask App Not to…
Sources
- Security Bite: What ‘Ask App Not to Track’ actually does
- If an app asks to track your activity
- Don't Want Your Apps to Track You? Disable This One …
- Surviving the iOS 14 and Cookie Apocalypse
Related posts
- Roomba Broadens Matter Support, Adds HomeKit to Several Vacuums
- Samsung Members app failing for many Galaxy users; Samsung says fix underway
- Ford Reiterates Ongoing Support for Apple CarPlay in Future Vehicles