Apple's Opaque ATT

Apple’s privacy changes—especially App Tracking Transparency (ATT)—didn’t stop tracking so much as break one of the main pipes used to connect identity across apps. 

That forced ad networks (including Meta and others) to rebuild their systems around weaker, more indirect signals.

Here’s what actually changed.

1) What ATT actually did

App Tracking Transparency requires apps on iOS to ask:

“Allow this app to track your activity across other companies’ apps and websites?”

If the user says no, the app cannot access the IDFA (Identifier for Advertisers).

That matters because IDFA used to be:

• a stable device-level advertising ID

• shared across apps

• resettable but persistent enough for long-term tracking

So ATT effectively:

• cut off the easiest cross-app identity connector on iPhones

2) What got broken (significant disruption)

A) Cross-app tracking collapsed

Before ATT:

• App A knows you installed App B

• Both apps can share the same advertising ID

• Ad networks stitch behaviour together easily

After ATT (if user opts out):

• no shared IDFA

• apps can’t directly recognise the same device across apps

👉 This severely weakened:

• behavioural profiling across apps

• ad retargeting across different apps

• deterministic mobile identity graphs

B) Attribution became less precise

Ad platforms could no longer reliably answer:

“Did this ad on App A lead to purchase in App B?”

So measurement shifted from:

deterministic tracking → probabilistic estimation

C) Identity graphs lost a major “hard link”

Companies like Meta Platforms relied heavily on mobile cross-app identifiers.

ATT removed one of the cleanest edges in their identity graph:

• fewer direct device-to-device links

• more guesswork needed

What DIDN’T get broken

This is the important part.

A) First-party data is untouched

If you log into:

Instagram

Facebook

YouTube

Google services

Tracking still works because:

• identity is known at the server level

• no advertising ID is needed

So logged-in tracking remains extremely strong.

B) On-device signals still exist

Even without IDFA:

• device model

• OS version

• IP patterns

• app usage behaviour

• time-based signals

..still allow probabilistic matching.

So systems moved from:

“we know it’s the same device”

to:

“we’re 80–95% sure it’s the same device”

C) Web tracking still works outside apps

ATT only affects apps on iOS.

So:

• Safari browsing

• desktop browsing

• non-iOS devices

still use:

• cookies (where allowed)

• fingerprinting

• login-based identity

D) “SKAdNetwork” replaced direct tracking (partially)

Apple introduced SKAdNetwork, which:

• reports conversions in aggregate

• delays and anonymises data

• limits user-level visibility

But:

It still allows basic attribution just with reduced precision and delay

How ad companies adapted (the big shift)

After ATT, companies like Google and Meta shifted strategy:

A) From deterministic → probabilistic matching

Before:

“This exact device clicked and purchased”

Now:

“This group of devices likely includes converters”

They rely more on:

• statistical modelling

• aggregated signals

• machine learning inference

B) Heavier reliance on first-party data

Companies now push:

• login systems

• email-based identity

• account ecosystems

Because:

if users log in, ATT doesn’t matter

C) Server-side tracking increased

Instead of browser/app sending everything:

• websites send events directly to ad servers

This avoids some OS-level restrictions.

D) More fingerprinting and modelling (indirectly)

Even though Apple restricts fingerprinting:

• some signals still exist in aggregate

• ad networks rely more on “behavioural similarity” than device IDs

The net effect (important summary)

ATT:

• broke cross-app deterministic tracking on iOS

• reduced precision of ad attribution

• forced industry-wide redesign of mobile advertising

But did NOT eliminate:

• identity graphs

• behavioural profiling

• logged-in tracking

• cross-device inference

• household-level modelling

Before ATT:

“We track the device directly”

After ATT:

“We infer the device probabilistically from weaker signals”

So the system didn’t stop tracking—it became:

less exact

more statistical

more reliant on large-scale modelling

App Tracking Transparency didn’t kill tracking—it removed the cleanest identifier, forcing companies like Meta Platforms and Google to shift from deterministic identity to probabilistic identity graphs.