The ad identifier — also known as “IDFA” on iOS or “AAID” on Android — is the key that enables most third-party tracking on mobile devices. Turning it off makes it significantly more difficult for advertisers and data brokers to track and profile you, and limits the amount of your personal information for sale.
This post explains the history of device advertising identifiers and how they have enabled persistent tracking, identification, and other privacy intrusions.
But one after anonther. To revoke tracker access to your Ad ID right now:
open that settings app and navigate to privacy > To sue. Beat “Delete advertising ID‘, then tap it again on the next page to confirm. This will prevent any app on your phone from accessing it in the future.
Android deactivation is available on Android 12, but may not be available on older versions. Instead, here’s how you can reset your Ad ID and ask apps not to track you:
Apple requires apps to do this ask for permission before they can access your IDFA. When you install a new app, you may be asked for permission to track you.
Choose “Ask the app not to track‘ to deny him IDFA access.
To see which apps you’ve previously granted access to, go to settings > privacy > persecution. The menu should look like this:
Here you can disable tracking for individual apps that have previously received approval. Only apps authorized to track you can access your IDFA.
You can do the “Allow apps to request tracking“Switch to”out of” position (the slider is on the left and the background is gray). This will prevent apps from asking for tracking in the future. If you’ve given apps permission to track you in the past, you’ll be prompted to ask for it those Apps to stop tracking as well. You also have the option to grant or revoke tracking access per app.
Apple has its own targeted advertising system, separate from the third-party tracking it enables with IDFA. Go to to disable settings > privacy > Apple ad:
Set the “Personalized Ads“Switch to”out of” position to opt out of Apple’s ad targeting.
In the early days of smartphones Trackers used static device identifiers – the “Unique Device Identifier” (UDID) on iOS and the “Android ID” on Android – to track users across apps. These identifiers were unique, persistent, and often obtained by third parties without the user’s knowledge or consent.
This has rightly been seen as a user privacy issue. A 2010 investigation from the Wall Street Journal revealed the extent of the problem and in 2011 thereafter a series of exploratory questions by US Congressmen began Apple Restricting access to the UDID.
The industry had already started to rely on data collection tied to UDID, and Trackers struggled to adapt to the change. Then, in 2012, Apple tacitly introduced the Identifier for Advertisers (IDFA).. IDFA was almost identical to the UDID it replaced: it was a globally unique identifier available by default for all apps. The biggest difference was that IDFA could be reset – although this was only possible if users knew what to look for. Apple also allowed users to turn on a setting called “Limit Ad Tracking.” This sent a signal to apps Ask them not to followbut it didn’t really affect the apps ability to access IDFA.
Android followed in 2013, which introduces the Android Advertising Identifier (AAID). Like Apple, Google has made its identifier available to all apps by default without special permission. It also allowed users to reset their ad identifier but not restrict access to it or delete it.
In 2016, Apple updated Limit Ad Tracking to set the IDFA to a string of zeros – delete effectively. This gave users an effective, technical opt-out of IDFA tracking for the first time.
2021 introduced Apple App tracking transparency (ATT), which requires apps to obtain positive consent before they can track users with IDFA or any other identifier. This had one tremendous impact on the tracking industry. While previously about 20% of users chose to opt-out of tracking (meaning 4 out of 5 were “opted out”), after the change, the vast majority of users have chosen not enable tracking. Presets are important.
Meanwhile Android finally started rolling out a way for users to disable their Ad ID. Also, since April 1, 2022, Android developers must request a separate permission to access the Ad ID. However, this is treated as a “normal” permission, which means users won’t see a pop-up asking for their consent. Despite the Ad ID’s central role in enabling third-party tracking, the developer docs explain that this type of permission applies to data that poses “very low risk to user privacy.” In other words, Android’s Ad ID is still displayed on an opt-out basis, and users must make every effort to protect their privacy on the platform.
Google in February also stated that the ad ID will eventually be completely discontinued. There are plans to bring a version of the Privacy Sandbox framework to mobile devices to support behavioral advertising “without reliance on cross-app identifiers”. But Google assured developers it wouldn’t change anything significant about the ad ID for “at least two years.”
Why it matters
The ad identifier is a string of letters and numbers that uniquely identifies your phone, tablet or other smart device. It exists for one purpose: to help companies track you.
Third-party trackers collect data about the apps on your device. With the ad ID, they can link data from different sources with an identity of you. Additionally, because every app and tracker sees the same ID, data brokers can compare notes about you. Broker A can buy data from Broker B and then use the Ad ID to link these two sets of data together. The Ad ID is simply the key that enables a whole host of privacy breaches: invasive third-party profiling Facebook and Google, Pseudoscientific psychographic targeting by policy advisors such as Cambridge Analytica and US military location tracking.
Sometimes participants in the data pipeline will argue that the ad ID is anonymous or pseudo-anonymousnot “Personally Identifiable” Information, and imply that it does not pose a serious threat to privacy. This is not the case in practice. First, the Ad ID is often used to collect data that is obviously personally identifiable, such as: B. detailed location data. If you can see where a person works, sleeps, studies, socializes, worships, and seeks medical help, you don’t need their email address to identify them. And second, a entire industry exists to help trackers associate ad IDs with more directly identifying information, such as email addresses and phone numbers. In a vacuum, the ad ID might be anonymous, but in the context of the tracking industry, it’s a ubiquitous and effective identifier.
Disabling this ID makes it significantly more difficult for most advertisers and data brokers to track you. These industries process data from millions or billions of users every day and rely on handy technologies like ad ID to enable this kind of scaling. Removing this tool from their toolbox results in significantly less data that can be linked to you in the wild. Not only is this beneficial for your privacy, but it also makes the surveillance advertising industry less profitable. And don’t take our word for it: Facebook said Apple’s app tracking transparency feature would do this reduce the company’s sales by approximately $10 billion in 2022.
But while it’s a good first step, removing your ad ID won’t stop all tracking. If you’re concerned about a specific privacy-related threat to yourself or someone you know, check out our other resources, including Digital safety and privacy tips for those involved in abortion access. You can also check out the EFF guides on Surveillance Self Defense including Personal security plans, Participation in a protest actionand Privacy on mobile. These resources are organized into playlists like this one for Reproductive health professionals, seekers and advocates.