Apple didn’t just “boost privacy.”
It re-engineered the internet in ways that broke attribution for marketers, analysts, and ad platforms.
Here’s how it happened, step by step.
2021: iOS 14.5, The IDFA Kill Switch
Apple introduces App Tracking Transparency (ATT).
What changed:
– Apps must now ask users to track them across apps/websites.
What broke:
– App install attribution became unreliable.
– Meta, Snap, TikTok, and others lost visibility on post-click behavior.
– Retargeting shrank. Lookalike audiences weakened.
2022: iOS 15 – Apple Mail Privacy Protection (MPP)
Apple targets email tracking in Apple Mail.
What changed:
– Apple preloads all email content via proxy servers.
– Email opens are triggered whether or not a user actually reads the email.
– IP addresses are hidden.
What broke:
– Open rates became inflated and unreliable.
– Location- and device-based personalization no longer worked.
– Open-based automations and A/B testing lost effectiveness.
Important nuance:
MPP only affects email opened in the Apple Mail app (not the Gmail app or browser-based clients).
But Apple Mail still accounts for 30–40% of all email opens.
2023: iOS 17 – Link Tracking Protection (LTP)
Apple begins automatically stripping tracking parameters from URLs in key apps.
What changed:
– Parameters like utm_source, utm_medium, gclid, fbclid, etc. are stripped in:
Safari Private Browsing
– Apple Mail
– Messages
What broke:
– Attribution through UTMs and auto-tagging became unreliable in these environments.
– Google Ads, Meta Ads, and email platforms lost click-through tracking for affected users.
– Funnel tracking and source/medium breakdowns in GA4 began to degrade.
Important nuance:
– Standard Safari (non-private mode) still allows tracking parameters for now.
2025: iOS 26 – Fingerprinting Cracked Down
Apple escalates its privacy war by attacking browser fingerprinting and expanding tracking protection.
What changed:
– Safari now blocks fingerprinting by default.
– No more using canvas, screen size, GPU info, installed fonts, or CPU cores to infer identity.
Link tracking stripping continues in:
– Safari Private Browsing
– Apple Mail
– Messages
What broke:
– Advanced attribution tools that relied on fingerprinting (even with consent) now fail in Safari.
– UTM-based tracking becomes unusable for email traffic and private browsing sessions.
– Google Ads and Meta Ads lose attribution signals on all traffic from these sources.
Important nuance:
Apple has not yet rolled out link stripping in standard Safari mode, but Safari’s share of privacy-mode traffic is growing, especially on mobile.
