All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Researcher breaks AppLovin's ad mediation encryption, finds device re-identification possible despite ATT denial

By

lmbbuchodi

16d ago· 8 min readenInsight
Bagel score 75 of 100
75/100
Toasty
Bagelometer

Toasted to a respectable shade. No regrets, no crumbs left.

Score75TypeanalysisSentimentnegative

Summary

A security researcher reverse-engineered and broke the encryption protocol AppLovin uses for its ad-mediation traffic. By decrypting thousands of real bid requests captured from a consented research panel, the researcher found that the encrypted payload contains enough device data to deterministically re-identify the same iPhone across apps from different publishers — even when the user has denied App Tracking Transparency (ATT). This data reaches AppLovin and roughly 12 downstream ad networks every ~30 seconds per banner load, undermining the assumption that ATT alone protects user privacy.

Key quotes

· 3 pulled
The encrypted bid request carries enough device data to deterministically re-identify the same iPhone across apps from different publishers, even when user denies ATT.
That payload reaches AppLovin plus around 12 downstream ad networks on every banner load, every ~30 seconds, for as long as the user is playing.
The assumption that ATT is the only privacy safeguard is fundamentally broken.
Snippet from the RSS feed
I broke the cipher AppLovin wraps around its ad-mediation traffic and decrypted several thousand real requests captured on my consented mobile-traffic research panel. The conclusion is straightforward: The encrypted bid request carries enough device data

You might also wanna read

Circle Freezes $12.6M in USDC From Zama Privacy Contract Following Federal Court Order

Circle blacklisted a smart contract associated with Zama's privacy protocol on May 30, freezing approximately $12.6 million in USDC followin

news.bitcoin.com·7h ago

Biometric technology: Balancing convenience with security and privacy risks

This article examines the growing integration of biometric technology into daily life, covering both physiological (fingerprints, faces, iri

theconversation.com·20h ago

Online Privacy Risks for Abortion Seekers After Roe v. Wade Overturned

Following the Supreme Court's overturning of Roe v. Wade, individuals seeking abortion care face risks of their online data being collected

advancingjustice-aajc.org·1d ago

FROST attack uses browser API to spy on browsing activity via SSD timing measurements, researchers find

Security researchers at Graz University of Technology have published a paper describing FROST (Fingerprinting Remotely using OPFS-based SSD

tomshardware.com·1d ago

NETGEAR Launches Nighthawk M7 Pro Mobile Router with Wi-Fi 7 and Global 5G

NETGEAR has launched the Nighthawk M7 Pro, a portable mobile router that combines Wi-Fi 7 speeds up to 5.8Gbps with 5G connectivity up to 6G

comps.marieclaire.co.uk·1d ago

Apple partners with Google to bring Gemini AI to iPhone for revamped Siri

Apple is working with Google to integrate the Gemini AI model into the iPhone to power a new, enhanced version of Siri. The AI-powered Siri

arstechnica.com·2d ago