Comment by rcoder
2 days ago
Fingerprinting devices once you’re installed on them isn’t much harder than doing so in a web browser.
Have Instagram installed on your phone? Great, now every Meta-owned app _or advertiser running on their platform_ has a pretty good shot at identifying you based on IP, location, app usage, etc.
There is a ton of signal about identity available just by virtue of running alongside other apps. Screen size, OS version, and IP are pretty good proxies for unique identity, especially if all you care about is _probable_ matches.
My understanding was that it's very difficult to reliably fingerprint iOS devices. Apple limits access to identifiers and specifically disallows fingerprinting. For this application of tracking people, you'd need decent reliability or you'd just get noise.
And no, I don't have any Meta published apps on my phone for exactly the reason you outline. I'm very aware of how IDFV and IDFA work.