“The Sell Sider” is a column written by the sell side of the digital media community.
Today’s column is written by Gavin Dunaway, product marketing lead at The Media Trust.
While the ad tech world is still reeling over news that Apple is building out a DSP, the company made an announcement that might have digital advertising ramifications sooner.
The forthcoming iOS 16, iPadOS 16 and macOS Ventura software updates introduce Lockdown Mode, a “groundbreaking security capability” that protects users from sophisticated digital threats like “highly targeted cyberattacks from private companies developing state-sponsored mercenary spyware.”
But will large groups of Apple users embrace Lockdown Mode to ward off persistent digital tracking and threats (cough, cough – malware)? Will publishers and ad platforms suddenly find their iPhone, iPad, and Mac impressions have fallen off a cliff because Lockdown Mode is disabling ads?
While Lockdown Mode can protect consumers from illicit activity and unwanted tracking, it’s designed for a specific group of individuals that’s vulnerable to attacks. Plus, it can impact functionality in a way that most users won’t tolerate. What should worry the advertising industry, however, is the potential for Apple to make a more mainstream version of the new feature.
Drastic measures for big targets
Lockdown Mode seems to be a direct response to the NSO Group’s Pegasus cyber-spying software, used by state actors to snoop on political dissidents, activists and even government officials. Aptly described as “extreme, optional protection,” Lockdown Mode shores up existing Apple device and software security by laying down strict limits on many device and software functions:
- To prevent potential user tracking, Complex JavaScript routines – WebAssembly, MP3 Playback, JPEG 2000 and PDF Viewer – are halted unless a site is excluded from Lockdown protections.
- Attachments in messaging are blocked, and link previews are disabled.
- Wired connections with computers, devices, and accessories are blocked when an iPhone is locked.
According to Apple, these measures “sharply [reduce] the attack surface that potentially could be exploited by highly targeted mercenary spyware.”
Lockdown can also protect consumers from existing malware strains in the digital ecosystem, particularly ones that use JavaScript and other disabled features. And yes, that also means Lockdown will affect the loading and execution of benign ads.
However, it seems unlikely most Apple users will go into Lockdown precisely because it’s simply too drastic. Halting common JavaScript greatly curbs website functionality, slowing down and even breaking pages. Tests by software engineer Alex Louis suggest Lockdown can diminish browser performance by 65% to 95%.
Apple has clearly explained that Lockdown Mode is intended for a limited group of individuals—those that are most likely to be targeted by foreign governments or other attackers. But all digital consumers can be targeted by bad actors via digital advertising. It’s just that this level of protection against cyberattacks also makes for terrible user experience. Leaving Lockdown enabled for long periods of time simply isn’t practical for the majority of consumers, who will not want to go through the hassle of disabling and reenabling the feature.
Device-level protection for the masses?
Lockdown Mode is probably the strongest defense against web-based malware developed for a major consumer product. And if it truly protects spyware targets, the success of Lockdown may encourage Apple to build a more lightweight version to protect all consumers against malware (especially the ad-delivered variety) and data tracking.
“Big companies can be slow to roll out higher security features,” Citizen Lab Senior Researcher John Scott-Railton said on Twitter. “Yet after they toe-dip as opt-in, they often realize some of these features are also possible for their whole user base.”
That kind of device-level protection may cause a lot of ad breakage and lost monetization opportunities. And we know Apple won’t hesitate—the company has already shown its willingness to disrupt the third-party advertising status quo through Advanced Tracking Transparency (ATT) and Intelligent Tracking Protection (ITP).
Apple has done a great service by enabling Lockdown Mode for activists, political dissidents and other parties that could be targeted by Pegasus-style spyware. But it’s on publishers, platforms and other organizations to ensure the digital ecosystem is safe – and high-functioning – for the masses. We need to get moving … before Apple decides to take care of these problems at the device level.
Follow The Media Trust (@TheMediaTrust) and AdExchanger (@AdExchanger) on Twitter.
For more articles featuring Gavin Dunaway, click here.
