That’s not true. They could use differentially private on-device joins using anonymously downloaded ad data. Or they could securely aggregate the results. Or both.
Can you elaborate? I see an ad in the News app, then click on it and make a purchase from Clash of Clans in the App Store. Apple needs to charge Clash of Clans for the conversion. How do they do it?
Apple knows that I bought the app (they charged me for it).
In order to charge Clash of Clans for the conversion, my phone needs to connect to Apple and send them a record of the ad click. What if clicking on that ad and buying the app are the only thing I ever did on the phone? There’s nothing to aggregate locally, and Apple knows they got the conversion data from me.
Perhaps the claim is that my phone is going to send all these records to Apple, and Apple is just going to do the right thing and run programs that do the business without letting any of their people look at anything they aren’t supposed to look at (they could internally accomplish this by differential privacy, rigorous internal controls, etc). That’s the same claim Google and everyone else is going to make.
That's not at all how adtech works. You cannot download all activity between ad supply (website/app/etc) and advertisers and every vendor in the middle onto your device for some joins.
You misunderstand, completely. A device needn't download all activity, or indeed download anything additional at all. It knows which ads it clicked on and it knows the conversion signal for each ad the user saw. It can thus easily count the user's conversions on the device, then privately aggregate the result with its peers using secure multi-party computation (or a secure enclave).
Even the ads can be anonymously downloaded using a shuffler/mixer, such that nobody knows which ads out of the universe of ads the device chose to target the user with.
