Skip to content

WWDC Roundup

Published by Cory Underwood on June 27, 2020

This past week Apple had its World Wide Developer Conference (WWDC) and some major privacy announcements were released.  Leading up to the event, the prevalent thinking was that Apple would phase out support for the IDFA (ID for Advertisers) that helps power the App-Advertising Ecosystem.  I personally expected to hear the next adjustments to the Intelligent Tracking Prevention system present in Safari.  Both of these were not quite correct, and the announcements they did make had a clear theme – lock down Mobile Application based tracking and promote User transparency.

With this in mind, Apple sought to do this via promotion of it’s pillars of privacy:

  1. On Device Processing
  2. Data Minimization
  3. Security and Protection
  4. User Transparency and Control.

For analytics and advertising, it’s the 3rd and 4th pillars that really will ultimately have an impact on the mobile ecosystem.  Let’s take a look at the major aspects of what’s to come this fall.

It is important to note that the clock is now running and if the following scenarios apply to you you will need to update your Mobile App prior to the upgrade this fall.  This may mean you have to adjust previously defined roadmaps to devote time to working through the scenarios and what they mean for your business or marketing efforts.

Declaring Data Collection on the App Store

Starting in Fall of 2020, Apple plans to require apps present on the App Store to describe on the app page the following:

  • A Privacy Policy (existing requirement)
  • The types of data collected
  • The types of data shared to external parties.

This is done via a questionnaire done as part of the App Store submission.  The Application publisher will be required to answer questions such as:

  • What data do you collect?
  • How is that data used?
  • Is that data linked to a particular user or device?
  • Do you use this data to track users?

Which per the videos, will look something like this once in the App Store

As a result, Apps will have to be up front about data collection practices with users to comply with the new policies.  This will be shown in the app store on all platforms.  The net effect here is it promotes privacy, but asking for too much, unneeded data may result in fewer App downloads at best, or negative PR at worst.  

SDKs are part of your app as well

Should the app contain 3rd party SDKs, such as Analytics SDKs, you will also need to declare what data is collected, and how it is used. 

Promoting Transparency In App

That’s a scary picture – but it’s coming to the Apple platforms this fall.

What’s happening here is that prior to engaging tracking logic, you will need to prompt in App for permission.  The majority of the prompt is standardized, but it does allow App developers to submit a string to explain what exactly they are doing.  This is not optional, it will be a new App Store Policy.

Apps will be required to display this prompt prior to sending tracking data across apps and websites owned by other companies.  For example this will include the following scenarios:

  • Targeted Advertising
  • Advertising Measurement
  • Sharing with Data Brokers

It applies to all kinds of tracking information, for example:

  • User ID
  • Identifier for Advertising (IDFA)
  • Device ID
  • Fingerprint ID
  • Customer Profile

You will not need to prompt under the following conditions:

  • If the linking and analysis is done exclusively on the device.
  • Data is shared with a data broker – but only for fraud protection or security, but only if it’s for your benefit, not the data brokers.

Note:  To engage the framework the App must be built against iOS14/iPadOS14.  If that does not happen, the IDFA will return all zeroes when requested.

IDFA Adjustments

The IDFA is the identifier used by advertisers to track a specific device.  Should the feature be disabled, a string of zeros is returned inside the identifier.  In iOS 14 and iPadOS 14, this identifier will be locked behind the above tracking approval prompt.  

Global Disable 

In the settings for the operating system, users will be able to disable all tracking requests without being prompted.  You will need to consider what happens if a user disallows tracking, or removes previously granted permission.

Intelligent Tracking Prevention

I fully expected them to further lock down data collection inside of Safari, but I was not prepared for what the actual announcement was.

They are adding ITP Protocols to the WebView controller.  

Effectively, this means that all browsers, all hybrid apps, and all in app browser windows (such as in social media) will be subject to the ITP protocols going forward. This is due to the fact that all such software has to use the Webview controller, which will have the features enabled by default. This is only able to be disabled by the user and the app will have no access to read or change this setting.

Thankfully, Apple also released a list describing the current shipping behaviour.  

However, this means all the impact we saw in throughout 2019 when Safari rolled out ITP 2.1, will apply to every browser on the platform.  This means:

  • 3rd party tracking on iOS / iPad OS is effectively dead on the platform unless the user agrees via the Storage Access API.  
    • This will affect Attribution, Targeting and Remarketing efforts across the platform.
  • Sites which have not adapted to the ITP limitations will now see the impact across the entire Apple Mobile segment in reporting.
  • We’ll likely see surges of new users and a reduction in retention cross browser on for the Apple Mobile segment.
  • Shifting to 1st party where possible / required will become a focus.

Upgrading for Fall

So what is the game plan before fall?   There’s sadly not much time, but much to be done.

Apps

  • Identify the Data Collected and Why (including relevant SDKs) and review your privacy policies.
  • Work to understand data flows, and what the behaviour should be if a user disallows tracking.
  • Work to understand when and where you should prompt for tracking.
  • Work to understand the impact to advertising, analytics,  identification or other business functions when that data becomes less available due to the user declining tracking.
  • Implement the required code changes and build against the new operating system versions.
  • Test the refactored app.

Web

  • Review the guidance for ITP based on the explainer
  • Review the impact from 2019 when Safari deployed these changes, model what that impact would be if all iOS/iPadOS traffic displayed this behavior.
  • Seek to modify / adjust website behavior as needed to comply with the restrictions.
  • Evaluate functionality to see what the impact is to sub-systems should data become unavailable, or more volatile.

The technical aspects of the above, while time consuming can be fairly straight forward.  The impact on the Analytics and Marketing plans is more subjective and some companies will be affected more than others.  I recommend spending time evaluating what data you need and why, then adjusting as required in light of the new transparency requirements.  You’ll want to take time to understand how your current analytics and marketing efforts are impacted by these broad scale changes to the Apple ecosystem.

If Apple follows the trend, we’ll likely see deployment of these changes in Mid-September through Mid-October 2020 timeframe.  That means there isn’t a whole lot of time to work out the changes prior to the Christmas season and it may result in modification of your existing roadmaps for development work.

In closing – if the Apple mobile segment is important for your business, this needs to become a priority so that you are not blindsided this fall when the Apple ecosystem changes in fundamental ways.

Edit: Corrected API Name to Storage Access API for dealing with 3rd party data

Published inBrowser UpdatesPrivacySecurity