Last fall, Apple announced new app guidelines requiring users to be prompted for, and consent to, data collection in mobile apps prior to it taking place as part of the feature set of iOS14. They would later go on to delay the rollout of the AppTracking Transparency Feature in order to give developers more time to make their apps compliant.
However, Apple has not been idle since granting this delay. In early December, the first phase completed and became public facing as of the iOS 14.3 update. Apps are now required to disclose via a privacy disclosure (displayed on the download page) the types of data the app collects (including whatever 3rd party SDKs the app may have).
The second phase of this effort, taking effect as of iOS14.5 (currently in late beta stages) would be for the operating level system prompt to be added to mobile apps prior to data collection.
While there has been some question on how aggressive Apple would be in enforcing the requirements, I feel based on recent events there should no longer be any question that they will remove apps in violation from the app store.
Back in March, companies inside of China began to experiment with the ‘CAID’ (China Advertising ID) as a method of bypassing the new requirements by leveraging fingerprinting of the device characteristics and applying probabilistic matching in order to track users who do not agree to the prompt.
On March 18th, according to the Financial Times. Apple hit two of these companies with violation letters, telling them to bring the apps into compliance within 14 days, or face removal from sale.
This action was followed on April 1st, in Apple baring several developers from updating their apps as reported by Forbes. In this instance it dealt with the inclusion of a 3rd party SDK which handles attribution. The vendor was Adjust who followed up with their own statement (and SDK update) on the following day.
This week, on April 5th, Apple again reminded developers to ensure their apps are ready for iOS 14.5 and AppTrackingTransparency. The note goes on to specifically mention that fingerprinting the user is a violation of the Apple Developer Program License Agreement. Which is likely a reference to the recent above mentioned actions.
If the last few weeks have shown anything it’s that:
- Apple has the ability to detect bypass attempts both in the app itself, and in 3rd party SDKs which may be included.
- Apple will bar apps from updating if they are violation until they can pass review.
- Apple will delist apps that do not come into compliance.
- Apple wants developers to give users a choice, and they must do so via the AppTrackingTranspency Framework.
- We’re very close to public rollout of iOS 14.5
Brands with mobile apps on the AppStore are rapidly running out of time to bring their apps into compliance. In house, or external code – it does not matter- the app can be found in violation from 3rd party code which was included as part of the submission. Developers are encouraged to review their SDKs and dependencies to avoid being caught off-guard.
Marketing teams should prep as well, as users who opt out of data collection won’t be tracked. This could end up resulting in dramatic shifts in attribution and advertising efforts on the Apple ecosystem going forward. You are encouraged to think about how that will affect marketing plans now and going forward, as it’s a matter of when, not if, these changes will come to the platform.
We’re already past the typical release timeline for iOS updates. Tim Cook, Apple’s CEO says that we’ll see AppTrackingTranspency within a few weeks. This will hit before the end of April in nearly all certainty, and then we’ll have to see who is still in the App Store come the end of May.