Make sure your apps are ready for iOS 14.5, iPadOS 14.5, and tvOS 14.5. With the upcoming public release, all apps must use the AppTrackingTransparency framework to request the user’s permission to track them or to access their device’s advertising identifier. Unless you receive permission from the user to enable tracking, the device’s advertising identifier value will be all zeros and you may not track them.
When submitting your app for review, any other form of tracking — for example, by name or email address — must be declared in the product page’s App Store Privacy Information section and be performed only if permission is granted through AppTrackingTransparency. You’ll also need to include a purpose string in the system prompt to explain why you’d like to track the user, per App Store Review Guideline 5.1.2(i). These requirements apply to all apps starting with the public release of iOS 14.5, iPadOS 14.5, and tvOS 14.5 by skadnetwork 2.2.
As a reminder, collecting device and usage data with the intent of deriving a unique representation of a user, or fingerprinting, continues to be a violation of the Apple Developer Program License Agreement..
User Privacy and Data Use
The App Store is designed to be a safe and trusted place for users to discover apps created by talented developers around the world. Apps on the App Store are held to a high standard for privacy, security, and content because nothing is more important than maintaining users’ trust. In order to submit new apps and app updates, you need to provide information about some of your app’s data collection practices on your product page. And starting with the beta versions of iOS 14.5, iPadOS 14.5, and tvOS 14.5, you’ll be required to ask users for their permission to track them across apps and websites owned by other companies.
Describing How Your App Uses Data
The App Store better helps users understand an app’s privacy practices before they download the app. On each app’s product page, users can learn about some of the data types an app may collect, and whether the information is used to track them or is linked to their identity or device.
In order to submit new apps and app updates, you must provide information about your privacy practices in App Store Connect. If you use third-party code — such as advertising or analytics SDKs — you’ll also need to describe what data the third-party code collects, how the data may be used, and whether the data is used to track users.
Asking Permission to Track
Starting with iOS 14.5, iPadOS 14.5, and tvOS 14.5, you’ll need to receive the user’s permission through the AppTrackingTransparency framework to track them or access their device’s advertising identifier. Tracking refers to the act of linking user or device data collected from your app with user or device data collected from other companies’ apps, websites, or offline properties for targeted advertising or advertising measurement purposes. Tracking also refers to sharing user or device data with data brokers.
Examples of tracking include, but are not limited to:
- Displaying targeted advertisements in your app based on user data collected from apps and websites owned by other companies.
- Sharing device location data or email lists with a data broker.
- Sharing a list of emails, advertising IDs, or other IDs with a third-party advertising network that uses that information to retarget those users in other developers’ apps or to find similar users.
- Placing a third-party SDK in your app that combines user data from your app with user data from other developers’ apps to target advertising or measure advertising efficiency, even if you don’t use the SDK for these purposes. For example, using an analytics SDK that repurposes the data it collects from your app to enable targeted advertising in other developers’ apps.
The following use cases are not considered tracking, and do not require user permission through the AppTrackingTransparency framework:
- When user or device data from your app is linked to third-party data solely on the user’s device and is not sent off the device in a way that can identify the user or device.
- When the data broker with whom you share data uses the data solely for fraud detection, fraud prevention, or security purposes, and solely on your behalf. For example, using a data broker solely to prevent credit card fraud.
Using the AppTrackingTransparency Framework
To request permission to track the user and access the device’s advertising identifier, use the AppTrackingTransparency framework. You must also include a purpose string in the system prompt that explains why you’d like to track the user. Unless you receive permission from the user to enable tracking, the device’s advertising identifier value will be all zeros and you may not track them as described above.
While you can display the AppTrackingTransparency prompt whenever you choose, the device’s advertising identifier value will only be returned once you present the prompt and the user grants permission. Use the purpose string to explain what this data will be used for to help the user understand what they’re opting in to share. If the user allows apps to request to track, but has turned tracking off for your app, you can ask the user to change their preference for your app by providing a shortcut to Settings where they can change the tracking permission.
The ID for Vendors (IDFV), may be used for analytics across apps from the same content provider. The IDFV may not be combined with other data to track a user across apps and websites owned by other companies unless you have been granted permission to track by the user.
For more information, see: