App Store is paying more and more attention to the privacy and non-disturb protection of users in providing users with a safe and reliable platform, so that they can discover wonderful applications from all over the world. Apps on the App Store follow high standards in terms of privacy, security, and content. In order to submit new applications and application updates, developers need to provide information on certain application data collection practices on the product page. Starting with the beta versions of iOS 14.5, iPadOS 14.5, and tvOS 14.5, apps will need to ask for permission from users to track them across apps and websites owned by other companies.
Describe how your app uses data
App Store can better help users understand the privacy practices of apps before downloading apps. On the product page of each application, users can learn about certain types of data that the application may collect, and whether that information is used to track them or is associated with their identity or device.
In order to submit new apps and app updates, you must provide information about your privacy practices in App Store Connect. If you use third-party code (such as advertising or analytics SDK), you also need to describe what data the third-party code collects, how the data is used, and whether the data is used to track users.
Request Permission to Tracking
Starting with iOS 14.5, iPadOS 14.5 and tvOS 14.5, you need to obtain user permission through the AppTrackingTransparency framework to track them or access the advertising identifier of their device. Tracking refers to the behavior of linking user or device data collected from your application with user or device data collected from other companies’ applications, websites or offline attributes for targeted advertising or advertising evaluation purpose. Tracking also refers to sharing user or device data with data agents.
Examples of tracking include but are not limited to:
- Display targeted advertisements in your application based on user data collected from applications and websites owned by other companies.
- Share device location data or email lists with data agents.
- Share a list of emails, advertising IDs, or other IDs with third-party advertising networks, and the list uses this information to relocate these users or find similar users in other developers’ applications.
- Place a third-party SDK in your application. Even if you do not use the SDK for these purposes, you can combine user data in the application with user data in other developers’ applications to target advertisements or measure advertising efficiency. For example, use the analytics SDK to repurpose the data collected from your application to enable targeted advertising in other developers’ applications.
The following use cases are not considered tracking and do not require user permission through the AppTrackingTransparency framework:
- If the user or device data in your app is only linked to third-party data on the user’s device, it will not be sent from the device in a way that can identify the user or device.
- When the data agent you share data with uses the data only for fraud detection, fraud prevention or security purposes, and only on your behalf. For example, only use data proxies to prevent credit card fraud.
Use AppTrackingTransparency framework
To request permission to track users and access the device’s advertising identifier, use the AppTrackingTransparency framework. You must also include the purpose string in the system prompt to explain why you want to track users. Unless you have the user’s permission to enable tracking, the device’s advertising identifier value will be all zeros, and you may not be able to track as described above.
Although you can choose to display the AppTrackingTransparency prompt at any time, the device’s advertising identifier value will only be returned after you prompt and obtain the user’s permission. Use the purpose string to explain this data will be used to help users understand what they choose to share. If the user allows the application to request tracking, but has turned off the tracking of your application, you can ask the user to change their preferences for the application by providing a shortcut to “Settings”. You can change the tracking permissions in “Settings”.
Vendor ID (IDFV) can be used to analyze applications from the same content provider. Unless you have been granted user tracking permissions by IDFV, IDFV may not be combined with other data to track users across other company-owned applications and websites.
People also like to ask: