After iOS 14, iPadOS 14, and tvOS 14, the app will need to receive the user’s permission through the AppTrackingTransparency framework to track users or access the device’s advertising identifier. If we do not recompile our app to use the new framework, then IDFA is disabled.
In response to IDFA’s restrictions, each app should be recompiled and run normally on Xcode 12 as soon as iOS 14 and others go live. An app that doesn’t contain the NSUserTrackingUsageDescription key that explains how to use IDFA will crash because it attempted to access privacy-sensitive data without a usage description.
iOS 14 and others only allow each app to request for opt-in once. If the user rejects, that decision will be permanent unless the app is uninstalled and then reinstalled.
However, if the user turns off the setting (privacy -> tracking), the previous description won’t be displayed, and the AppTrackingTransparency framework responds “denied” directly. Without the permission of app tracking, IDFA will be 00000000–0000–0000–0000–000000000000.
More than just IDFA
Opt-in permission is required from the user for any track. “Tracking” refers to targeted advertising, measurement of advertising, and all data sharing to a third party.
For example, we have placed a third-party analytics SDK in our app that combines user data from our app and other corporations’ apps to target advertising or measure advertising efficiency, even if we don’t use the SDK for these purposes.
This asking permission to track is roughly equivalent to the opt-in consent standard used for GDPR that Apple introduces a compulsory consent manager for all apps with ads.
Evidence of combining data between companies without the user’s opt-in consent would be grounds for Apple to reject a publisher’s app from the App Store.
Is any way to bypass this extra opt-in if we already got consent on the web for the same user? The Apple policy is pretty clear that we must use their AppTrackingTransparency framework to request permission.
When the user declines permission for tracking, we are not allowed to share the user’s identity or other personal information between the app and the content within the web view, unless the same corporation also owns the web view content. It may rule out third-party advertising demand, which relies on showing third-party served ads using an in-app web view.
Also, iOS 14 introduced a “reduced accuracy” location. We should mention losing location data, but more of the location data that we do get will have reduced accuracy.
How do we work around this? No, we can’t. Like GDPR, we have to follow the rules. We must adapt our advertising and tracking platforms to support in-app monetization when users decline permission.
As Flurry Bog said,
Given our experience with GDPR and similar privacy controls, we anticipate opt-in rates will be at or below 20%.
