Hello all, Apple's introduction of the App Tracking Transparency (ATT) framework with iOS 14.5 in April 2021 limited the usage of the identifier for advertisers (IDFA) for identifying users/devices across apps of different developers/publishers/vendors (simply “developers” henceforth). But developers can still use the identifier for vendors (IDFV) to identify users/devices within their apps. My questions are as follows, and I highly appreciate any help: How do I know which apps belong to which developer, enabling that developer to use IDFV to identify users/devices within their apps? Is the developer — listed on an App Store’s webpage — a vendor? Thus, enabling the developer/vendor to identify users/devices within the apps it owns as a vendor? For example, the displayed developers of "Facebook" and "WhatsApp" are different. Does this difference imply these two developers cannot use the IDFV to identify users across "Facebook" (https://apps.apple.com/de/app/facebook/id284882215) and "Whatsapp" (https://apps.apple.com/de/app/whatsapp-messenger/id310633997) (I am aware that they can use other methods to identify users uniquely)? Do you believe that Apple’s introduction of the ATT led developers to merge with other developers to identify users via IDFV across more apps? Kind regards Lennart

Hi All, There was a new policy introduced by Apple to allow users to initiate account deletion within the application to provide users greater control. It is also stated that it’s insufficient to only provide the ability to temporarily disable or deactivate an account. People should be able to delete the account along with their personal data. If user deletes his/her account within the application, should we erase all information related to user in the server also? Or is it fine to disable the login and whenever he/she login back, can we fetch user's information with confirmation of email or an OTP kind of feature. Since deletion of user's information from the server is a irreversible process and once deleted cannot be fetched in future. Kindly please assist on this. Your help is much appreciated

I need more information about AppTrackingTransparency. I see in the official documentation section overview "if your app collects data about end users and shares it with other companies for purposes of tracking across apps and web sites". So, if user disallow that permission we as developer can't share an event or anything to third party like MoEngage, AppsFlyer, Rudderstack, Amplitude, and etc right? But, I see in MoEngage article https://www.moengage.com/blog/ios-14-reshape-mobile-marketing when user disallow that permission we just can't get IDFA. But, I think we still have tracking user behavior or activity without IDFA. So, we still can track user behavior or activity via event tracked. Anyone can help me about this? Thank you.

Hi there, I'm interested in understanding how to solve the following scenario: having AppTrackingTransparency implemented, let's assume that the user has denied the app to track. At some point, the app presents the user a webpage (WKWebView), which provides additional functionalities to the app. How should the app inform the webpage that tracking must be disabled? Is there any way to force the WKWebView to disable tracking? I've read this post. So I know that redirecting the user to Safari, therefore outside of the app, is an alternative solution. And according to this answer on stack overflow doing something like self.webView.configuration.processPool.perform(Selector(("_setCookieAcceptPolicy:")), with: HTTPCookie.AcceptPolicy.never) is not allowed and the application will be rejected. Does anyone have any suggestions?

Currently developing a vehicle rental App in flutter for iOS/Android. Our business has an affiliate system whereby affiliates are assigned a unique QR Code for app downloads. When a new user scans QR Code, the system needs to not only direct/attribute that App Store download to the affiliate, but also any rentals the user makes should attribute a % of rental fees to the affiliate. How exactly can this be done? How can we link that user’s app/purchase activity to the affiliate? i should say these aren’t exactly ‘In-App’ purchases. Any rental transaction is routed through a stripe-like payment processor.

Hi, we are trying to put our App into App Store but experiencing issues because we don't know how to proceed with the feedback "Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing" (see below) We do not use App Tracking but in our app we have iFrames from the web platform, where a cookie banner is shown and asking for permission (responsive). We tried to add the App Transparency Pop Up and even made it mandatory to use the app, but still got rejected. Should be probably hide the cookiebanner for App iframes and add Add Tracking Transparency Pop Up? Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing We noticed your app accesses web content you own where you collect cookies. Cookies may be used to track users, but you do not use App Tracking Transparency to request the user's permission before collecting data used to track. Starting with iOS 14.5, apps on the App Store need to receive the user’s permission through the AppTrackingTransparency framework before collecting data used to track them.  Next Steps If you do not collect cookies for tracking purposes on iOS, remove the cookie prompts or revise them to clarify you do not track users.  Otherwise, follow these steps to resolve this issue: 1. If you haven't already, update your app privacy information in App Store Connect to disclose that you track users. You must have the Account Holder or Admin role to update app privacy information. 2. Implement App Tracking Transparency. 3. Request permission using App Tracking Transparency before collecting data used to track the user. When you resubmit, indicate in the Review Notes where the permission request is located. 4. If the user does not allow tracking, do not collect cookies for tracking purposes.  You may also choose to remove the tracking functionality from your app, including tracking that occurs when accessing web content.

Hi, we are looking to launch our app really soon and we are having debates whether enable ATT or not. On one hand, ATT tracking is significant for our paid campaigns success. On the other hand, we don't want our users to get the feeling they are being tracked. So I wonder, if we can disable ATT consent prompt to Apple Search Ads users only. I mean, we're still getting attribution from App Store for ASA, so why not disable the popup... Does anyone know if you can somehow disable ATT per specific media channels? Thanks in advance

Scenario. App used a 3rd party SDK. 3rd party SDK will not communicate with other companies but just used IDFA to show ads and analytics for the app that it is integrated with. This will comes under the Case where App dose not need to ask permission. What happens in this case if i call for IDFA api. will it return All 0's or a proper Value?

I checked these sites. https://developer.apple.com/app-store/user-privacy-and-data-use/ https://developer.apple.com/app-store/app-privacy-details/#user-tracking I would like to know more information about IDFA. Who assigns IDFA value to where (ex. Apple to the device or Apple to the user Apple ID) And I want to know what information an app with tracking permission can know. ex. Email address, gender, age, etc... Where can I find out what kind of data is being shared by allowing tracking permissions? Apple developer support service was not helpful.

We're looking forward to completing our review, but we need more information to continue. Your app uses the AppTrackingTransparency framework, but we are unable to locate the App Tracking Transparency permission request when reviewed on iOS 15.4.1. Next Steps Please explain where we can find the App Tracking Transparency permission request in your app. The request should appear before any data is collected that could be used to track the user. If you've implemented App Tracking Transparency but the permission request is not appearing on devices running the latest OS, please review the available documentation and confirm App Tracking Transparency has been correctly implemented. If your app does not track users, update your app privacy information in App Store Connect to undeclare tracking. You must have the Account Holder or Admin role to update app privacy information. Resources Tracking is linking data collected from your app with third-party data for advertising purposes, or sharing the collected data with a data broker. Learn more about tracking. See Frequently Asked Questions about the requirements for apps that track users. Review developer documentation for App Tracking Transparency.

Hello folks, In one of my app we have used Facebook AutoLogAppEvents (app installed & app active) for analytics purpose. My question is should we ask user to enable Tracking Transparency permission request? (also for your KT we're not used Facebook AdvertiserTracking)

I'm using a webview for the UI of my application, this uses a cookie for the login process. This cookie is only for handling the login and isn't used for advertising, tracking or sharing with third parties. My store submission is failing because the application doesn't show the App Tracking Transparency prompt. My understanding from reading the documentation is this is required if you're tracking the user through multiple apps/websites and/or passing that data to third parties or for targeted advertising. The application does none of these things, therefore from the documentation I shouldn't need to show the App Tracking Transparency prompt. Is it the case that the use of cookies at any point for any reason within a web view within an application require the use of the App Tracking Transparency prompt, as I feel this should have been highlighted within the documentation if this is the case?

Apple Rejects my update with this: Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing The app privacy information you provided in App Store Connect indicates you collect data in order to track the user, including Coarse Location. However, you do not use App Tracking Transparency to request the user's permission before tracking their activity. Starting with iOS 14.5, apps on the App Store need to receive the user’s permission through the AppTrackingTransparency framework before collecting data used to track them. This requirement protects the privacy of App Store users. Next Steps Here are two ways to resolve this issue: If you do not currently track, or decide to stop tracking, update your app privacy information in App Store Connect. You must have the Account Holder or Admin role to update app privacy information. If you track users, you must implement App Tracking Transparency and request permission before collecting data used to track. When you resubmit, indicate in the Review Notes where the permission request is located. -- Now, since my app doesn't really tracking anything, as I told them, I went on and removed NSUserTrackingUsageDescription. How am I supposed to undeclare tracking in the privacy section IF even when submitting a new build the App Store Connect will keep referring to the live version of the app.

Hi, Dose anyone know how to request permissions from the user, the code bellow should produce a popup window asking for permission from the user. But I get the error further bellow saying it "can not connect". Is there anyway to get connected to CloudKit(or check to see if CloudKit is connected)... or how do I get past this error.. I have reset the CloudKit Environment... I made a new Xcode project, and made a new CKContainer... tried different Simulators and also reset the Simulator and also down graded my xCode to see if a different version would work... but nothing changes... just the same error...over and over and over... :0( Code: CKContainer.default().requestApplicationPermission([.userDiscoverability]) {  [weak self] returnedStatus, returnedError in             DispatchQueue.main.async {                 if returnedStatus == .granted {                     self?.permissionStatus = true                     print("Granted")                 }                  if returnedStatus == .couldNotComplete {                     print("Could Not Complete")                     print("(String(describing: returnedError))")                 }                 if returnedStatus == .denied {                     print("Denied")                 }             } Debug Screen Returns the following: Is Signed In To iCloud Could Not Complete Optional(<CKError 0x6000038b11d0: "Internal Error" (1/1000); "Received a didCompleteWithError without an error but no response body where one was expected">)

An iOS application of ours we develop for a client was recently rejected as it was claimed we violate Guideline 5.1.2. The App Review team's justification was: We noticed your app accesses web content you own where you collect cookies. Cookies may be used to track users, but you do not use App Tracking Transparency to request the user's permission before collecting data used to track. The App Review team included a screenshot of our client's website which they had navigated to via a button found in our client's SSO login flow. Their main website has a cookie policy which seems to be the cause of the rejection. Clearly our client's main website should not be accessible via their SSO login flow but this opens a wider question and concerns from our client. We open the SSO login flow within an ephemeral ASWebAuthenticationSession. The documentation of which states: Set prefersEphemeralWebBrowserSession to true to request that the browser doesn’t share cookies or other browsing data between the authentication session and the user’s normal browser session. https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession/3237231-prefersephemeralwebbrowsersessio We interpret that and the fact that there is no API on ASWebAuthentication to extract cookies from it into the hosting iOS app to mean that we do not store cookies in our iOS app and are therefore not in violation of Guideline 5.1.2. We also assume the same thing applies to SFSafariViewController (which we also use to sometimes display pages from our client's website which, to reiterate, has a cookie policy). It's documentation states: The user's activity and interaction with SFSafariViewController are not visible to your app, which cannot access AutoFill data, browsing history, or website data https://developer.apple.com/documentation/safariservices/sfsafariviewcontroller After having read the documentation we see no reason why accessing a website with a cookie policy within either an ephemeral ASWebAuthenticationSession or an SFSafariViewController would warrant the hosting app to include App Tracking Transparency. I am assuming that due to the nature of these APIs (as they do not give cookie access to the hosting app) that they are exempt. Could someone please either: Provide documentation that states if an ephemeral ASWebAuthenticationSession or an SFSafariViewController accesses a website with a cookie policy App Tracking Transparency is required. or Confirm that we are not in violation of of Guideline 5.1.2 and we should appeal the rejection. Many thanks

Hi Everybody! I need help about Tracking Transparency. I can add it, it work number one. But I don't know why, the key "Privacy - traking Usage Description" always disappear with some apps from info.plist. I always need to check if it still there before archive. It look like if it affect apps with multi-languages. I add it in info.plist, I test, all work fine, I archive, but Apple denied my app because it miss the privacy key. I go back in xcode and it mysteriously disappear. Someone can explain me why please??? Thank you for your help.