Apple set the entire mobile advertising market on edge last year when it announced the pending enactment of its new privacy policy for the App Store. From now on, app developers are required to seek users’ permission to track their devices for advertisers (yes, that’s the controversial IDFA). The new deal, delayed several times, was finally enacted at the beginning of this year.
This piece will talk about how the new policy has impacted the marketplace, and it also covers what has changed in its wake for users, developers, and advertisers. We will also tell you how to fill out the data collection questionnaire form to ensure your app passes the App Store review with flying colors.
In this article, we discuss at length what constitutes personal data as such, what the difference is between the GDPR and CCPA, and how to add them to enabled features in your app. In short, personal data is any information that can identify the user. Personal data laws may differ in minor details, but their general purport is the same: lawmakers are now very serious about protecting users’ data.
Apple puts a tremendous emphasis on user data protection in its products. A portion of every Apple presentation is always devoted to privacy. Apple became particularly uptight on privacy following the recent web leak of some personal photos of celebrities. Apple denies the leak, admitting only that some iCloud passwords were stolen. Such mishaps are detrimental to a company’s image and goodwill toward it. With this consideration in mind, FunCorp made a firm commitment to security years ago.
With iOS 14, Apple has introduced several significant changes that concern users and developers alike and have entailed some new requirements. The requirements are mandatory for those who wish to pass the review and make it into the Apple Store.
They have named these novelties App Tracking Transparency. App Tracking Transparency is a framework that helps the developer tell users how their personal data — gender, age, IDFA, IP address, and other information — are being used. The framework is of two parts: one part for users, the other for developers.
Now every user can see which app uses personal data: this info is displayed in designated forms on every app’s page. Here is what they look like:
If the developer intends to collect any user data, they are under an obligation to inform you (e.g., iFunny will request access to the Gallery for the user to upload images).
A manual questionnaire form has to be completed to authorize this, specifying which will use data and to what end. Since December 8, 2020, Apple no longer accepts new apps to its App Store unless this form has been filled out.
Let’s see how to fill out this form correctly, step by step.
— Open the form. You can find it in the App Privacy section on App Store Connect.
— Answer the question of whether your app will be collecting personal data.
If your answer is “yes,” you will have to identify the specific data types you or your partners intend to collect in the following box.
You have the option not to identify the data if the following conditions are met:
The data is not being used for user tracking purposes (more on this in App privacy details on the App Store)
The data is not being used for advertising/marketing purposes (more on this in App privacy details on the App Store)
Data collection does not occur on an ongoing basis, is not part of the app’s primary functionality, and is optional
The user has expressly given their data over via the app interface, and it has been made clear to the user how their data will be collected and to what end.
— Specify the purpose of collection individually for each data type.
It is essential to clarify whether the data are personalized and whether they are used for tracking purposes:
Identified or personalized data are the opposite of depersonalized, anonymized data. They may be linked to a user or device ID
Tracking implies the transmission of data to third parties for advertising purposes or the use thereof for advertising purposes
That’s pretty much it. The questionnaire information will be displayed on the app page where users can see it.
The framework gets technical: you write and call up a specified API in the code to ask the user express permission to use their data. In the following piece, we will talk at greater length about how to do this in your app.
The data tracking alert feature, which first appeared in iOS 14.5, is now compulsory for all developers: you cannot get an IDFA without it.
IDFA (The Device Identifier For Advertisers) is an anonymized unique identifier given to advertisers for them to track and identify your device.
The alert in our iFunny app
The use of this window is currently mandatory for all: no IDFA will be assigned without it.
You may have noticed that most apps nowadays give you a pop-up alert when first activated requesting permission to track. If you tap: “Ask not to track,” the advertisers will no longer receive the IDFA of your device.
Important note: The ads in your app will not go away. They will only stop being “targeted.”
SKAdNetwork is an IDFA-free direct install attribution framework introduced purposely for interaction with users who decline to allow activity tracking.
The advertiser generates a unique ID that developers then embed in their app to enable targeted advertising via this framework. The ID will be communicated to the advertising networks as necessary.
For users:
Quite simply: better privacy and security of their data. Apple has a video clip that eloquently demonstrates the benefits of the IDFA.
How does this make you feel about giving your consent for tracking?
For developers:
Developers who use IDFAs and earn from advertising ought to prepare for the eventuality that their user audience may decline following the introduction of the IDFA. The more the user audience shrinks post-IDFA, the lower their advertising income per view.
It is, therefore, essential to focus on propagating user loyalty in the hope that users will be more inclined to give their tracking consent. Many tricks have been used for IDFA requests to maximize user consent for tracking, and we, for one, have tried a cute cat image.
The IDFA request experiment in our iFunny app
Some developers will program for pre pop-ups. In the first screen that pops up, they request permission to use the IDFA; otherwise, they will no longer support the unrestricted use of the app. The second screen that comes up is the Apple alert. Everyone has to find their solution for maximizing consent while this is still legal.
Pre pop-up in a Facebook app
For the advertising market: Earnings were expected to shrink. But nothing has changed globally: advertisers have started to buy out IDFA-free traffic. The market itself has taken care of everything, the fears have been allayed, and in reality, incomes have not dropped.
The procurement naturally had to be adjusted somewhat, but it’s not a problem. Traffic purchasing has to be reallocated in favor of IDFA-free traffic. For example, if the number of iOS users with IDFA shrinks, we have to buy more on the Android side.
For other players:
Facebook and AppsFlyer have started updating their SDKs (Source Development Kits), adding App Tracking Transparency support features.
Facebook, for one, has embedded its implementation feature, the standalone Limited Login button. Whereas a regular login collects all user data, a limited login collects none. Eventually, if the user allows tracking, they will use one control and another.
A developer’s app may get rejected if they fail to correctly disclose their data, use the information, and acquire IDFA tracking capability. In other words, if you state that personal data will be collected/used but fail to make the appropriate request, your review for the App Store may fail.
Following in Apple’s footsteps, Google has announced that similar changes are in store for Android users and developers: the advertiser ID may become unavailable by the end of 2021 if the user withholds consent for personalized advertising.
Similar changes have been implemented on Android: an identical setting has been added, disables tracking. The only difference is that Google will give no alert at launch: the features are on by default, and you can disable them in the system settings.
A heads-up. Our following report will deal with the technical side of App Tracking Transparency implementation: how to implement the frameworks inside an app, request an IDFA, add support for Facebook Limited Login, and enable SKAdNetwork.