A user IDFA emerging from an iPhone

App Tracking Transparency and IDFA in iOS 14.5

Lesezeit
11 ​​min

Starting with the launch of iOS 14.5, apps have to request authorization from the user in order to access the Identifier For Advertiser (IDFA) of the device (opt-in). Until now, access to IDFA was allowed by default (opt-out). This has a big impact on the app ad and attribution industry.

In June 2020 Apple announced the App Tracking Transparency (ATT) feature for iOS 14 in addition to some other privacy features. Apps must now request permission to access the IDFA. When iOS 14 was released in September 2020 the activation of the ATT feature was postponed to 2021 to give the developers enough time to make the necessary changes.

The IDFA is a persistent identifier for apple devices such as iPhones used to track users across websites and apps. It is used to deliver personalized ads (ad targeting) and track the installs of apps that were made by clicking on an advertisement in the browser or another app.

The ATT feature becomes visible to app users when the app requests permission for tracking:

Depiction of a smartphone with an active tracking request.

If the user does not grant permission for tracking the app cannot access the IDFA. In this case, when accessing the IDFA a zeroed IDFA (IDFA00000000-0000-0000-0000-000000000000) would be returned instead of a real IDFA such as IDFA01234523-AE57-4C7E-A293-7C97B8A3A5D0.

The app tracking can also be configured in the settings (Privacy -> Tracking) via app or globally.

Depiction of tracking and privacy options on a smartphone

The ad industry and app developers assume that the majority of users will not grant permission for app tracking and that this will have a major impact on advertising on the iOS platform.

What is the impact of ATT

If your app is monetized with advertising  you can expect a loss of revenue: It is assumed that only about 20% of the users will give permission for tracking. For users who do not choose to opt-in, the advertising will no longer be as well personalized as before (because there is little or no data on history, interests and activities). This will make advertising less efficient.

Ad attribution providers e.g. Adjust or Appsflyer have so far used the IDFA as an attribution tool. In simple terms attribution is the assignment of a click on an advertisement to an install and what the user does after landing in the app. See this article by Adjust for more details on app attribution. Without the IDFA the attribution providers will have to switch to other, less precise methods. With SKAdNetwork Apple offers an alternative to the app install attribution which does not reveal the user identity.

What are the alternatives?

For apps that work with a login (such as Google or Facebook login), it is possible to track the user across sessions in the browser and other apps that also use the login. This means that good targeting is still possible. Some app developers will likely switch their monetization model to a pay once or subscription solution. This would accommodate Apple, as they withhold between 15 – 30 percent per sale as commission. With SKAdnetwork Apple offers an option for app install attribution:

SKAdNetwork

SKAdNetwork was introduced by Apple in 2018. With SKAdNetwork conversion rates of app install campaigns can be measured while protecting the privacy of the user. Ad networks need to register with Apple and developers need to customize their apps to work with the registered ad networks. Before ATT, SKAdNetwork did not receive too much attention which is now changing significantly (because if the tracking permission is not granted by the user, SKAdNetwork can be used to track campaign level installs).

And this is how it works (simplified representation):

  1. An ad is clicked and the App Store app opens on the iPhone and displays the advertised app. When you click on the ad, publisher, adNetworkId and the campaignId are transferred to the App Store
  2. If the conversion is successful, the App Store sends the Ad Network a notification with an adNetworkId, campaignId and a conversionValue that can be set by the advertised app. This notification is sent after 24 hours at the latest and does not contain any device or user identifying information. Since the app store is leading the process, the advertised app has no information about the original ad and the publisher. The Ad Network only knows that an app install has taken place for a user and protects the privacy of the user.

Apple provides good documentation for SKAdNetwork in which the functionality is described in detail.

Preparing your App for ATT

Keep your 3rd party SDKs up to date

Update all 3rd party SDKs that access the IDFA and make the adjustments. (e.g. Ad SDKs such as AdMob or Attribution/Business Intelligence SDKs such as Adjust). Many SDKs have already been converted to the SKAdNetwork API. For this purpose a SKAdNetworkIdentifier usually has to be entered under SKAdNetworkItems in the info.plist.

Check whether the IDFA is really needed

Double check whether you really need the IDFA. If possible, it is better not to use the IDFA. Requesting authorization for tracking does not improve the user’s trust in your app.

Adapt your code to the AppTrackingTransparency framework

  1. Add the NSUserTrackingUsageDescription entry to the info.plist file with an explanation of why the app would like permission for app tracking (e.g. „This identifier will be used to deliver personalized ads to you.“)
  2. At a suitable point call requestTrackingAuthorization (completionHandler :) to present the app-tracking authorization request to the user.
  3. Determine the current tracking status with trackingAuthorizationStatus

For details see the AppTrackingTransparency documentation.

The following code shows how to request tracking permission:

import AppTrackingTransparency
import AdSupport
...
func requestTrackingPermission() {
        if #available(iOS 14, *) {
            ATTrackingManager.requestTrackingAuthorization { status in
                switch status {
                case .authorized:
                    // Tracking authorization dialog was shown
                    // and permission is authorized
                    print("Authorized")
                    // IDFA is accessible
                    print(ASIdentifierManager.shared().advertisingIdentifier)
                case .denied:
                    // Tracking authorization dialog was
                    // shown and permission is denied
                    print("Denied")
                case .notDetermined:
                    // Tracking authorization dialog has not been shown
                    print("Not Determined")
                case .restricted:
                    // A restricted condition means the device does not prompt for
                    // tracking authorization when requestTrackingAuthorization(completionHandler:) is called,
                    // nor is it displayed when the NSUserTrackingUsageDescription is triggered. Also, on
                    // restricted devices, the Allow Apps To Request To Track setting is disabled and cannot be
                    // changed. This setting allows users to opt in or out of allowing apps to request user
                    // consent to access app-related data that can be used for tracking the user or the device.
                    print("Restricted")
                @unknown default:
                    print("Unknown")
                }
            }
        }

At which point should you ask for permission?

Finding the right moment to ask the user for tracking permission is the key to getting as many IDFA opt-ins as possible. A good approach is to display a pre permission prompt during onboarding before the iOS popup for the tracking permission appears. In this way you can explain to the user what the permission is required for. You may have to adapt the onboarding here so that it also works for existing users who have already completed the onboarding.

Don’t do this!

On the user privacy and data use website Apple explains what is not allowed when requesting tracking permission in apps:

  • gate functionality on agreeing to allow tracking, or incentivize users to agree to allow tracking in the app tracking transparency
  • use an identifier other than the IDFA (for example, a hashed email address or hashed phone number) to track that user
  • fingerprint or use signals from the device to try to identify the device or a user

Even if Apple cannot check this for every app: In the event of a violation, the app can be removed from the app store or the associated developer account can be blocked.

Finally

iOS 14.5 with IDFA opt-in will have a strong impact on app marketing.  However, for users it is a step towards a little more privacy which we should embrace. With SKAdNetwork, Apple offers an alternative to measuring App Install campaigns which will gain in importance. There are also rumors that Google is already working on an anti-tracking privacy measure for Android. It will be interesting to see what answers the ad industry will find.

Are you looking for support in your app development process? Have a look at our offerings!

Hat dir der Beitrag gefallen?

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Ähnliche Artikel