iOS 14.5 Data Usage and User Tracking — In-Depth Understanding

Santosh Botre
7 min readApr 11, 2021

--

Update: (07 May 2021) “Few applications are started showing the popup to tell the users that what is the purpose of tracking user and why they should allow it .”

Be transparent about what you are trying to do and let the user decide.

Update: (27 April 2021) “Don’t offer incentives for granting the request,” writes Apple, with developers unable to “offer people compensation for granting their permission.” Developers also cannot “withhold functionality or content or make your app unusable until people allow you to track them.”

In the past few months, there has been a lot of talk and controversy around Apple’s new Tracking Transparency API.

January 27, 2021 is Data Privacy Day @ Apple.

Apple talked about giving more control over their data.

Privacy is always the top priority in the Apple ecosystem. Last year, as part of iOS 14, Apple launched many important privacy features to give more informed decisions about their data.

Apple has release a new guidelines to the Application Developers to provide information about the data application is collecting needs to be declared on the AppStore page. And starting versions of iOS 14.5, iPadOS 14.5, and tvOS 14.5, app’s will be required to ask users for their permission to track them across apps and websites owned by other companies.

Two in particular have the potential to make a big difference in helping users protect their privacy.

  1. Apps Describing Data Usage: In simple words, companies have to be transparent to the users about the kind of information the application will capture before the user decides to download the application.
  2. Asking Permission to Track: The application requires the user’s run-time permission before tracking the user and its data across apps or websites owned by other companies.

I will be explaining the above points in detail going forward.

However, before that, we need to understand the distinction between collecting user data vs. tracking user data. You will get the clarity as this article progresses.

The applications will be collecting user data yet not necessarily be tracking the users out of your ecosystem.

👉 User Data Collection

Each application directly or indirectly collects the user data. i.e., personal information, what they do, interaction with the app, likes/dislikes, engagement with the app, its features, device information which user is using, and whatnot.

  • Signup
  • Analytics
  • Crash Service
  • Feedbacks
  • Logging, etc. The most used logging frameworks to date seem to be SwiftyBeaver and CocoaLumberjack.

👉 User Tracking

Map the particular user against the data collected and use that data to provide a personalized experience to the same user in different applications, websites, or many other different routes.

  • Personalise Ads
  • Personalise Offers
  • Promotions
  • Recommendation/promotional SMS and Emails, etc.

1. Describing Data Usage on AppStore Page

App publishers must provide information about the privacy data getting capture and tracked by the application directly or indirectly.

The application AppStore product page will look like below,

The above page clearly going to help any user to know the kind of data an app may collect and whether the information is used to track them or is linked to their identity or device.

We as a publisher, solely responsible for giving transparent information to our users. However, how to do that?

Before taking any action on App Store Product Page, we need to get clear answers for below questions,

  1. Whether you and/or your 3rd party partners collects data?
  2. What type of use data ?
  3. Is your apps to track users ?
  4. If so, which data is used for what purpose?

Hint: Indirect tracking by 3rd party services like Application Analytics Service, Crash Log Service, Advertisement/Monetization Service, A/B Testing, Performance Monitoring and Logging to Cloud, etc.

Hint: Apps opt-out of this privacy under below criteria,

1. The data is not used for tracking purposes.

2. The data is not used for 3rd party advertising, marketing, and other purposes.

3. Collection of data is only in in0-frequent cases and not part of your app’s primary functionality and optional for the users.

4. Data is getting collected from the user by presenting the User Interface and filled by the user with transparency to the user at the time of collection, e.g. feedback form where the user’s name, account name displayed while submitting.

Once you have all possible information on data collected in your application let’s Add App privacy details on the App Store.

Step 1: Login to the App Store Connect and Go to My Apps

Step 2: App Privacy

Select the Application you are planning to upload or update. In the left side menu section. Go to App Privacy and Hit Get Started.

App Privacy Section on App Store Connect

Step 3: Is App Collecting Data?

Make appropriate choice and hit Next.

Accept data collection confirmation

Step 4: Declare what type of data getting collected?

The App Store Connect Data Collection Page you just have to ✅ the appropriate data categories and type.

App Store App Privacy Page View

Step 5: Make correct choices and hit Save.

You will land to page as shown below.

Step 6: Setup the detailed information about all the data collection types you opt-in for.

Example: Your application uses below mentioned Firebase services,

  • Firebase Crashlytics
  • Firebase Performance Monitoring
  • Google Analytics
  • Flurry Analytics etc.

Step 7: Tap on Set Up Crash Data / Tap on Set Up Performance Data

Setup Crash Data

Step 8: Select Analytics and App functionality and hit Next.

The mostly likely the purpose of having analytics service integrated into the application to improve the app quality.

Step 9: Repeat the ‘step 7 onwards’ to setup all the categories and data type your application is going to collect

You have declared the user data which your application will capture. And all the users can take a look at it before downloading the application.

App Privacy on appstore product page is complete!!

Now you have declared the user data the application will collect directly or indirectly by the 3rd party SDKs integrated into the application.

The million-dollar question is, Should all the applications start asking permission to track by showing consent popup to their users?

Let’s try to understand,

NEWS: Starting with iOS 14.5, an application needs to receive the user’s permission through the AppTrackingTransparency framework to track the user by collecting user information, user behavior, application behavior, or access their device’s advertising identifiers(IDFA), etc.

Almost all the apps have application analytics included in their application to provide quality apps to the end users. What should they do? Should they blindly ask the user consent?

Wait…

Let’s try to understand; what tracking means? When does it qualify as user tracking?

In case any of the Tracking criteria fits to your application from the above list. Then your app has to request the user authorization to access app-related data for tracking the user or the device. i.e., App Tracking Transparency using the AppTrackingTransparency Framework.

Many 3rd part product might be asking for Device Advertising Identity.

A Quick way to know, Is it asking to add Ad.framework into the project?

If answer is YES, it’s tracking the user.

Take a quick look popular 3rd party affected services,

@ Affected Firebase products

@ Flurry Analytics is unaffected by these changes

2. Asking Permission to Track

Step 1: Add NSUserTrackingUsageDescription key in the Information Property List (Info.plist) and value will be a purpose string that informs the user why an app is requesting permission to use data for tracking the user or the device.

Step 2: Add AppTrackingTransparency.framework to your project.

Step 3: Request Tracking Authorization

Step 4: Request Tracking Permission

Only allow application ecosystem to track the user based on collected data only and only if user permit to do so.

How to verify you have access to IDFA?

ASIdentifierManager.shared().advertisingIdentifier.uuidString

It will return 0000–0000–0000–0000–0000 if you deny the permission to track.

Best way to access the IDFA is,

!!!! Happy Coding !!!!

Your likes are important to me!!!

--

--

Santosh Botre
Santosh Botre

Written by Santosh Botre

Take your time to learn before develop, examine to make it better, and eventually blog your learnings.

No responses yet