I keep getting my iOS app submission rejected by apple with the following message:
Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing
The app privacy information you provided in App Store Connect still
indicates you collect data in order to track the user, including User
ID and Product Interaction. However, you do not use App Tracking
Transparency to request the user's permission before tracking their
activity.
Starting with iOS 14.5, apps on the App Store need to receive the
user’s permission through the AppTrackingTransparency framework before
collecting data used to track them. This requirement protects the
privacy of App Store users.
Next Steps
Here are two ways to resolve this issue:
If you do not currently track, or decide to stop tracking, update your app privacy information in App Store Connect. You must have the
Account Holder or Admin role to update app privacy information.
If you track users, you must implement App Tracking Transparency and request permission before collecting data used to track. When you
resubmit, indicate in the Review Notes where the permission request is
located.
Resources
Tracking is linking data collected from your app with third-party data for advertising purposes, or sharing the collected data with a
data broker. Learn more about tracking.
See Frequently Asked Questions about the new requirements for apps that track users.
Learn more about designing appropriate permission requests.
I already updated my app not to use any IDFA calls (including all the facebook and other SDKs) https://developer.apple.com/documentation/adsupport/asidentifiermanager/1614151-advertisingidentifier
When I try to set the checkboxes in App Privacy section of the app they can't be completely uncheck (i.e. at least one of the options has to be selected) so I can't state that my app is no using device id even though the codebase doesn't make advertisingidentifier at all.
Does App Tracking Transparency really mean that we can't track anything, even user clicks on buttons and screen views???? If so that's insane!
The main issue is that I want to have a better user experience for my users by not showing them an unnecessary ATT prompt.
You need to do the following 2 things:
Update the Data Types section to remove the Device Id. You can find it on the top of the privacy section, then hit Edit, navigate through till the last Nexts and uncheck the Device Id
Update the User ID and Product Interaction sections to uncheck - No, we do not track the user. You can find it at the end of the privacy section, then hit Edit, navigate through till the lastNexts and uncheck the above-mentioned box.
Submit the app again for review.
We were facing same issue when we removed Tracking from application and NSUserTrackingUsageDescription key from app.
Our app was already live on store with tracking enabled. In new version we faced this issue. When app was rejected we just replied them that we are not using this anymore in our application so we removed tracking authentication popup. We also told them that we were not able to update in App privacy because live version have tracking enabled.
After that reply they approved.
Sample Answer to apple when we removed from existing app:
"we have removed NSUserTrackingUsageDescription and tracking from this version, so we also removed Tracking Permission Popup from this version. We tried to remove it from App Privacy, but we could not change the Privacy data types in the Appstore connect because the current live version does use that permission. Please review our request and approve our application submission"
Related
I added the App Tracking Transparency dialog in my code to ask users if they allow tracking.
My app was rejected in the App Store Connect -
Your app contains NSUserTrackingUsageDescription, indicating that you will request permission to track users.
But now I'm not sure if I really need to use tracking?
I simply use Admob to show ads, and have only one app, so I don't need to collect data?
I have no idea what type of ads Admob shows the users (personalized/not personalized)
I assumed that everyone who uses Admob should show that User Tracking permission for ios14+, but do I really? Why do I need to collect data?
no you don't need NSUserTrackingUsageDescription if you use Admob.
you can use this permission like if you want to get advertising id of the device.
and remember to delete NSUserTrackingUsageDescription from info.plist if you don't use it so your app don't get rejected.
also if you used this permission remember to change the privacy of the app on apple store,
go to app privacy and in data types section click edit and select Identifiers (Device ID) and set this one as used for tracking purposes. and make sure that this is the only one selected as used for tracking.
I have an iOS app that only wraps a website and registers for push notifications. It was released in around January.
I'm trying to release a new version with minimal fixes but it gets rejected because:
The app privacy information you provided in App Store Connect indicates you collect data in order to track the user, including User ID. However, you do not use App Tracking Transparency to request the user's permission before tracking their activity.
The app does not do tracking. However inside the WebView the webpage uses Segment so the user behavior can be analyzed. Information is not shared with 3rd parties.
My question is. Does showing a WebView where there is a cookies opt-out flow already still counts as tracking? Can I just remove the tracking from the app privacy information so I don't need to implement any flow?
My other question is that if it still counts as tracking then do I need to somehow reject cookies if the user declines tracking outside the WebView? How do I do that?
My third question is that if there is any chance if I categorize my changes as a hotfix (login flow is broken so it is a hotfix), can I postpone dealing with this tracking issue?
The recent WWDC state that about iOS 14:
With iOS 14, iPadOS 14, and tvOS 14, you will need to receive the
user’s permission through the AppTrackingTransparency framework to
track them or access their device’s advertising identifier. Tracking
refers to the act of linking user or device data collected from your
app with user or device data collected from other companies’ apps,
websites, or offline properties for targeted advertising or advertising
Reference: User Privacy and Data Use
As per this guidelines, We need to ask the user for tracking permission using ATTrackingManager (AppTrackingTransparency) framework.
I have a few apps on AppStore, Which is using Google AdMob & FBAudienceNetwork to deliver ads to the user.
Question:
What's happen if I don't upgrade these apps as per the last WWDC guidelines? Is app continue ads serving to the user?
What's happening if User doesn't give tracking permission to the app?
App update does make any impact on revenue from ads?
Try to answer this question respected to ads serving, revenue and impact of App Tracking Transparency
Below are all references which I had referred already.
User Privacy and Data Use
App Tracking Transparency
Google AdMob
Google AdMob : Implementation
AdSupport
The firstly, i want to talk about the IDFA:
The Identity for Advertisers (IDFA) is the individual and random identifier used by Apple to identify and measure iOS user devices.
Bellow IOS14, Every AdNetworks use IDFA for defund a specific user, then They use IDFA to be used to deliver personalized ads to user. so IDFA help the AdNetworks can show related ads to our users.
In IOS 14, the IDFA is hidden and you and adnetwork can't get this IDFA, You must to ask user to allow tracking permission to continue use IDFA in IOS 14 system.
So my answers are:
Question 1: What's happen if I don't upgrade these apps as per the last WWDC guidelines? Is app continue ads serving to the user?
The short answers is YES, Your app still continue ads serving to the user. BUTTTTTT: the Adnetwork will do not know anythings about your user, so all ads will be random and unrelated ads
-> clickRate will be reduced -> eCPM will be reduced -> Your revenue will be down too.
Question 2: What's happen if User doesn't give tracking permission to the app?
Like the my answer 1 when user don't allow tracking permission, you can't get IDFA then Your revenue will be down again..
But in this case, Apple created an another choose for Us and Networks. that is SKAdNetwork which helps advertisers measure the success of ad campaigns while maintaining user privacy. But Nobody can make sure this API will better current IDFA System can make. So you should enable SKAdNetwork to track conversions in tracking don't allow case. To get maximum profit
Question 3: App update does make any impact on revenue from ads?
If your user allow the tracking permission, everything is OKAY like nothing happen. If not, you have the SKAdNetwork and let pray for SKAdNetwork will work nice like The Apple said.
Question 4: What is Funding Choices?
Funding Choices is the Google'Tool to help you to ask user allow tracking permission. Funding Choices and SDK UMP will create the explainer message alert which will automatically be shown immediately before the "Tracking permission" alert.
This is automatically and simple. If you don't like Funding Choices, you can create your explainer message yourself to ask user before the "tracking permission" alert is shown
This is all my knowledges after 3 days researching and working about IDFA, IOS14.....
I hope them can help you something. If i had any mistake, reply here!!!. Thanks
The current version my app (pre-iOS 14) is still showing ads, but ad revenue has HALVED since iOS was released. So yes, it seems ad revenue is impacted if you don't implement App Tracking Transparency (ATT).
I have updated my app WITHOUT ATT and Apple now rejects my app. Even though I share no user data with the AdMob framework, disabled location tracking and IAP tracking for AdMob.
So basically my app does not track anything other than the IDFA used by AdMob and Apple rejects it.
My advice would be to implement ATT if you are using Admob. If you don't do that, revenue will decrease and Apple will reject future app updates.
No IDFA means no personalized ads. Because all publishers over the years has build whole advertising services based on IDFA/GAID. Without IDFA you advertisers will not be able to run re-targeting campaigns or narrow targeting options to find target user group.
So you will receive less ads, and those you will see will have low CPM value. So your app will be flooded with cheap/poor quality ads.
You can learn more on my blog article
I just got mail from Apple stating that
"Data use & sharing" : Your app uses analytics software to collect and send user or device data to a third party without the user's consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity. This includes any use of the device camera, microphone, or other user inputs.
For your app to remain available on the App Store, you must remove any code, frameworks, or SDKs that collect, record or share a users data and resubmit your app for review.
Please let us know what is the recommended way to handle it,
My suggestions:
Can we just remove the data tracking(only for analytics & statistics which is the key to business) 3rd party SDKs ?
(or)
Just add permission alert stating that we are collecting information for so and so permission and track information ?
Apple has started a crackdown on the apps which tracks user activity through user inputs, screen recording etc.
The best way to get your app approved is to remove any code or the third party sdks which tracks user activity. I resubmitted an app today by removing a third party library and it got approved right away.
But if statistics are the key to your business then you can take a hint from here.
Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.
If you use your own privacy policy then clearly state how you track your user and how user's data will be used. And in addition to that, also show some kind of alert in your app that how the user data will be used (maybe through a UIPageViewController)
We ended up keeping all of our analytics (MixPanel, Google, Crashlytics, Facebook, AppsFlyer).
We only removed AppSee - because of the screen recording, and got approved within 10 hours.
My conclusion is that the only thing to remove is the screen recoding and all he rest can remain as is.
My app (version 1.13) was rejected last night from the Apple review team.
The reason:
Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing
Your app accesses user data from the device but does not have the required precautions in place.
To clarify, since your app accesses user contact data from the device you must have a Privacy Policy URL in the metadata and ensure that the URL you provide directs users to your privacy policy.Additionally, when the contacts access prompt is displayed, the usage string in your access request should clearly inform the user why and how their device contacts information is used.
My app is 2 years old and I have had no problems with any of the previous 13 versions - from 1.00 to 1.12. The changes were fixes in the database, navigation and widget code, as well as some miscellaneous bug fixes. In the info.plist file there is a text value under Privacy - Contact Using Description. This has been the case from the outset, i.e., since ver.1.00.
Moreover - the Pro version of this app, with the same interface and info.plist file (but without Ads serving) was approved two days ago!
I don't have Privacy policy URL - either in the app or in the iTunes app page.
So, as I understand, I have to include a Privacy policy URL.
And maybe I have to revise my text under the Privacy - Contact Using Description key in the app info.plist.
My first question is: should there be a link (URL) for the Privacy policy besides in the iTunes app page, in the app itself (somewhere in "About" section or in "Settings")?
My second question is: how detailed the text be keyed in Privacy - Contact Using Description in the plist? This shows when user starts the app for the first time and there are two choices: Don't allow / Allow . The current message is
".. this apps requests permission to access your contacts. If you do not allow, you will not use some of the functionality of this application."
Should I add more details here?
Edit: I don't collect user contacts, I don't upload user contacts on my servers or other servers. The app just searching for matches in the names in the contact list. Nothing more.
Here's what my problem solved:
I've edited the description in info.plist of how I use the address book if the user agrees. Added all details there.
In addition, I added a very detailed privacy policy (URL for the policy) in the details in iTunes page of the app.
No URL to the privacy policy somewhere in my app.
A few minutes ago Apple review team approved the new build of my app.