App Tracking Transparency (iOS 14.5+)

starting with ios 14 5, released in april 2021, apple introduced the app tracking transparency (att) framework this framework mandates that apps must transparently disclose their data usage and inform users about third party tracking practices within the app tracking and the use of the identifier for advertisers (idfa) now require explicit user consent according to apple's guidelines, "tracking" encompasses linking user or device data collected from your app with data gathered by other companies from their apps, websites, or offline properties for purposes such as targeted advertising or advertising measurement it also includes the sharing of user or device data with data brokers currently, the pubconsent sdk does not request user permission for tracking as required by the app tracking transparency (att) framework it is the responsibility of the app to manage this process and determine how the pubconsent consent management platform (cmp) and att permission coexist your app must adhere to apple's guidelines by disclosing the data collected and obtaining user consent for tracking to request tracking permission on ios, you should call the attrackingmanager requesttrackingauthorization function within your app when and how to request att permission? as per apple's guidelines, you must present the att tracking permission alert before attempting to access the identifier for advertisers (idfa) on the ios device if permission is not requested, or if the user denies permission, the idfa will not be available to your app and any embedded third party sdks this limitation could affect the functionality of third party sdks that rely on tracking data ensuring compliance to fully comply with both apple’s guidelines and gdpr requirements, you must obtain user permission through the att framework and also request user consent via the cmp currently, apple’s att is not aligned with the iab transparency and consent framework (tcf) or gdpr standards therefore, it cannot serve as the sole mechanism for consent collection it must be used in conjunction with the pubconsent cmp to ensure comprehensive compliance implementations 1\) ask for permission via att, then collect consent from the cmp only if the user has granted permission via att pros this implementation ensures that users are only asked once if they deny permission via att, minimizing user friction users who do not grant consent via att are spared from a second prompt from the cmp cons users who grant permission through att will still need to provide consent separately through the cmp, leading to them being asked twice (once by att and once by cmp) unfortunately, this is currently unavoidable the primary drawback of this approach is that if a user denies consent via att, they are assumed to also deny consent through the cmp this is despite the fact that att and the cmp pertain to different purposes and involve different vendors this means your app might be extrapolating a user's decision from att (which is focused on tracking via idfa) to other unrelated purposes whether this is acceptable depends on your specific app and user context 2\) collect consent from the cmp, then ask for permission via att pros the main advantage of this implementation is that it allows users to make distinct choices between att tracking and the various purposes and vendors managed by the cmp this respects the fact that the cmp and att pertain to different scopes and consent choices cons users will still need to be asked twice (first by the cmp and then by att), which could potentially lead to user fatigue or annoyance unfortunately, this redundancy is currently unavoidable to implement this solution you can register the onconsentreadycallback callback integrate the cmp notice and att permission show the att permission then the cmp notice if the user accepts the att permission this sample demonstrates how to display the att permission request if the ios version is 14 or later show the pubconsent ui only under the following conditions the ios version is below 14 the user has accepted the att permission request or att is restricted (see att restriction) details the att permission request will always be displayed if the device is running ios 14 or later and the att status is not restricted the pubconsent ui will be shown only if the user accepts the att permission request or if the att permission request cannot be shown (due to restrictions or if the ios version is below 14) import uikit import adsupport import apptrackingtransparency class viewcontroller uiviewcontroller { override func viewdidappear( animated bool) { super viewdidappear(animated) if #available(ios 14, ) { attrackingmanager requesttrackingauthorization { status in switch status { case authorized // show the pubconsent cmp to collect consent from the user pubconsentcmp shared setupui(containercontroller self) case denied // deny consent for all purposes and vendors in the pubconsent cmp as well // you can call this method or not it's up to you pubconsentcmp shared setuserrejectedall(containercontroller self) // otherwise you can call the resetuserpreferences method to delete all the user preferences given in the past pubconsentcmp shared resetuserpreferences() case restricted // att is restricted on the device so the user was not asked for a choice (https //developer apple com/documentation/apptrackingtransparency/attrackingmanager/authorizationstatus/restricted) // show the pubconsent cmp notice to collect consent from the user pubconsentcmp shared setupui(containercontroller self) case notdetermined // this is not supposed to happen // show the pubconsent cmp notice to collect consent from the user pubconsentcmp shared setupui(containercontroller self) } } } else { // show the pubconsent cmp to collect consent from the user as ios < 14 (no att available) pubconsentcmp shared setupui(containercontroller self) } } } if you need to close the popup without expressing any consent you can call the method pubconsentcmp shared disablecmppopup() after you called the disablecmppopup() the only way to re enable the cmp and to show the popup if required is to call the method pubconsentcmp shared enablecmppopup(containercontroller uiviewcontroller)