App Tracking Transparency (iOS 14.5+)
Starting with iOS 14.5, released in April 2021, Apple introduced the App Tracking Transparency (ATT) framework. This framework mandates that apps must transparently disclose their data usage and inform users about third-party tracking practices within the app.
Tracking and the use of the Identifier for Advertisers (IDFA) now require explicit user consent. According to Apple's guidelines, "tracking" encompasses linking user or device data collected from your app with data gathered by other companies from their apps, websites, or offline properties for purposes such as targeted advertising or advertising measurement. It also includes the sharing of user or device data with data brokers.
Currently, the PubConsent SDK does not request user permission for tracking as required by the App Tracking Transparency (ATT) framework. It is the responsibility of the app to manage this process and determine how the PubConsent Consent Management Platform (CMP) and ATT permission coexist.
Your app must adhere to Apple's guidelines by disclosing the data collected and obtaining user consent for tracking. To request tracking permission on iOS, you should call the ATTrackingManager.requestTrackingAuthorization function within your app.
As per Apple's guidelines, you must present the ATT tracking permission alert before attempting to access the Identifier for Advertisers (IDFA) on the iOS device. If permission is not requested, or if the user denies permission, the IDFA will not be available to your app and any embedded third-party SDKs. This limitation could affect the functionality of third-party SDKs that rely on tracking data.
To fully comply with both Apple’s guidelines and GDPR requirements, you must obtain user permission through the ATT framework and also request user consent via the CMP. Currently, Apple’s ATT is not aligned with the IAB Transparency and Consent Framework (TCF) or GDPR standards. Therefore, it cannot serve as the sole mechanism for consent collection. It must be used in conjunction with the PubConsent CMP to ensure comprehensive compliance.
1) Ask for permission via ATT, then collect consent from the CMP only if the user has granted permission via ATT.
Pros:
- This implementation ensures that users are only asked once if they deny permission via ATT, minimizing user friction.
- Users who do not grant consent via ATT are spared from a second prompt from the CMP. Cons:
- Users who grant permission through ATT will still need to provide consent separately through the CMP, leading to them being asked twice (once by ATT and once by CMP). Unfortunately, this is currently unavoidable.
- The primary drawback of this approach is that if a user denies consent via ATT, they are assumed to also deny consent through the CMP. This is despite the fact that ATT and the CMP pertain to different purposes and involve different vendors. This means your app might be extrapolating a user's decision from ATT (which is focused on tracking via IDFA) to other unrelated purposes. Whether this is acceptable depends on your specific app and user context.
Pros:
- The main advantage of this implementation is that it allows users to make distinct choices between ATT tracking and the various purposes and vendors managed by the CMP. This respects the fact that the CMP and ATT pertain to different scopes and consent choices. Cons:
- Users will still need to be asked twice (first by the CMP and then by ATT), which could potentially lead to user fatigue or annoyance. Unfortunately, this redundancy is currently unavoidable.
To implement this solution you can register the OnConsentReadyCallback callback.
This Sample Demonstrates How to Display the ATT Permission Request if the iOS version is 14 or later.
Show the PubConsent UI only under the following conditions:
- The iOS version is below 14.
- The user has accepted the ATT permission request or ATT is restricted (see ATT Restriction). Details:
- The ATT permission request will always be displayed if the device is running iOS 14 or later and the ATT status is not restricted.
- The PubConsent UI will be shown only if the user accepts the ATT permission request or if the ATT permission request cannot be shown (due to restrictions or if the iOS version is below 14).
If you need to close the popup without expressing any consent you can call the method:
PubConsentCMP.shared.disableCmpPopup()
After you called the disableCmpPopup() the only way to re-enable the CMP and to show the Popup if required is to call the method:
PubConsentCMP.shared.enableCmpPopup(containerController: UIViewController)