Aligning with Apple’s AppTracking Transparency Requirements
We're excited to announce the Milestone 3 release of our support for Apple's AppTracking Transparency. With this release, mParticle customers can now set a default ATT status when one has not been collected, in addition to being able to collect ATT consent status and control data forwarding based on ATT status.
Back in April of 2021, Apple released iOS 14.5, iPadOS 14.5, and tvOS 14.5, which include a set of features, among them the new AppTrackingTransparency (ATT) framework, designed to help users understand how their data is being tracked and used. mParticle has rolled out a series of new features to help our customers stay in compliance with ATT requirements as dictated by App Store Review guidelines.
What is AppTrackingTransparency (ATT)?
The AppTrackingTransparency (ATT) is Apple’s privacy protection framework. It requires IOS app developers to explicitly prompt users for opt-in permission to “track” them. The definition of tracking is defined on Apple’s User Privacy and Data Use page.
Compliance with the latest App Store Review guidelines is predicated on the proper usage of this new framework. Additionally, each app must ensure that all user data processing obeys user ATT consent elections.
mParticle updates to support the ATT framework
In our February 2021 release, mParticle introduced two new fields, which are associated with iOS device data collection in order to provide teams with greater transparency and control.
- The first is `att_authorization_status`, a string that correlates directly with Apple’s ATTTrackingManagerAuthorizationStatus enumeration and must match one the following values:
- The second is `att_timestamp_unixtime_ms`, an optional field that specifies when the end-user first responded to the App Tracking Transparency prompt
These fields govern whether or not IDFA data that has been collected on a user will be added to incoming event batches using our profile enrichment feature. If `att_authorization_status` is any value other than “authorized”, IDFA will not be forwarded to any downstream services, nor will it be forwarded as part of any Audience. The `att_authorization_status` can also be referenced by our Rules feature to limit data collection or restrict data flow.
NEW (July 2021): Configuring a default ATT status
While mParticle recommends that our customers explicitly set the `att_authorization_status` for all of their iOS users, in our July release we have added the ability to select a default `att_authorization_status` via the Apple Tracking Transparency (ATT) Default setting available in the platform. This may be helpful to handle scenarios such as:
- Existing profiles previously sent to mParticle who have not visited your app since the iOS 14.5 release
- Apple device data received from additional data inputs, such as partner data feeds, where `att_authorization_status` has not been provided
The option to select a Apple Tracking Transparency (ATT) Default setting is available to mParticle Compliance Admin users, and can be found under the “Privacy” settings. Instructions on how to manage mParticle users and roles can be found in our docs.
Checking a user’s ATT status
At any time, mParticle admins can check a user’s `att_authorization_status` using the User Activity view tool. This can be found in the “Information” tab, under “Devices”, for Apple devices where “ID type” is “IDFA”. The `att_authorization_status` is displayed under “Privacy Tracking”.
On a mouseover of the tooltip, mParticle admins can validate if the `att_authorization_status` was explicitly set by the end user or defaulted to by the ATT Default setting, as well as obtain the timestamp when it was set.
For more details around how mParticle can help you comply with Apple’s App Tracking Transparency Requirements, please refer to our iOS 14 docs.
Leading the Way in Data Privacy
As the first Customer Data Platform (CDP) to offer capabilities that help customers enforce granular privacy controls in compliance with iOS 14.5 privacy guidelines, mParticle continues to demonstrate industry leadership in data privacy. In 2018, mParticle was also the first CDP to incorporate GDPR compliance capabilities.
Our work to address iOS 14.5 began in Summer 2020 when Apple first announced these privacy changes, and is a result of the collaboration between our DPO’s office, product, engineering, and the partnerships teams.
Incorporating privacy-by-design in your data strategy
Additionally, as more cross-domain identifiers are removed, including the eventual deprecation of 3rd-party cookies, strategies prioritizing dependence on 3rd-party data will be increasingly unfeasible. mParticle is here to help brands transition to building a first party data strategy, while incorporating a privacy-by-design approach.