Get ready for Apple’s App Tracking Transparency Framework

Last year, Apple announced a change with a wide-ranging impact on the future of mobile customer experience. The IDFA, a cross-app ID, present on all Apple mobile devices and used across the martech and adtech industries, would now require explicit user consent to use. This change dramatically limits the usability of the IDFA as a form of universal identity that brands and vendors can use to power marketing, measurement, and everything in between. With the release of iOS 14.5 this week, these changes will now begin to be enforced.

In addition, Apple’s new App Tracking Transparency (ATT) framework and the accompanying App Store review guidelines bring a major change to the way apps can track users across their apps and websites. Under the latest guidelines, user data must only be used for cross-application tracking after the user has opted-in via the ATT framework. 

This change is part of a ramp-up of increased privacy focus across the industry, from GDPR enforcement beginning in 2018, to CCPA in 2019, to the current revision of ePrivacy in the EU. Adherence to the latest App Store Review guidelines is predicated on proper usage of this new framework.

At mParticle we support our customers’ compliance obligations, and help them reap the benefits of what data can offer while aligning with Apple in a commitment to Privacy as a Fundamental Human Right. As data infrastructure, we help our customers process billions of user and device-based events from across their apps, sites and other end-user touch-points. Through our platform, every customer explicitly configures what data to send, and where it is sent, including destinations such as product analytics, marketing, advertising and data warehousing tools. 

As part of our product, we have long championed the concept of “data minimization” - encouraging customers to audit and minimize data leaving the system, including only the specific identifiers, events, and attributes needed for each particular integration.

While Apple has not yet begun to enforce all requirements of the ATT Framework, mParticle has already begun to roll out a series of updates to support our customers in aligning with the new framework, starting in September of last year and continuing in the coming weeks. 

Already released updates include:

• mParticle no longer automatically collects IDFAs. IDFAs can still be manually set.
• We’ve made it easier for developers to control which version of a partner SDK is included in an mParticle kit integration, so that any future updates to kit integrations can be added to your implementation as soon as they become available.
• We’ve updated several kit and server-side integrations to provide ATT status as needed.
• The mParticle SDK now allows you to record the ATT Authorization Status of a user.
• If a user does not give ATT Authorization, the mParticle SDK will prevent the IDFA being uploaded to mParticle, at all.

In May of this year, to help manage IDFAs that have already been ingested by mParticle prior to these updates, mParticle will begin to use the recorded ATT Authorization Status of a user in the following ways:

• Current ATT Authorization Status and last updated timestamp will be displayed in the User Activity View
• If ATT Authorization is denied, any IDFA that has already been collected for a user will not be added to incoming event batches by our profile enrichment feature, and will not be forwarded to any downstream services.
• If ATT Authorization is denied, the IDFA will not be forwarded as part of any Audience. Note that only IDFA is affected. Other identities for the user may still be included, provided they meet the membership criteria.

For full details of these changes, see our iOS 14 docs, and Migration Guide.

As of January 2021, there are 145 pieces of legislation governing privacy, globally, up from 132 a year ago, with 23 further bills currently under consideration. Apple’s ATT framework and the crackdown on third-party cookies on the web are part of the industry’s response to this global trend. With the privacy landscape evolving so rapidly, brands need to get out ahead and put themselves in a strong position to meet both their legislative obligations and the expectations of their customers, in the future as well as today.

For this purpose, mParticle provides a suite of Privacy-by-Design tools to help you understand and manage the flow of data, including:

• Extensive filtering options that allow you to send each datapoint only where it is needed
• The ability to manage data flow to each integration based on any user attribute.
• A Data Catalog that records where each data point has been sent

To learn how mParticle’s tools can help you complete the new privacy requirements of the App Store Connect application process, check out our iOS 14 docs.

As the crack-down on cross-domain identifiers continues, strategies based on third-party data will become increasingly unworkable. Now is the time for brands to double-down on building a best-in-class first party customer data infrastructure, while respecting the need for privacy and security.