What is Apple ATT?
Starting with iOS 14.5, Apple requires you to declare the type of data your app is tracking and ask users for permission to track them. For this, Apple has provided the App Tracking Transparency framework (ATT).
Does ATT replace a CMP?
No, it does not. A CMP collects consent based on the legal requirements of a framework, such as GDPR or CCPA/CPRA, which are valid in their respective jurisdiction. Where as ATT is designed to provide transparency about the tracking practices of an app. The underlying value of ATT is to empower users, by giving them the control over who can have access to their Advertising Identifier (IDFA, an ID used by advertisers to identify a unique user/device and provide personalized ads), by signaling to the app developer, that tracking practices should/should not be enabled.
Set up ATT
The following steps describe how to set up ATT using Swift. If you are working with Unity, the steps are different. Jump here to learn how to set ATT up for Unity.
Add
NSUserTrackingUsageDescriptionto your info.plist, with a description explaining why you track your user's data, import the framework.Create an iOS 14 or later function, and request permission with the App Tracking Transparency framework.
import AppTrackingTransparency @available(iOS 14, *) private func requestAppTrackingTransparencyPermission() { ATTrackingManager.requestTrackingAuthorization { status in switch status { case .authorized: // Handle Approve case case .denied: // Handle Deny case default: // Consider .restricted and .notDetermined states if needed } } }Depending on your app flow, you may request ATT permission whenever you deem convenient, but we recommend collecting both legal consent via the Usercentrics CMP and ATT permission in consecutive steps.
if #available(iOS 14, *) { self.requestAppTrackingTransparencyPermission() }
If permission has never been requested, the system will prompt the ATT pop-up, and the result will be returned on the callback. Once permission has been collected, any future call to this function will directly return the permission status without presenting the pop-up.
Can users change their ATT decision?
In case you change your tracking practices and want to guide your users to re-evaluate their ATT decision, you can always facilitate the path to your app settings, by calling the following method:
if let appSettings = NSURL(string: UIApplication.openSettingsURLString) {
UIApplication.shared.open(appSettings as URL, options: [:], completionHandler: nil)
}This will forward users to your specific app settings, where they can change their settings:
Do NOT force users to give ATT permission
We highly discourage limiting functionality or blocking users, if they do not provide ATT permission.
What is Apple privacy manifest?
Apple's new privacy requirements center around documenting the data collected by your app, referred to as the Privacy Manifest. This manifest provides details on the data categories collected by your app and third-party SDKs, along with the purposes behind data collection.
Third-party SDKs must include a privacy manifest file named PrivacyInfo.xcprivacy. This property list records the data types collected and the reasons for using corresponding APIs.
Do I need to update the manifest when integrating with Usercentrics SDK?
No, we do not collect any data deemed by Apple as significant for inclusion in the manifest.
Although, Apple mandates the use of the required reason API, as detailed on their developer documentation page.
Usercentrics incorporates the Privacy Manifest into its Core SDK, ensuring that no additional steps are necessary for customers to submit their apps to the App Store.
The APIs being used by Usercentrics SDKs are:
mach_absolute_timeReason: 35F9.1 - Access the system boot time in order to measure the amount of time that has elapsed between events that occurred within the app or to perform calculations to enable timers.
NSUserDefaultsReason: CA92.1 - Access user defaults to read and write information that is only accessible to the app itself.
statReason: C617.1 - Access the timestamps, size, or other metadata of files inside the app container, app group container, or the app’s CloudKit container.
More information
Data collection practices are organized into categories like Contact Info, Health & Fitness, Financial Info, Location, Sensitive Info, Contacts, User Content, Browsing History, Identifiers, Purchases, Usage Data, Diagnostics, and Other Data Types, each encompassing specific data types.
The reasons for data collection that require reporting fall into the following purposed: Third-Party Advertising, Developer’s Advertising or Marketing, Analytics, Product Personalization, App Functionality and Other Purposes.
We recommend to follow Apple guidelines and privacy policies. You can find more information in their public documentation.
Set up ATT for Unity
To set up ATT in Unity, follow these steps:
Depending on your app flow, you may request ATT permission whenever you deem convenient, but we recommend collecting both legal consent via the Usercentrics CMP and ATT permission in consecutive steps. The system will handle showing the popup, you will just need to call this function.
AppTrackingTransparency.Instance.PromptForAppTrackingTransparency((status) => { switch (status) { case AuthorizationStatus.AUTHORIZED: // You may enable tracking frameworks case AuthorizationStatus.DENIED: // You should disable tracking frameworks case AuthorizationStatus.NOT_DETERMINED: // State before prompt is shown. No further action. case AuthorizationStatus.RESTRICTED: // Restricted. See: https://developer.apple.com/documentation/apptrackingtransparency/attrackingmanager/authorizationstatus/restricted } });Also depending on your app flow, you can retrieve the current Authorization Status. If the user has not yet given consent, the obtained status will be
AuthorizationStatus.NOT_DETERMINED.AppTrackingTransparency.Instance.GetAuthorizationStatus((status) => { switch (status) { case AuthorizationStatus.AUTHORIZED: // You can enable tracking frameworks case AuthorizationStatus.DENIED: // You should disable tracking frameworks case AuthorizationStatus.NOT_DETERMINED: // State before prompt is shown. No further action. case AuthorizationStatus.RESTRICTED: // Restricted. See: https://developer.apple.com/documentation/apptrackingtransparency/attrackingmanager/authorizationstatus/restricted } });
How to support internationalization with ATT?
Possible plugin conflict
If you use an localization plugin and our solution, be aware that they may conflict.
Drag the ATTManager game object into your scene and set an English default message.
.png)
English default message not optional
If you do not set the English default message, ATT support will not be enabled.
ATT supports localization for several languages. You can also configure it with messages for other languages.
.png)
The English default message message will only be displayed if the device's language is set to English or if the device's language is set to a language that does not have a corresponding localized message.
On Localization Messages, click the + sign and choose the desired language from the dropdown menu.
Write the localized message for the selected language.
.png)
If you wish to add a message for a language that is not available on the dropdown menu:
Select Other.
In the Manual Iso Code field, add the language ISO code. Use two-letter ISO 639-1 or three-letter ISO 639-2 language codes with optional region or script designators.
.png)
Handling for versions under iOS 14
Since ATT permission is not supported in versions lower than iOS 14. We will always return AUTHORIZED, if this method is called in not supported versions.
If permission has never been requested, the system will prompt the ATT pop-up, and the result will be return on the callback. Once permission has been collected, any future call to this function will directly return the permission status without presenting the pop-up.