App Tracking Transparency
Overview
With the release of iOS / iPadOS / tvOS 14, Apple requires applications to provide more transparency to users for the the data the application and the application's third-parties are accessing from the user.
New Apple Requirements:
- Privacy Nutrition Label on App Store. For more information, see the myOneTrust article: OneTrust SDKs and Apple's iOS 14 Nutrition Label Requirement
- App Tracking Transparency Permission Prompts. For more information, see the myOneTrust article: Customizing Identifier for Advertisers (IDFA) Prompts
Note: Watch this technical implementation recording on myOneTrust to help you measure and report on the impact of the iOS 14 App Tracking Transparency IDFA prompt.
Displaying a Pre/Post-Prompt
The OneTrust SDK will automatically determine if a Pre/Post-Prompt should be shown based on the parameters passed to showConsentUI()
. Applications only need to specify:
- A permission type:
.idfa
- A ViewController presenting the UI:
self
- How to manage the completion handler once the prompt UI is dismissed
OTPublishersHeadlessSDK.shared.showConsentUI(for: .idfa, from: self) {
// code to be executed once the OneTrust Prompt dismisses from view
}
Note: Make sure
startSDK()
has been successfully downloaded at least once prior to calling this method.
Check and Log Consent
Since the App Tracking Transparency permission can be changed at any time by a user in device settings, the OneTrust SDK needs a way to become aware of that consent change to update the backend with the latest consent value. For this scenario, the checkAndLogConsent()
method should be used. There are 2 ways this method can be called:
- Automatically by the OneTrust SDK each time
startSDK()
is called - Manually by the application whenever necessary (ex: on app launch)
Note: If manually calling this method, make sure
startSDK()
has been successfully downloaded at least once.
OTPublishersHeadlessSDK.shared.checkAndLogConsent(for: .idfa)
UI Styling
The pre and post prompt UIs can only be styled locally in the project via plists. More information here: https://developer.onetrust.com/onetrust/docs/customize-user-interfaces-ios-tvos
FAQs
Can the OneTrust SDK change the consent value for the App Tracking Transparency permission?
No, Apple does not allow this. The App Tracking Transparency permission can only be updated in the following ways:
- User interacts with Apple's App Tracking Transparency permission prompt
- User updates the App Tracking Transparency permission value in the device's settings
The OneTrust SDK can only:
- Show Apple's App Tracking Transparency permission prompt to the user, via Pre-Prompt
- Deep link the user to the application's device settings for updating App Tracking Transparency permission, via Post-Prompt
What happens when the user closes the app or turns off their device while the App Tracking Transparency permission prompt is being displayed?
Apple records this as a Ask App Not to Track user selection. This will impact the application in the following ways:
- The application will not be allowed to show the App Tracking Transparency permission prompt to the user again, since it was already shown once.
- Calling OneTrust SDK's
showConsentUI()
method will result in a Post-Prompt, not a Pre-Prompt. - If Consent Logging feature is enabled, the next time
startSDK()
orcheckAndLogConsent()
is called, the OneTrust SDK will log a consent transaction for theApp Tracking & Transparency
purpose with statusOpted Out
.
What happens when the user closes the app or turns off their device while the OneTrust SDK's Pre-Prompt is being shown?
Nothing really happens:
- The OneTrust SDK won't log any consent transactions
- The next time OneTrust SDK's
showConsentUI()
method is called, the Pre-Prompt will still be shown because the App Tracking Transparency permission prompt has yet to be shown to the user.
What happens if the user updates the App Tracking Transparency toggle in device settings to a new value and returns to the application?
The application will restart (Apple device does this automatically).
If Consent Logging is enabled on Geolocation rule, the next time startSDK()
or checkAndLogConsent()
is called, the OneTrust SDK will log a consent transaction for App Tracking & Transparency purpose with status of Confirmed or Opted Out (depending on user’s new selection)
How does OneTrust SDK handle Opt-Out consent models (ex: CCPA) for Categories linked to App Tracking Transparency?
This answer depends on the user journey your application takes with regard to the OneTrust CMP + the user's App Tracking Transparency selection. See below for details:
Scenario 1: User interacts with SDK Banner before interacting with ATT
- User sees a banner and clicks on Accept All / Reject All
- Next user sees the ATT system prompt
- If ATT Accepted
- If User selected Accept All --> Linked category should be enabled
- If User selected Reject All --> Linked category should be disabled
- If ATT Rejected --> Linked category will always be disabled
- If ATT Accepted
Scenario 2: No SDK Banner, but User interacts with ATT
- User interacts with ATT system prompt
- If ATT Accepted → Linked category should follow user’s last given consent
- If last consent not available, fall back to category's default consent model
- If ATT Rejected → Linked category will always be disabled
- If ATT Accepted → Linked category should follow user’s last given consent
Scenario 3: No interaction with ATT or Banner
- The toggle status should reflect the default consent model
- If linked category + Opt Out model + no ATT interaction --> category enabled
- If linked category + Opt In model + no ATT interaction --> category disabled
Updated about 1 year ago