[iOS] 4. Working with ATT (App Tracking Transparency / iOS)
Overview
All new apps submitted to the App Store must comply with Apple's App Tracking Transparency (ATT) guidelines for iOS 14.0+. These guidelines enhance user privacy by requiring explicit consent before tracking. This document outlines the necessary steps to implement ATT when using our CMP SDK. All methods related to ATT were removed from our CMP SDK v3 due to restrictions related to the lifecycle of the app, so all ATT needs to be managed on the mobile app itself, and not through our SDK, as our SDK is not aware of the lifecycle of the mobile app integrating it. According to Apple's official documentation:
Calls to the API only prompt when the application state is UIApplication
1. Add the ATT Framework in Xcode
To integrate AppTrackingTransparency.framework, navigate to:
<PROJECT_NAME>.xcproject / <PROJECT_NAME>.xcworkspace -> General -> Frameworks, Libraries, and Embedded Content.
Ensure the framework is correctly embedded to enable ATT functionality.
2. Add NSUserTrackingUsageDescription
Include the following key in your Info.plist file:
<key>NSUserTrackingUsageDescription</key>
<string>Your app description explaining why tracking permission is requested.</string>
This message will be displayed to users in the ATT consent prompt.
3. Request Tracking Authorization
To ensure proper consent handling, request ATT permission on the first app launch. This should only occur if the user's consent status is unknown.
Example Implementation:
import AppTrackingTransparency
class AppDelegate: UIApplicationDelegate {
// IMPORTANT: this is the proper lifecycle event where the request needs to be done
func applicationDidBecomeActive(_ application: UIApplication) {
if #available(iOS 14, *) {
ATTrackingManager.requestTrackingAuthorization { status in
switch status {
case .authorized:
print("Tracking enabled")
case .denied, .notDetermined, .restricted:
print("Tracking disabled")
}
}
}
}
}
Note: Ensure UI-related logic is executed on the DispatchQueue.main queue, as the completion handler runs on a concurrent queue by default.
4. Monitor Tracking Authorization Status
Use ATTrackingManager.trackingAuthorizationStatus to track consent status changes. The following states are possible:
For consistency, treat restricted as denied unless explicit vendor consent is provided.
5. Handle Consent in Analytics & Third-Party SDKs
If your app uses third-party analytics, update their configuration based on the user’s ATT status:
- Disable analytics tracking for users who deny or restrict tracking.
- Use anonymized tracking if the analytics provider offers an opt-out setting (e.g., mParticle’s optOut mode).
- Review SDK policies regularly to stay compliant with Apple's privacy requirements.
Example for Firebase:
- If no ad frameworks are linked, Firebase Analytics will not access the advertising identifier.
- If using analytics with ads, ensure compliance with ATT guidelines before submission.
For apps that do not require advanced analytics, App Store Analytics (accessible via App Store Connect) may provide sufficient insights while ensuring compliance.
6. Additional Considerations
-
Wrap ATT calls in an iOS version check to avoid crashes on older versions:
if #available(iOS 14.0, *) { ATTrackingManager.requestTrackingAuthorization { _ in } } -
Track consent for older iOS versions using backend flags or local storage.
-
Comply with ATT promptly, as non-compliance may block app updates, even in cases of critical bug fixes.
For more information on managing user consent within the app, refer to Apple’s ATT documentation.
