Prompt user with iOS AppTrackingTransparency in managed workflow

Please provide the following:

  1. SDK Version: 40
  2. Platforms(Android/iOS/web/all): iOS
  3. iOS IDFA/ATTrackingManager

According to recent apple update, ALL apps published to AppStore since 26.4.2021, are required to use App Tracking Transparency framework, if they are requiring user name, email, phone or any user generated content.

Our app requires user name, email and phone number to register user into the app in order to use it. We are not using Segment, AdMob or FacebookAds in our app, but since these libraries can be used in expo managed, we are obliged to check the boxes which custom user content we use, when deploying the app to the AppStore. (Deploying to App Stores - Expo Documentation)

According to Apple Tracking Transparency I have set the infoPlist key in app.json, but can’t figure out how to show the alert dialog, since ATTrackingManager class, which prompts the user permission is not present in expo and haven’t found this type of permission in expo-permissions either. Any clue on how to approach this issue? Thanks a bunch.

7 Likes

We received an e-mail requiring the implementation of AppTrackingTransparency in the next version, bumping this question to know how we are supposed to proceed.

just found out expo-ads-admob is able to requestPermissionsAsync() and getPermissionsAsync() in Expo 41

2 Likes

Thanks for following up with the answer here, @vaclav.ryska :clap:

1 Like

So, from what I understood, it seems like this admob package is gonna be mandatory for any iOS app that collect user data in any form ( at least that’s what they say in the e-mail ), is this right? I didn’t really want to add another package just to prompt the user for tracking permission.
We don’t even show ads to our users, shouldn’t we have a non package specific solution to this?

2 Likes

With the upcoming public release of iOS 14.5, iPadOS 14.5, and tvOS 14.5, all apps must use the AppTrackingTransparency framework to request the user’s permission to track them or to access their device’s advertising identifier. Unless you receive permission from the user to enable tracking, the device’s advertising identifier value will be all zeros and you may not track them.

if you’re not tracking the user (eg: for ads) then it shouldn’t be needed. are you being told otherwise during submission?

Yes, I was told that after submitting my app today.
But we don’t use ads.
Can anyone give me an example on how to set up the requestPermissionsAsync()?
Where to import it from?

That sort of information is in the Admob docs but that seems to be to be the wrong way to go about this.

Since you’re not using ads, I think you should look into using EAS Build. See in particular this part of the blog post:

For now you need to subscribe to a Priority plan. They do plan to have a free tier in future, but they’re still busy improving the service at the moment.

I looked in the docs but couldn’t find. Can you point that out to me.
So does EAS guarantee that Expo won’t track the user and Apple will accept the app ?

So the only 2 options currently is install and use the admob package, or get a priority plan and use the EAS build? These both seem…not great. Is there a planned update to the Permissions module for this?

1 Like

EAS removes native code you are not using. So if you’re not using ads then EAS should produce an app that does not include that code, so Apple should accept it.

But in theory it should not be necessary to use EAS. Since you’re not using ads, getting the device’s advertising identifier or otherwise tracking them across other companies’ apps/websites/etc., the wording makes it sound like there should not be a problem. If you do want the advertising ID then as far as I know you will need to use Admob.requestPermissionsAsync(). I am no expert on what Apple allows or requires for apps to get into the App Store, though.

image

This is the rejection message we got from Apple yesterday:

We noticed you do not use App Tracking Transparency to request the user’s permission before tracking their activity across apps and websites. The app privacy information you provided in App Store Connect indicates you collect data in order to track the user, including Device ID.

Starting with iOS 14.5, apps on the App Store need to receive the user’s permission through the AppTrackingTransparency framework before collecting data used to track them. This requirement protects the privacy of App Store users.

Next Steps

Here are two ways to resolve this issue:

We do not use tracking for any marketing purposes. We do not track our users at all.

So, should we change to “NO, we don’t collect data” in the App configuration?

If that’s the case, it’s against what Expo itself recommends on Deploying to App Stores - Expo Documentation, where it states that we should choose Yes, we collect data from this app because managed apps include " Facebook, Facebook Ads, and Google AdMob SDKs, which still access the IDFA".

Not sure how we should proceed here.

1 Like

So, should we change to “NO, we don’t collect data” in the App configuration?

If you’re building with EAS Build, as opposed to classic build (expo build), and you don’t use Facebook, Facebook Ads, or Google AdMob SDKs, then you do not need to say you collect data if and only if you don’t otherwise collect any relevant data.

The reason that guide states to answer yes for managed workflow apps built with expo build is because the native code for accessing the IDFA is technically present in the binary, even though it may be completely dead code (depending on your app). The question on “Do you collect data” is different from “Does your app access the IDFA” though, but I’m not 100% certain on whether Apple considers those two separate questions, or the same one phrased differently