App Tracking Transparency Updates in iOS 17

Yes, Vision Pro is amazing! But there are other changes that were announced at WWDC that directly impact user privacy and analytics that are a pretty big deal!

Daniel Jilg

Daniel is TelemetryDeck's co-founder and technical lead
The Apple Logo

There were no policy changes to how Apple treats privacy matters, but there are technical changes that will enforce those policies on a per-device level, as well as a few new quality-of-life improvements for developers and users.

I don’t think there will be any negative impact on usage of TelemetryDeck. However, analytics packages or apps that use shady practices that until now could skate past undetected, might find themselves in hot waters.

Let’s go through the changes and look at the impact on apps using TelemetryDeck. I’ll update this document whenever we have new information.

What is App Tracking Transparency?

Let's start with a brief summary. Apple introduced the App Tracking Transparency (ATT) framework at WWDC in 2020, which has four main functions:

  1. The term "tracking" refers to activities that are associated with advertising and data brokers:

    Tracking refers to the act of linking user or device data collected from your app with user or device data collected from other companies’ apps, websites, or offline properties for targeted advertising or advertising measurement purposes. Tracking also refers to sharing user or device data with data brokers.” source
  2. App Tracking Transparency grants or denies access to the Identifier for Advertisers (IDFA).
  3. App Tracking Transparency contains policy limitations against other forms of cross-company “tracking” (i.e., hashed email addresses) without user consent.
  4. App Tracking Transparency contains policy prohibitions against fingerprinting (which have always been in the Apple Developer License Agreement) apply, separate from restrictions on “tracking” and regardless of user consent.

The enhancements made to App Tracking Transparency this year seem to be technical enforcements of policies 3 and 4, so that they are no longer just policy.

How does this impact apps using TelemetryDeck?

If we go by the letter of Apple’s policies, we don’t fall under any of the definitions of tracking, we don’t do fingerprinting or cross-company tracking, and we have nothing to do with advertising.

  1. TelemetryDeck does not share user data (or any data) with advertisers or data brokers, and does not use your data to sell advertisements.
  2. TelemetryDeck does not use the IDFA identifier.
  3. TelemetryDeck does not enable or support cross-company tracking.
  4. TelemetryDeck does not allow fingerprinting

So going by that, we feel pretty good. ☺️

However, we all know that the App Store approval process can be fickle sometimes. Different reviewers interpret the rules differently sometimes, and it’s hard to reverse a decision once it’s taken. By knowing the rules and the spirit behind them, we can protect ourselves better against misunderstandings.

Has your app been rejected by App Review for alleged tracking violations with TelemetryDeck? Shoot us an email at info@telemetrydeck.com! We’ll do our best to help you argue your case, and we’ll update our documentation to help others prevent the same mistake.

Let's look at some of Apple's new technologies and wether they affect analytics and usage data.

Privacy Manifest

Privacy Manifests are a new tool that helps you accurately identify the privacy practices of your app's dependencies.

They are files ending in .xcprivacy that third-party SDK developers such as TelemetryDeck can include in their Swift packages to declare

  • what data types the SDK collects,
  • how each data type is used, whether they are linked to the user,
  • and whether they're used for tracking as defined by the App Tracking Transparency policy.

We’ll be aiming to update the TelemetryDeck SDK with a privacy manifest as soon as possible.

Read Apple’s very good docs on Privacy Manifests for more.

Privacy Report

Xcode Privacy Report

Xcode 15 can aggregate all the privacy manifests in your app's project, and produce a privacy report that summarizes the declared data uses. To view this, go to Xcode Organizer, show the context menu for an archive, and select "Generate Privacy Report.”

The privacy report is a PDF and easy to use. It is organized in a similar way to Privacy Nutrition Labels. So you can easily reference this report when you provide your app's privacy details in App Store Connect.

Xcode Privacy Report PDF

Tracking Domains

Privacy manifests that declare tracking may include tracking domains. This helps app developers and third-party SDK developers to avoid tracking people without their permission. The operating system will actively prevent the app from contacting the specified domains until the user has opted-in to tracking.

Right now we are very sure that TelemetryDeck does not fall under the definition of “tracking” as defined by Apple. We don’t collect personal data, and our design is unusable to follow a user from app to app. We’ll ask Apple for clarification and won’t set a Tracking Domain in the meantime.

Required reason APIs

With iOS 17, Apple updates its APIs so that more of them will ask the user for consent or require the app developer to supply a reason for using the API. This is mostly to prevent any fingerprinting – following the same user or device between multiple apps using metadata such as the list of installed fonts on their device.

For example, one Required reason API is NSFileSystemFreeSize, which indicates the amount of free space on the file system. One of its approved reasons supports using this API to check whether there is sufficient disk space before writing files to disk.

To protect users from possible fingerprinting, apps and SDKs are allowed to access the Required reason APIs only for the approved reasons.

SDK Signing

Xcode 15’s new signature verification feature can provide security for app developers based on code signing done by SDK authors. SDK authors can now provide a signature for their binary frameworks.

Xcode now shows a new section in the Inspector that displays the signature status for the xcframeworks you include within your app. If a signature changes, the build will fail with an error message.

This helps you when including a binary framework in your app and prevents attacks where a third party tries to replace an SDK with a malicious version.

The TelemetryDeck SDK is distributed as source code – non binary – and therefore we cannot sign the SDK as of now Once Apple also allows source-distributed SDKs, we’ll investigate more.

Link Tracking Protection

Safari Link Tracking Protection

Link Tracking Protection is a new feature automatically activated in Mail, Messages and Safari in Private Browsing mode. It detects user-identifiable tracking parameters in link URLs and automatically removes them.

These kinds of algorithms usually calculate a score for each parameter by looking at the URLs that other users navigated to. If more than “x” different people have the same parameter in the URL, it is considered proven that it can’t be used to track individual people and it can stay in the URL. Otherwise it’s removed. (Source: I used to work on a similar set of algorithms for Cliqz https://en.wikipedia.org/wiki/Cliqz ).

With this technique, people who make websites and web apps can still use the full power of URL parameters, but won’t be able to use URL parameters to track users across multiple websites.

TelemetryDeck’s web SDK can use URL parameters to collect the source, referrer, or campaign a link is coming from. Since these are not personalized, it will just continue working.