Skip to main content

Early Spring App Store Rejections Sound the Alarm

By April 1, 2021September 20th, 2021Blog, iOS 14 & SKAdNetwork 7 Min Read

What you need to know before iOS 14.5 officially arrives

A plethora of App Store rejections sounded alarms Thursday morning, and unlike some recent missteps by other brands, it was no April Fool’s joke. iOS 14.5 isn’t here yet and neither is the official enforcement of Apple’s AppTrackingTransparency (ATT) framework, but social feeds, chat forums, and other channels were abuzz with a frenzy of speculation. Multiple app developers working with particular mobile measurement partner (MMP) software development kits (SDKs) noted their app updates were being rejected.

What we know

ATT soft prompts:

Early indications suggest some of the App Store rejections are related to apps that have started prompting via the ATT framework, but have implemented a soft prompt. A soft prompt, or pre-prompt, comes before the main ATT prompt itself and has been a strategy pursued by some apps to inform and educate users on why they should opt-in to tracking before they’re officially prompted for consent. Language found within the rejection notices suggests that Apple will not be allowing soft prompts and considers it an attempt to manipulate the user’s decision. As such, if that’s currently a part of your ATT strategy, you’re encouraged to rethink it.

Use of user or device data without opt-in:

Additional rejections were related to some partners using non-consented user and/or device data to generate a client-side identifier. The client-side nature of these instances is likely what led to the early discovery and rejection of this practice, which Apple’s User Privacy and Data Use Policy have clearly prohibited. This is only Apple’s first move. It suggests that Apple will stand their ground and soon enforce the same rejection for apps with SDKs that don’t generate a user/device data-based ID client-side, but rather shift this practice server-side for the same purpose.

A general unease

The rush of rejections exposed the general unease facing many mobile advertisers in the final stretch leading up to the rollout of iOS 14.5. As we discussed in our previous post, a number of MMPs are likely blurring the lines of Apple’s User Privacy and Data Use Policy and their advertiser customers have cause for concern.

Apple has made it clear in their Privacy Policy FAQ that apps can be rejected from the App Store when the app itself or other SDKs in the app are committing practices that Apple has prohibited.

“Apps that are found to be engaging in this practice, or that reference SDKs (including but not limited to Ad Networks, Attribution services and Analytics) that are, may be rejected from the App Store.”

Excerpt from Apple’s privacy FAQ

What is “this practice”?

“This practice refers to any of the following in the absence of user opt-in via the ATT framework.”

“…linking user or device data collected from your app with user or device data collected from other companies’ apps, websites, or offline properties for targeted advertising or advertising measurement purposes.”

“…derive data from a device for the purpose of uniquely identifying it. Examples of user or device data include, but are not limited to: properties of a user’s web browser and its configuration, the user’s device and its configuration, the user’s location, or the user’s network connection.”

Excerpts from Apple’s User Privacy and Data Use Policy

If you have any doubts about the approach to iOS 14.5 and the ATT framework that’s being pursued by your current partner we’re here to help.

Where Kochava stands

Kochava has been firm and unwavering in its stance on adhering to the letter and spirit of Apple’s User Privacy and Data Use Policy – read our January 27th post. You can experience total peace of mind with our attribution solutions, knowing that they’re fully compliant with iOS 14.5, the ATT framework, and Apple’s policies. Kochava is also the only partner that will enable you to tailor and customize your approach on ATT to take an even more conservative interpretation through Kochava Privacy Profiles announced here.

Contact us now for a consultation on the ATT framework and your privacy-compliant attribution strategy.