Advertiser’s cheat sheet: Apple iOS privacy measures

With the enforcement of Privacy Manifests in Spring 2024, Apple makes app developers accountable for the privacy practices of any third-party SDKs and APIs used by their app. Thus a partner ignoring Apple’s privacy policies has a direct impact on the App owner, and plausible deniability will no longer be accepted as a reason for non-compliance. 

Another reason to pay attention to Privacy Manifests is that they challenge real-time probabilistic attribution and will force all advertisers, ad networks & MMPs to use Apple SKAdNetwork (SKAN) attribution system. This will likely put an end to the industry’s practice of gathering device information, app activity, building profiles and behavioral-targeting users. As a result, an advertiser will have to work with partners specializing in privacy compliant contextual campaign optimisation.

While you can always discuss these alternatives with the Dataseat team (get in touch here), this article gives app marketers a quick recap of Apple’s privacy measures and what led to today’s situation with Apple’s SKAN 4.0 and Privacy Manifests.

Read on and get up to speed on Apple iOS privacy and what it means for app developers.

How did we get here? A recap of Apple iOS privacy changes since 2021:

	In April 2021 Apple rolled out its privacy framework called ATT (App Tracking Transparency), together with iOS 14.5.
	ATT allowed users to opt out of providing their persistent identifier for advertisers, also known as IDFA, to any given app.
	IDFA was widely used for attribution by MMPs (AppsFlyer, Adjust, etc.), which in turn were used by advertisers.
	Apple’s intent was to force all advertisers to use their privacy-compliant attribution system known as SKAdNetwork (SKAN).
	As SKAN is built for privacy it shares very limited data signals for attribution which has meant most advertisers feel it is extremely limiting: It doesn’t allow an install to be attributed to a click or an impression. In-app events are limited to 3 in 35 days. There are significant delays (2 days – 35 days) in ad networks, partners and advertisers receiving those install or in-app event postbacks. It will be extremely challenging to track granular user behavior. Accurate LTV measurement and optimisation will be impossible. Advertisers and their partners will optimize to more basic aggregated performance signals.
	Apple continued to enhance SKAN to today’s 4.0 version., which it now considers fit for purpose.
	MMPs continued to provide a backup mechanism known as probabilistic attribution or fingerprinting to advertisers that was essentially ignoring/bypassing Apple’s SKAN system.
	In June 2023 at Apple’s WWDC conference Apple announced Privacy Manifests: “The privacy manifest records the types of data collected by your app or third-party SDK, and the required reasons APIs your app or third-party SDK use”, according to Apple documentation. This means that Privacy Manifests put the onus on app owners to declare the exact function of the third-party SDK running in their app removing plausible deniability. Privacy Manifests prevent apps from connecting to a tracking domain (ex. tracking.exampleapp.com) unless ATT consent is granted. The intent of this is to stop fingerprinting and to force all advertisers to use SKAN only. Apple’s guidance is that this will be enforced between Autumn 2023 and Spring 2024.

Master privacy-first advertising on iOS

Dataseat is the transparent privacy-ready contextual mobile DSP and the longest-standing expert in SKAN and all things privacy. We help advertisers transition to SKAN campaign measurement and contextual targeting and reach their mobile marketing goals. If you need to discuss your campaigns or any privacy, SKAdNetwork and contextual targeting questions, get in touch with Dataseat experts.