Managing Consent in Apps in iOS 14.5 and Beyond

Since Apple introduced Intelligent Tracking Prevention (ITP) three years ago to its Safari web browser the advertising industry’s ability to track, segment internet users across the open web, and deliver online advertising campaigns to them has been radically altered. Simple tasks like ensuring someone doesn’t see the same advert ad infinitum is now very difficult, as is deterministically tracking whether an advert served resulted in a sale. 

This has been incredibly disruptive for both advertisers and their agency partners but it is publishers who have been most adversely impacted, losing as much as 70% of their revenue when the person visiting their website is using Safari because advertisers value the ability to segment, deliver and measure using cookies so greatly. 

Just as third-party cookies can be considered the backbone of addressable advertising on the open internet, Device IDs are the foundations of addressability for in-App Advertising.  On Apple handsets this ID this identifier is called Identifier for Advertisers (or IDFA) and just as Apple built the first major browser to incorporate privacy protection for its users, they plan to be the first major mobile OS to bring enhanced privacy to users of Apps on Apple devices through the App Tracking Transparency Framework, which will control the use of devices and other user identifiers such as email.

ITP Comes To Apps

This June at their Worldwide Developers Conference (WWDC) Apple announced that when the next release of iOS arrived in the Fall it would have ITP-like features for Apps, it was called the App Tracking Transparency (ATT) framework.  

Unlike ITP and the open web, rather than blocking tracking in Apps by default, Apple is mandating that app publishers and developers ask for permission to collect and share data with third parties through a consent modal that appears when the user first opens the App. This news was not well received, and to a degree, the dark mood of app developers and publishers was understandable — in 2019 Apple estimated that their App Ecosystem supported in-App advertising sales of $45 billion. Just as ITP devastated the yields of publishers offering news that was free at the point of access, the ATT Framework has the potential to do the same for app developers.

Many (most notably Facebook) have complained about the broad scope of the ATT Framework and its potential impact on businesses. Complaints aside, publishers now require an opt-in to do any of the following:

  1. To use an SDK in their App that combines user data from their App with that of others to target advertising or measure its effectiveness.
  2. To share IDFAs & email addresses etc with a third-party advertising network, either for targeting or measurement purposes.
  3. To share email lists with a data broker unless the data solely used for fraud prevention.

The ATT Framework is not only broad-reaching in terms of the use cases that an app developer or publisher requires consent for, but also the number of platforms impacted. The consent modal is not only required for iOS 14 Apps but also for the latest versions of iPadOS and tvOS. 

Implementing the ATT

As we mentioned above the ATT Consent Modal needs to be shown when a user first logs into the app. Once a user consents to data sharing, the App can continue to track users and share this information with third parties.

Not blocking all tracking by default is a welcome compromise and one that Apple likely made because the App store generates significant revenue for them in a way that the open web does not. But the mood amongst publishers on this change is quite dark, already: 30% of European iOS users opt-out of tracking at a system level, and if a large portion of the remaining 70% opt-out of tracking in their apps then the publisher’s audience is less targetable and less attractive to advertisers — therefore less valuable to publishers. We will look at the process of gaining consent in more detail below.

One positive is that publishers will have some creative license over how they ask for consent, although their creative license is limited to one sentence that explains for which purposes the data will be used. That being said a publisher can provide context prior to showing their user the ATT Modal, again we will look into this in more detail below. 

Managing Consent In Apps In iOS 14.5 and Beyond

We believe that for publishers, like DPG Media, that have a trusted relationship with their users, Apple’s ATT Framework will be less disruptive as consent rates will likely be higher than for less well-established businesses.

As a responsible publisher to be GDPR compliant we already use the IAB’s Transparency and Consent Framework (TCF currently version 2.1). This allows us to gain informed consent to personalize ads and offers the user much more granular controls vs Apple’s ATT Framework. 

But because the ATT framework is mandatory, we will need to do both. Effectively this means asking for consent to personalize twice. This coupled with gaining consent for push notifications effectively extends the onboarding process to five screens in an App: 

And of course, this complication in the onboarding process post app download has raised concerns amongst publishers that the consent rates will be negatively impacted.

=The best way to manage this is to guide users through this new step and help them make a well-informed decision on their privacy tolerances. We believe that by doing this, publishers can maintain trust amongst users which in turn will result in better opt-in rates and the maximization of yield from content.