Apple Is Rejecting Apps That Use Third-Party Code For Alleged Privacy Infractions

And so it begins. Apple has started rejecting app updates that conflict with its AppTrackingTrackingTransparency framework.And so it begins.

Apple started rejecting app updates on Thursday that conflict with its App Tracking Tracking Transparency (ATT) framework.

ATT prohibits user tracking without explicit consent and bans developers from using fingerprinting to try and identify a device or user.

The news was first reported by independent analyst John Koetsier in Forbes.

Specifically, some developers using a software development kit from the mobile attribution firm Adjust received a rejection message from Apple stating that their app “uses algorithmically converted device and usage data to create a unique identifier in order to track the user.”

Just a fancy way of saying “fingerprinting.”

It’s unclear how many developers were affected, but Adjust’s SDK is integrated into more than 50,000 apps. Adjust was acquired by AppLovin in early February for $1 billion.

Adjust has since updated its open source SDK to remove code that collects data, including battery level, time zone, CPU usage and device memory, which could be used to probabilistically identify users. The company said it used these parameters in its anti-fraud algorithms and not for tracking.

Regardless, the changes should allow apps with Adjust’s SDK to pass muster, but the proof will be in the privacy pudding.

The rejections appear only to apply to iOS 14.5 (and not below) and only in cases where an app prompts users for consent via ATT. Adjust is in the midst of testing an ATT consent flow in its SDK.

The public beta version of iOS 14.5, which will include Apple’s privacy updates, is already available, and the public release is expected in mid-April.

The kerfuffle with Adjust’s SDK is just an early manifestation of the chaos that’s likely coming when iOS 14.5 is officially released. Since June, when Apple first announced ATT, it’s shared little  guidance on what will and won’t fly under the new regime.

“Since all of the code functions Apple is citing in these rejections do also have other uses, Apple is probably having to find some sort of proxy that they can use to figure out what each app might be using them for,” said Alex Bauer, market strategy director at mobile measurement provider Branch.

It’s gonna get pretty confusing out there if there’s any subjectivity in how Apple applies its policies.

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!

2 Comments

  1. The quote by Alex Bauer in this piece is apt and legally troubling. If Apple does not have evidence of 'fingerprinting', then their rejection of the Adjust SDK is considered tortious interference/intentional interference with a contract. Unless they specify the uses for each attribute that their devices freely broadcast to app developers, then the fact these attributes 'could' be combined does not cause each app/vendor to violate policies that don't exist.

    Reply
  2. Hey Allison, thanks for sharing this amazing post with us.
    My app was also rejected by Apple and I amended a few screens then submitted to the Apple Store. It took more than a month to get my app live again.

    Reply

Add a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>