Apple developer guidelines for iOS 14.5 just got real

The day the mobile app industry has been waiting for has finally arrived. Apple begins enforcing its new privacy features this week with the release of iOS 14.5 – seven full months after the company first announced the changes. Starting this week, consent is mandatory for any and all user tracking. 

We’ve gone back and forth on what opt-in rates might be and how this will affect the ad industry. And of course, there have been plenty of companies that have tried workarounds, finding ways they can still meet their outcomes for clients (or even just stay in business) while still staying within the boundaries that Apple has set. Translation: Seeking a loophole.

But if there is one lesson we’ve learned from Apple’s response to these attempts, it’s that they expect publishers to abide by the spirit of their law, not the letter. There is no loophole. And if you try to find one, and submit an update that contains anything that even looks like a violation of the principle, there’s no saying “Oops, I’m sorry, we’ll change that and try again.” Apple will simply remove your app from the store. Sure you can resubmit, but that takes time and puts you at the back of the review queue. 

We saw this happen recently when a major MMP whose SDK is used by 50,000 apps appeared to be using what Apple classified as device fingerprinting to create a unique identifier to track users. This means gathering a large amount of data about a device, such as time since the last system update, time since the last restart, time zone, battery status, and charging level. They got caught. 

But it wasn’t the MMP that was punished. The publishers with those 50,000 apps that had that company’s SDK were punished – by getting the entire update rejected and a message from Apple reminding them that their apps cannot use “any permanent, device-based identifier, or any data derived therefrom, for purposes of uniquely identifying a device.” 

This is just one example; there are more. A coalition of major Chinese developers – with support from P&G – recently attempted to fingerprint devices via the CAID (Chinese Advertising Identifier). Apple put the hammer down on that, too. 

When it comes to privacy violations, there’s no blame game to play – the buck stops with publishers.

If you’re an app publisher, you can’t just trust your partners; you must now actively vet them. And the criteria isn’t on exact code or their past history in trustworthiness or monetization efficacy. Rather, you must look through the lens of The Uninformed Consumer. Would a typical person consider this tracking? Someone who knows nothing about CPMs or IDFAs – would they think the information you’re gathering is being used to build a profile? If so, Apple will probably call that tracking, and you gotta ask first!

How the new Apple developer guidelines for iOS 14.5 will affect you

There is more to lose than just a rejected app, Apple warns that any attempt to hide or obfuscate code designed to fingerprint a user’s device, or otherwise evade the review process, can lead to the termination of the developer account. They won’t just ban your app, they’ll ban you! 

I’m thankful that these examples have occurred, though, over the past few weeks and months, because too many publishers were not prioritizing making the changes they need to make for this rollout. Perhaps they thought Facebook might triumph, and all their SDK-update or opt-in user testing efforts would have been for naught. Now it’s real. There’s a date that it’s happening, and that date has come.

And believe me, the time and energy that Apple has put into thwarting workarounds won’t stop after launch. I’m betting they are going to continue looking at what companies are doing post-launch just as carefully and will continue to revise their ruleset to make it even more clear. As new examples pop up, we’ll have even more clarification on what’s possible (very little) and what’s being enforced (everything).

It’s not all doom and gloom, let me tell you what I do see happening right now that is surprising in a good way. This isn’t just changing the way that advertising works on mobile or the way we approach targeting and creating a high-value audience for monetization purposes. This changes the way that app publishers do business, the apps themselves, and the relationship they have with users.

Don’t underestimate those relationships! Already, data from AppsFlyer is showing surprisingly high opt-in rates, with lifestyle apps like Photography, Shopping, and Finance on the higher end, and Social and Hyper casual on the lower end, but with the average overall hovering around 40%. That is way, way higher than the single-digit estimates many were putting out there when the news dropped. 

So yes, obey the law of Apple, but don’t think this is the beginning of the end. Don’t give up on your users, talk to them. Take a creative, first-principle thinking approach to getting that opt-in rate as high as possible. One publisher we work with achieved a 23-27% opt-in rate by clearly stating the reward and benefit from opting in, but not as a popup modal – it was in the game itself! They knew that a lot of users don’t close their app, so to communicate with people who don’t relaunch, they put the message inside of the game itself. Clever, and effective. 

Mobile is no longer the Wild West, with errant cowboys and gunfights in the middle of the street. We are now at the urban development stage, and the process of building, of ensuring amenities and quality of life for citizens and a business-friendly environment. The mobile app ecosystem is at an exciting inflection point, where we get to (not “have to”) formalize infrastructure and create new rules of engagement.

Best of all, we get to communicate with our citizens in a way that we never had to before. Now, if we want to get them to opt-in, it’s on publishers to find the right way to message the importance of user data – both for user experience, and sure, to help keep the lights on.