App tracking transparency and your API calls
Thursday, March 18, 2021
Richard Harris |
What all developers need to know about Apple's new app tracking transparency and how it will affect any API call you execute from within your apps. Brenton House, API & Mobile Strategist at Axway offers helpful tips to prepare your mobile apps now for the change.
Brenton House at Axway shares his commentary on App Tracking Transparency
Apple’s new App Tracking Transparency feature is billed as a win for consumer data rights, with Apple vying for leadership as a global defender of privacy. But regardless of whether it’s good for you or not, the move has the potential to seriously disrupt apps and APIs that depend on the Identifier for Advertisers or IDFA. What’s more, even if an app doesn’t use IDFA and you think you’ve done everything right, your app can still hit snags if you depend on third-party APIs that use IDFA. Axway Developer Relations Lead Brenton House shares how the changes will affect developers and what you need to do now to avoid breaking your apps and APIs.
ADM: Give us a quick overview of what Apple is changing with its new App Tracking Transparency API.
House: The change is aimed at helping consumers: Apple wants to be seen as a global privacy leader by addressing its users' concerns. It all centers around the Identifier for Advertisers, or IDFA, and letting people see just how much of their data is being collected. You can collect information across websites and apps, and then you can create a really detailed profile of what a user looks like based on their preferences, behavior, and the information they input in different apps. Users are for the most part completely unaware of what’s being collected, except for the part where you noticed that you looked at a pair of shoes on one website and you go to another website, and all of a sudden you see an ad for the same pair of shoes. Apple is trying to make it harder to track you across apps and websites and use that information without your knowledge.
Apple actually introduced the App Tracking Transparency API last year, in 2020, but they haven't been fully enforcing it because of so much pushback; many resisted the changes because it is going to break some business models, especially for advertisers. Apple agreed to delay implementation to allow developers to catch up, but now with the release of iOS 14 .5, it’s time to adapt if you don’t want your app to be broken.
ADM: What does this mean about how consumer data rights and privacy are shifting more generally?
House: The last few years there’s been a really big focus on privacy. At the government level with a push for privacy laws, we’re seeing a move to prevent companies from sharing information about users without their permission. Apple doing something like this is actually taking action on it, and it will definitely hit a lot more people now. In the past, maybe companies had to tweak things by adding banners to their website or pop-up notification, but they haven't had to change their business model quite so dramatically.
ADM: What does the App Tracking Transparency update mean for mobile app and API developers?
House: App developers and API developers are going to need to make sure they're prompting for permission. With iOS 14.5, Apple requires you to ask permission from users to access IDFA. And now, there's going to have to be a popup and the wording, which Apple controls, which is kind of scary. I think it’s likely a lot of people will react automatically and refuse access. Adding in a more user-friendly screen can help; a soft prompt that makes a detailed case for why the app needs this IDFA before the Apple warning pops up.
The thing is, even if your app is not using the IDFA, if a third-party module you're using is, then that will break your app as well. Developers will need to go through not only their code but third-party code, too. I've already seen this as an example: if you’re using an older Google library on iOS that accesses IDFA without permission, it will get flagged by Apple and your app might either get blocked, banned or just break.
Your app or API could be banned or seriously disrupted if you don’t make the necessary changes quickly enough. Some of Apple’s enforcement is an automated process, so for example if you make a direct call to IDFA and you didn't request it, Apple will catch that and it'll just reject you even before your app goes live. However, even if you and your third-party APIs are not using the IDFA but are collecting other personal user info without permission, Apple could ban your app and your developer account. This means any apps you've published under your account could disappear off of the App Store.
ADM: What are the most urgent changes developers need to make to their APIs to avoid losing app functionality once the change is implemented?
House: The most urgent change is checking for the permission prompt. If you still want access to IDFA, you need to request permission from the user. You will also need to take a deep look at all the third-party components for uses of the IDFA. Check your third-party APIs and SDKs, and if they are using the IDFA, you will need to contact them about an updated version of their API.
ADM: Are there any good alternatives to IDFA out there?
House: There aren’t a lot of good options to replace the IDFA right now, something to uniquely track use across Apple's ecosystem. Apple is telling people to go use their own SKAdNetwork. But the problem is then all your data is going to go through Apple’s system and they pretty much own you as far as your ads and your information. Ad competitors don’t like this because it feels like Apple is stealing users away from them. Facebook and Google, for example, are some of the biggest ad networks, and this could drive their users to Apple's ad system in their mobile apps and APIs.
ADM: Are there unexpected consequences to Apple’s new privacy feature?
House: There is the concern that third parties you depend on might be using IDFA mentioned above. If you're using this IDFA and you request all the permissions you're supposed to, but the user refuses IDFA, your app might keep working but down the road it could break with no warning. Methodical and thorough testing is required to ensure that something you or a third-party wrote won’t break days or weeks after Apple’s change. Things that go wrong right away are easily caught by testers. Things that go wrong later usually get caught by users.
ADM: Will this have an effect on the use of third-party APIs?
House: One of the noticeable consequences here will be Google. Google is making changes to their libraries for iOS (I’m not talking about Android, but Google SDKs on iOS). These are used by a lot of different apps and Google is currently updating their APIs and SDKs. But a lot of times, apps are built with old versions. You might hear that Google updated everything and think you're safe. But what happens is you're actually using old APIs or old SDKs, and it could mean that down the road, some point after this new iOS version goes out, your app begins to break. This could cause a big disruption to you and your users.
APIs and SDKs from companies with smaller development teams could present bigger issues as they might not have the resources to update them as quickly as Google. I think there will be more pressure on API creators and SDK creators from mobile app developers to make sure that their SDKs are very well tested and documented. If there's one good thing that comes out of all this for developers, it’s that there's going to be a lot more testing all around, for mobile apps, for APIs, and for SDKs.
ADM: What are some effects this might have on enterprise API management and how can companies be responsive to the changes?
House: Companies that already have an enterprise API management solution can leverage that to their advantage with this situation. API management can absorb a lot of the impact that API changes can cause because they have the tools to control what API versions are being used. With proper guidance, leveraging an API management solution can minimize impact on their downstream apps. Not only are these apps less disrupted, but the time and money saved from avoiding multiple app deployments can be huge.
ADM: What about APIs that use IDFA for purposes other than advertising, like fraud detection?
House: It’s tricky because the change is going to be confusing for end users who will get permission prompts that make it look like the app is going to sell your data, even if it is using IDFA for different reasons. For example, some companies use IDFA to keep people from uninstalling the app and reinstalling it to misuse a free trial program. IDFA helps you detect that the app has been installed on the same device before. It’s not clear how these app publishers will be able to work around this, but they might have to make some drastic changes that could impact their business model.
ADM: If Apple makes significant changes to its app requirements, other giants in the space are likely to respond. Do you think Google is likely to introduce similar privacy measures and how will it affect the app developer landscape?
House: Apple won’t be the only company to do this. Google is also reportedly looking at making similar changes for Android. Google delayed updating its iOS apps for well over a month after Apple’s original announcement about the App Tracking Transparency feature. As those updated APIs and SDKs are finally being published, people are getting a glimpse at the amount of information Google can collect from iPhone users.
I don’t think Google’s upcoming changes to its Google Play App Store will be quite as rigid as Apple’s policies and restrictions. But their changes could still affect big advertisers like Facebook and others. My guess is that they're going to have to come up with a different tracking system for ads that will be less dependent on user info, but will still be able to provide some kind of targeted ads. The online ad industry is definitely going to be making a lot of changes to adapt to all of this.
About Brenton House
With 25 years of experience in the development world, Brenton House leads Developer Relations for Axway's API and mobile products. He has worked closely with many clients across various industries including broadcasting, advertising, retail, financial services, transportation, publishing, supply chain, and non-profits. Brenton's passion for everything API and mobile combined with his strategy and design experience has enabled him to help developers create captivating products that inspire and delight audiences.
Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.
MEMBERS GET ACCESS TO
- - Exclusive content from leaders in the industry
- - Q&A articles from industry leaders
- - Tips and tricks from the most successful developers weekly
- - Monthly issues, including all 90+ back-issues since 2012
- - Event discounts and early-bird signups
- - Gain insight from top achievers in the app store
- - Learn what tools to use, what SDK's to use, and more
Subscribe here