With iOS 14, Apple introduced changes impacting users’ privacy and data use. We’ve provided a set of instructions to make sure your application is compliant with these new Apple guidelines.
Some Background: Privacy Updates in iOS 14
Apple is introducing new App Store requirements aiming at increasing users’ privacy and transparency about how data is collected. Concretely, this will mean that developers will have to do two main things:
- Share how the application is using their users’ data. This will be required when submitting an application for review:
2. Ask permission to track. This permission will impact whether or not a developer can access the iOS Advertiser ID (formerly known as the IDFA). The developer can access the iOS Advertiser ID only if this permission is granted. For certain profiles (eg. users under 16), the iOS Advertiser ID will be globally inaccessible.
Heap never sells users’ data with advertisers, nor aggregates data across customers. We are committed to respecting your users’ privacy and helping you track only what’s necessary to build great products.
Sharing How Your Application Is Managing User Data
The AppTrackingTransparency framework has been built for this purpose. It’s the recommended way to share with your users how their data is going to be used. We recommend using the following string to explain what data you send to Heap and why:
“The following data may be collected by Heap, our analytics provider, to help us understand how our users are interacting with our product and help us improve it:
- Identifiers
- <other data you are sending to Heap>“
In addition, developers will be required to complete a questionnaire to provide additional details about the data being collected and how it is being used. This questionnaire is not live yet, though we will update this documentation with recommendations once it is live.
Asking Permission To Track
The AppTrackingTransparency framework can also be used to obtain consent to enable tracking. When used, this framework will remember the user’s choice and won’t prompt again unless the user uninstalls and reinstalls the app. The developer will have access to the user’s IDFA only if the user allows tracking.
How Heap uses the iOS Advertiser ID
The iOS Advertiser ID was previously known as the IDFA. To avoid confusion, we refer to it as the iOS Advertiser ID in this and other docs.
The iOS Advertiser ID is a persistent identifier that is consistent across all apps, and thus allows cross-app tracking. You can think of the iOS Advertiser ID on mobile as the equivalent of cookies on the web, but with a typically longer life span. iOS Advertiser IDs are mostly used for advertising (eg. retargeting).
If your app is linked with the AdSupport framework, Heap does capture the IDFA as a property but doesn’t use the iOS Advertiser ID to identify users. Heap uses either the user’s Identity (if logged in) or a randomly generated user ID stored to NSUserDefaults to identify users. Heap also doesn’t have integrations with other tools that rely on iOS Advertiser ID.
Because of this, there will be almost no impact on your Heap tracking whether the user consents to share their iOS Advertiser ID or not (true for both logged-in and anonymous users).
The only visible impact if the user elects not to share their iOS Advertiser ID will be that the iOS Advertiser ID property will be all zeros (only applicable if your app is linked with the AdSupport framework).
For information on how to prevent Heap from capturing the advertiser ID or the vendor ID, see our developer documentation on disableAdvertiserIDCapture.