[{"data":1,"prerenderedAt":408},["ShallowReactive",2],{"article_list_app tracking transparency_":3},[4],{"_path":5,"_dir":6,"_draft":7,"_partial":7,"_locale":8,"title":9,"description":10,"publishDate":11,"image":12,"tags":13,"excerpt":10,"body":18,"_type":399,"_id":400,"_source":401,"_file":402,"_stem":403,"_extension":404,"author":405},"/jbagley/2025-08/a_developers_primer_on_apple_tracking_transparency","2025-08",false,"","A Primer on Apple's App Tracking Transparency","If an app tracks user activity, Apple requires them to declare all information they collect as well as whether that data is linked or tracked. This includes collection by the app itself and any third parties the app uses. The app owner is responsible for knowing and correctly reporting privacy information for all components in the app.","2026-05-22","/jbagley/2025-08/img/apple_app_transparency.png",[14,15,16,17],"app tracking transparency","att","ios","macos",{"type":19,"children":20,"toc":386},"root",[21,30,48,53,58,65,75,85,95,104,120,126,138,143,149,171,176,181,187,193,198,203,209,217,234,249,262,268,273,284,297,302,317,323,328,342,348,361,366,372],{"type":22,"tag":23,"props":24,"children":26},"element","h1",{"id":25},"overview",[27],{"type":28,"value":29},"text","Overview",{"type":22,"tag":31,"props":32,"children":33},"p",{},[34,36,46],{"type":28,"value":35},"If an app tracks user activity, Apple requires them to declare ",{"type":22,"tag":37,"props":38,"children":39},"em",{},[40],{"type":22,"tag":41,"props":42,"children":43},"strong",{},[44],{"type":28,"value":45},"all",{"type":28,"value":47}," information they collect as well as whether that data is linked or tracked. This includes collection by the app itself and any third parties the app uses. The app owner is responsible for knowing and correctly reporting privacy information for all components in the app.",{"type":22,"tag":31,"props":49,"children":50},{},[51],{"type":28,"value":52},"The information is declared in two places, the Privacy Nutrition Label shown with the app in the App Store, and a privacy manifest the app carries. If an app will be tracking users, it must request permission to do so from the user.",{"type":22,"tag":31,"props":54,"children":55},{},[56],{"type":28,"value":57},"Collectively these requirements and practices are known as App Tracking Transparency (ATT).",{"type":22,"tag":59,"props":60,"children":62},"h2",{"id":61},"terms",[63],{"type":28,"value":64},"Terms",{"type":22,"tag":31,"props":66,"children":67},{},[68,73],{"type":22,"tag":41,"props":69,"children":70},{},[71],{"type":28,"value":72},"Collecting",{"type":28,"value":74}," information is storing information for longer than it is needed to perform whatever function generated or required the information. For example, even server logs might be considered collecting.",{"type":22,"tag":31,"props":76,"children":77},{},[78,83],{"type":22,"tag":41,"props":79,"children":80},{},[81],{"type":28,"value":82},"Linking",{"type":28,"value":84}," is connecting the collected data to a specific user in some way.",{"type":22,"tag":31,"props":86,"children":87},{},[88,93],{"type":22,"tag":41,"props":89,"children":90},{},[91],{"type":28,"value":92},"Tracking",{"type":28,"value":94}," is",{"type":22,"tag":96,"props":97,"children":98},"blockquote",{},[99],{"type":22,"tag":31,"props":100,"children":101},{},[102],{"type":28,"value":103},"\"aggregating linked data from one or more sources to build up some profile of a specific user that potentially can be combined with information form other sources to target a user for advertising or tracking advertising performance.\"",{"type":22,"tag":31,"props":105,"children":106},{},[107,109,118],{"type":28,"value":108},"(From ",{"type":22,"tag":110,"props":111,"children":115},"a",{"href":112,"rel":113},"https://developer.apple.com/app-store/user-privacy-and-data-use/",[114],"nofollow",[116],{"type":28,"value":117},"Apple's privacy and data use documentation",{"type":28,"value":119},".)",{"type":22,"tag":59,"props":121,"children":123},{"id":122},"concerns",[124],{"type":28,"value":125},"Concerns",{"type":22,"tag":31,"props":127,"children":128},{},[129,131,136],{"type":28,"value":130},"Determining what to include in these privacy declarations takes all parties. The organization that owns the app ",{"type":22,"tag":37,"props":132,"children":133},{},[134],{"type":28,"value":135},"and their legal counsel",{"type":28,"value":137}," should review the information. What the app declares should match the organization's posted privacy policy, of course.",{"type":22,"tag":31,"props":139,"children":140},{},[141],{"type":28,"value":142},"Code reviews should be done to determine how information is being used and the privacy implications. This might involve reviewing logging and database schemas as well as reviewing where data is transmitted. If a third party performs any data collecting, their privacy statements and manifests should be reviewed.",{"type":22,"tag":23,"props":144,"children":146},{"id":145},"privacy-nutrition-label",[147],{"type":28,"value":148},"Privacy Nutrition Label",{"type":22,"tag":31,"props":150,"children":151},{},[152,154,161,163,169],{"type":28,"value":153},"In 2020 Apple introduced the Privacy Nutrition Label. They are created using App Store Connect. In the ",{"type":22,"tag":155,"props":156,"children":158},"code",{"className":157},[],[159],{"type":28,"value":160},"App Store > TRUST & SAFETY > App Privacy",{"type":28,"value":162}," section under the ",{"type":22,"tag":155,"props":164,"children":166},{"className":165},[],[167],{"type":28,"value":168},"Distribution",{"type":28,"value":170}," tab, Apple provides a UI for creating the label.",{"type":22,"tag":31,"props":172,"children":173},{},[174],{"type":28,"value":175},"I don't recommend starting with this. Instead, create the privacy manifest because it is seen as the ground truth by Apple. After the privacy manifest exists, Xcode can provide a privacy report for your app that makes this easier.",{"type":22,"tag":31,"props":177,"children":178},{},[179],{"type":28,"value":180},"One quirk to mention is that changes to the Privacy Nutrition Label go live on the App Store immediately, so there could be discrepancies when submitting a new version.",{"type":22,"tag":182,"props":183,"children":184},"aside",{},[185],{"type":28,"value":186},"\n*I don't understand why Apple does not automatically populate this from the submitted app's privacy manifest files.*\n",{"type":22,"tag":23,"props":188,"children":190},{"id":189},"tracking-permission",[191],{"type":28,"value":192},"Tracking Permission",{"type":22,"tag":31,"props":194,"children":195},{},[196],{"type":28,"value":197},"In 2021, Apple added the requirement for requesting permission from the user to allow tracking. If the user does not agree, then it is up to the app to make sure no tracking occurs by it or any third party libraries it uses.",{"type":22,"tag":31,"props":199,"children":200},{},[201],{"type":28,"value":202},"Keep in mind that users disable allowing tracking in their OS settings; meaning they will never see a request for permission, and any queries for the permission will return a value meaning not permitted.",{"type":22,"tag":23,"props":204,"children":206},{"id":205},"privacy-manifests",[207],{"type":28,"value":208},"Privacy Manifests",{"type":22,"tag":96,"props":210,"children":211},{},[212],{"type":22,"tag":31,"props":213,"children":214},{},[215],{"type":28,"value":216},"\"A privacy manifest is a property list file (PrivacyInfo.xcprivacy) that you add to your target’s resources. The privacy manifest describes the privacy practices of an app or third-party SDK.\"",{"type":22,"tag":218,"props":219,"children":220},"ul",{},[221],{"type":22,"tag":222,"props":223,"children":224},"li",{},[225,227],{"type":28,"value":226},"From ",{"type":22,"tag":110,"props":228,"children":231},{"href":229,"rel":230},"https://developer.apple.com/documentation/bundleresources/adding-a-privacy-manifest-to-your-app-or-third-party-sdk",[114],[232],{"type":28,"value":233},"Apple's documentation for adding a privacy manifest",{"type":22,"tag":31,"props":235,"children":236},{},[237,239,247],{"type":28,"value":238},"In 2023 Apple introduced privacy manifests, and in 2024 it ",{"type":22,"tag":110,"props":240,"children":244},{"href":241,"rel":242,"title":243},"https://developer.apple.com/news/?id=pvszzano",[114],"Apple's reminder for privacy changes",[245],{"type":28,"value":246},"started to require them",{"type":28,"value":248}," in apps submitted to the App Store.",{"type":22,"tag":31,"props":250,"children":251},{},[252,254,260],{"type":28,"value":253},"Xcode also provides an editor that has the relevant keys and values like it does for the ",{"type":22,"tag":155,"props":255,"children":257},{"className":256},[],[258],{"type":28,"value":259},"info.plist",{"type":28,"value":261}," format.",{"type":22,"tag":59,"props":263,"children":265},{"id":264},"generating-the-manifest",[266],{"type":28,"value":267},"Generating the manifest",{"type":22,"tag":31,"props":269,"children":270},{},[271],{"type":28,"value":272},"Create a privacy manifest using",{"type":22,"tag":274,"props":275,"children":279},"pre",{"className":276,"code":278,"language":28},[277],"language-text","New > File from template...\n",[280],{"type":22,"tag":155,"props":281,"children":282},{"__ignoreMap":8},[283],{"type":28,"value":278},{"type":22,"tag":31,"props":285,"children":286},{},[287,289,295],{"type":28,"value":288},"and choose the template ",{"type":22,"tag":155,"props":290,"children":292},{"className":291},[],[293],{"type":28,"value":294},"App Privacy",{"type":28,"value":296},".",{"type":22,"tag":31,"props":298,"children":299},{},[300],{"type":28,"value":301},"It's then a painstaking, manual process to input what data is collected and how it is used. Referring to the app's privacy policy statement if it already exists is the best way to populate this file. Ideally, the organizational review and code reviews will have been done by the time you create this.",{"type":22,"tag":182,"props":303,"children":304},{},[305,312],{"type":22,"tag":306,"props":307,"children":309},"h3",{"id":308},"third-party-software",[310],{"type":28,"value":311},"Third Party Software",{"type":22,"tag":31,"props":313,"children":314},{},[315],{"type":28,"value":316},"Apple encourages library providers to include privacy manifest files. Some that Apple considers critical to privacy–like Firebase, Meta or Branch–are required to as well as being signed. I found every library my app uses to be compliant, but you should be aware of it.",{"type":22,"tag":59,"props":318,"children":320},{"id":319},"tracking-domains",[321],{"type":28,"value":322},"Tracking Domains",{"type":22,"tag":31,"props":324,"children":325},{},[326],{"type":28,"value":327},"The manifest's tracking domain section lets you black list some domains used for tracking. This is a fail-safe to prevent tracking if the user has not agreed to it. These domains will be blocked automatically when the user does not want to be tracked.",{"type":22,"tag":182,"props":329,"children":330},{},[331,337],{"type":22,"tag":306,"props":332,"children":334},{"id":333},"verifying",[335],{"type":28,"value":336},"Verifying",{"type":22,"tag":31,"props":338,"children":339},{},[340],{"type":28,"value":341},"Xcode's Instruments can build a profile of network connections during an app run, allowing you to verify which domains your app contacts.",{"type":22,"tag":59,"props":343,"children":345},{"id":344},"checking-your-work",[346],{"type":28,"value":347},"Checking your work",{"type":22,"tag":31,"props":349,"children":350},{},[351,353,359],{"type":28,"value":352},"To see your app's privacy manifest in a user friendly way, use Xcode Organizer. Generate an archive build, then right click on the arvie in the Organizer and select ",{"type":22,"tag":155,"props":354,"children":356},{"className":355},[],[357],{"type":28,"value":358},"Generate Privacy Report",{"type":28,"value":360},". This creates a PDF with the information about data types collected and how they are used. It will include the third party privacy manifests information.",{"type":22,"tag":31,"props":362,"children":363},{},[364],{"type":28,"value":365},"Now use this report to create the Privacy Nutrition Label in App Store Connect.",{"type":22,"tag":23,"props":367,"children":369},{"id":368},"conclusion",[370],{"type":28,"value":371},"Conclusion",{"type":22,"tag":31,"props":373,"children":374},{},[375,377,384],{"type":28,"value":376},"Hopefully this primer will keep your head from spinning too much when you get more into ",{"type":22,"tag":110,"props":378,"children":381},{"href":379,"rel":380},"https://developer.apple.com/app-store/app-privacy-details/",[114],[382],{"type":28,"value":383},"Apple's comprehensive overview",{"type":28,"value":385},". Good luck!",{"title":8,"searchDepth":387,"depth":387,"links":388},3,[389,391,392,395,398],{"id":61,"depth":390,"text":64},2,{"id":122,"depth":390,"text":125},{"id":264,"depth":390,"text":267,"children":393},[394],{"id":308,"depth":387,"text":311},{"id":319,"depth":390,"text":322,"children":396},[397],{"id":333,"depth":387,"text":336},{"id":344,"depth":390,"text":347},"markdown","content:jbagley:2025-08:a_developers_primer_on_apple_tracking_transparency.md","content","jbagley/2025-08/a_developers_primer_on_apple_tracking_transparency.md","jbagley/2025-08/a_developers_primer_on_apple_tracking_transparency","md",{"user":406,"name":407},"jbagley","Jason Bagley",1780330263869]