Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple rejecting apps that collect data for 'device fingerprinting'

Last updated

As part of previously announced plans to safeguard the App Store and users of its various platforms, Apple this week began to reject apps and app updates crafted with third-party SDKs integrating "device fingerprinting" data collection techniques.

A number of developers are noting the change in policy, which is related to Apple's upcoming App Tracking Transparency safety measures set for release alongside iOS 14.5. As Forbes reports, Radish Fiction, Heetch, an app from InnoGames, and apps relying on an SDK from Adjust are among the recent rejections.

"Our app just got rejected by Apple's app reviewer, blaming the MMP SDK for building a fingerprint ID," Aude Boscher, a growth marketing product manager at Heetch, said in an industry Slack channel. "I saw other people complaining ... so it might soon come up for you as well!"

Apple is informing developers of rejected apps that their software contains tools to track users, a practice that runs afoul of App Store Guidelines governing data privacy.

"Your app uses algorithmically converted device and usage data to create a unique identifier in order to track the user," the message reads. "The device information collected by your app may include some of the following: NSLocaleAlternateQuotationBeginDelimiterKey, NSTimeZone, NSLocaleGroupingSeparator, NSLocaleDecimalSeparator ..."

Further, marketing analyst Eric Seufert called attention to what appears to be a crackdown on apps that integrate an SDK from Adjust. A version of the third-party tool collects data for device fingerprinting, or probabilistic attribution, which is a method of identifying and tracking devices by aggregating data points like software version, time since last update, time since last restart, and charge level, among others. Device fingerprinting can be used as an alternative to IDFA, an advertising identification method that Apple seeks to limit with ATT.

Adjust claims more than 50,000 apps use its SDKs, potentially putting thousands of iOS updates at risk of rejection. As noted by Forbes, however, Adjust in the last 14 hours updated its SDK to strike intrusive code, likely bringing the software in line with Apple's regulations.

Apple will enact ATT policies with the launch of iOS 14.5. Importantly, IDFA tracking will be strictly opt in on a per-app basis, meaning users need to expressly grant permission to track when an app first launches.



22 Comments

omar morales 60 comments · 12 Years

Good. I have no sympathy for developers who use shady tactics like this. 

mac_dog 1084 comments · 16 Years

Reminds me that Facebook now has to come up with a new method of making revenue instead of kicking back and letting their users do the work for them. 

lkrupp 10521 comments · 19 Years

Good. I have no sympathy for developers who use shady tactics like this. 

Yeah, but here comes another lawsuit from those shady developers. 

CheeseFreeze 1339 comments · 7 Years

It’s a tough balance. Apple here is doing this for consumer privacy reasons, however on a corporate level it’s also a strategy to weaken competition or at least influence them heavily out of self-interest. It’s a slippery slope.
 
And it’s also one more example of how they are using their market dominance to decide what is acceptable and not (hence anti-trust cases).
Lastly, Apple has proven to be hypocrites themselves when dealing with China and Russia where they gladly bend their own rules and values to sell more products and services. They want to have it both ways.

So although I like what they do out of personal interest (consumer privacy), on a corporate level I am concerned about this behavior, because there is more to it than we consumers realize.