The app includes a GDPR prompt and an App Tracking Transparency permission request,

[Prog-Maker]

MAX Plugin Version

6.6.3

Unity Version

2022.3.27

Device/Platform Info

IOS 17.5

Current Behavior

Bug Fix Submissions

The issues we've identified below are eligible to be resolved on your next update. If this submission includes bug fixes and you'd like to have it approved at this time, reply to this message and let us know. You do not need to resubmit your app for us to proceed.

Alternatively, if you'd like to resolve these issues now, please review the details, make the appropriate changes, and resubmit.

Review Environment

Submission ID: 86318557-b928-4f06-94cc-96ceab54334e Review date: September 06, 2024 Version reviewed: 1.4.5

Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage

The app includes a GDPR prompt and an App Tracking Transparency permission request, but they are implemented in a way that might confuse the user.

Specifically, the app shows a GDPR prompt that asks permission to track after the user has already selected "Ask App Not to Track" on the App Tracking Transparency permission request.

In addition to App Tracking Transparency, it is important to include all disclosures required by local laws and regulations wherever the app is distributed. These disclosures should be implemented in a way that is clear and respects the user's choices, regardless of the order in which they are presented to the user.

Note that if the app behaves differently in different countries or regions, you should provide a way for App Review to review these variations in the app submission. Additionally, these differences should be documented in the Review Notes section of App Store Connect (https://developer.apple.com/help/app-store-connect/reference/app-review-information/).

Next Steps

If the user denies permission to track once, do not ask them to allow tracking again within the same permission request flow. There should be no tracking activity until the user grants permission to track.

If you collect data after the user selects "Ask App Not to Track" on the App Tracking Transparency permission request, please revise the GDPR prompt and clarify that you collect data but do not track.

If the app shows the GDPR prompt before showing the App Tracking Transparency permission request, there is no need to modify the wording of the GDPR prompt.

Resources

• Tracking is linking data collected from the app with third-party data for advertising purposes, or sharing the collected data with a data broker. Learn more about tracking (https://developer.apple.com/app-store/app-privacy-details/#user-tracking).
• See Frequently Asked Questions about the requirements for apps that track users (https://developer.apple.com/app-store/user-privacy-and-data-use/#permission-to-track).

Support

• Reply to this message in your preferred language if you need assistance. If you need additional support, use the Contact Us module (https://developer.apple.com/contact/topic/#!/topic/select).
• Consult with fellow developers and Apple engineers on the Apple Developer Forums (https://developer.apple.com/forums/).
• Help improve the review process or identify a need for clarity in our policies by suggesting guideline changes (https://developer.apple.com/contact/app-store/?topic=guideline).

Expected Behavior

No response

How to Reproduce

Build IOS.

Additional Info

Bug Fix Submissions

The issues we've identified below are eligible to be resolved on your next update. If this submission includes bug fixes and you'd like to have it approved at this time, reply to this message and let us know. You do not need to resubmit your app for us to proceed.

Alternatively, if you'd like to resolve these issues now, please review the details, make the appropriate changes, and resubmit.

Review Environment

Submission ID: 86318557-b928-4f06-94cc-96ceab54334e Review date: September 06, 2024 Version reviewed: 1.4.5

Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage

The app includes a GDPR prompt and an App Tracking Transparency permission request, but they are implemented in a way that might confuse the user.

Specifically, the app shows a GDPR prompt that asks permission to track after the user has already selected "Ask App Not to Track" on the App Tracking Transparency permission request.

In addition to App Tracking Transparency, it is important to include all disclosures required by local laws and regulations wherever the app is distributed. These disclosures should be implemented in a way that is clear and respects the user's choices, regardless of the order in which they are presented to the user.

Note that if the app behaves differently in different countries or regions, you should provide a way for App Review to review these variations in the app submission. Additionally, these differences should be documented in the Review Notes section of App Store Connect (https://developer.apple.com/help/app-store-connect/reference/app-review-information/).

Next Steps

If the user denies permission to track once, do not ask them to allow tracking again within the same permission request flow. There should be no tracking activity until the user grants permission to track.

If you collect data after the user selects "Ask App Not to Track" on the App Tracking Transparency permission request, please revise the GDPR prompt and clarify that you collect data but do not track.

If the app shows the GDPR prompt before showing the App Tracking Transparency permission request, there is no need to modify the wording of the GDPR prompt.

Resources

• Tracking is linking data collected from the app with third-party data for advertising purposes, or sharing the collected data with a data broker. Learn more about tracking (https://developer.apple.com/app-store/app-privacy-details/#user-tracking).
• See Frequently Asked Questions about the requirements for apps that track users (https://developer.apple.com/app-store/user-privacy-and-data-use/#permission-to-track).

Support

• Reply to this message in your preferred language if you need assistance. If you need additional support, use the Contact Us module (https://developer.apple.com/contact/topic/#!/topic/select).
• Consult with fellow developers and Apple engineers on the Apple Developer Forums (https://developer.apple.com/forums/).
• Help improve the review process or identify a need for clarity in our policies by suggesting guideline changes (https://developer.apple.com/contact/app-store/?topic=guideline).

[cemtuver-applovin]

Hi @Prog-Maker! Thank you for reporting this issue.

For further investigation, could you please provide the following information?

1. Are you using our Google UMP Automation, or have you implemented your own CMP flow?
2. If you're using our Google UMP Automation, do you manually display the ATT prompt? If so, when do you show it?
3. Is there any other SDK integrated, such as your MMP, that might be displaying the ATT prompt?
4. Could you please share an app where the issue reproduces? If the app version is not live, please provide the TestFlight build to "testdevice@applovin.com".

[Prog-Maker]

1. Yes we are using your Google UMP Automation.
2. We do not manually display the ATT prompt.
3. No
4. https://apps.apple.com/ru/app/fluff-crusade/id6502054482. The bug exists in EU countries.

[cemtuver-applovin]

Hey @Prog-Maker! Thank you for the information provided. I’ve downloaded your app and tested the ATT and GDPR dialogs from within the EU. During my tests, I noticed that the ATT prompt was displayed before our SDK started initializing. Please see the iOS Console logs below for reference. This suggests that the prompt was triggered by some other code, potentially from another SDK integrated into your app.

Could you please check which SDKs are being initialized alongside ours?

...
... // ATT prompt was displayed here
default 12:31:01.585609+0200    FluffCrusade    [ATTrackingManager] requestTrackingAuthorizationWithCompletionHandler API call invoked
...
... // Our SDK started initializing here
default 12:31:01.617791+0200    FluffCrusade    [AppLovinSdk] DEBUG [ALSdk] 
========================================
SDK Session Begin
========================================
default 12:31:01.624188+0200    FluffCrusade    [AppLovinSdk] DEBUG [ALSdkInitializationConfiguration] Initializing with key: XXXX
...
... // Our SDK requested displaying the ATT prompt here after the user consented to the terms and conditions dialog
default 12:31:27.185077+0200    FluffCrusade    [ATTrackingManager] requestTrackingAuthorizationWithCompletionHandler API call invoked.

[Prog-Maker]

Thank you. We will check and write as soon as we have the information.