Troubleshooting

App Rejected for Tracking Transparency: Implementation Guide

Apple's App Tracking Transparency (ATT) framework is a common rejection trigger. If your app accesses the IDFA, uses tracking pixels, or shares user data with advertising networks, you must implement ATT correctly. Google has similar requirements around consent and advertising ID usage.

Scan your app against 180+ review rules

Get a detailed compliance report in under 5 minutes. Single scan $9, Pro $29/mo.

Start Free Scan

When ATT Is Required

You must implement ATT if your app: accesses the device's advertising identifier (IDFA), uses third-party SDKs that track users across apps or websites (Facebook SDK, Google Ads SDK, etc.), creates fingerprints for tracking purposes, or shares user data with data brokers. If you are unsure whether your SDKs track users, check their documentation or scan with NoReject AI to detect tracking behavior.

Correct ATT Implementation

Request tracking permission before accessing the IDFA or beginning any tracking activity. Display a clear purpose string explaining why you need tracking permission. Respect the user's choice (if they deny, do not track). Include NSUserTrackingUsageDescription in your Info.plist with a meaningful explanation. Do not condition app functionality on tracking consent. Update your Privacy Nutrition Labels to reflect tracking status.

Google's Tracking Requirements

Google does not have an exact ATT equivalent, but requires: transparent disclosure of ad personalization in your Data Safety section, compliance with the EU User Consent Policy if serving ads in Europe, proper handling of the Android Advertising ID (reset, opt-out), and accurate content rating declarations if your app shows ads.

180+ Apple & Google review rules

Scan results in under 5 minutes

Specific fix recommendations

Both platforms in one scan

Updated within 48hrs of guideline changes

Priority-ranked findings

Frequently Asked Questions

Do I need ATT if I only use analytics?

It depends. If your analytics SDK tracks users across apps or websites (cross-app tracking), you need ATT. If analytics are first-party only (your app's data stays in your app), ATT is not required.

What happens if users deny tracking?

You must respect their choice. Do not access the IDFA, do not use fingerprinting as a workaround, and do not degrade app functionality as punishment for denying tracking.

Can Apple detect tracking without ATT?

Yes. Apple's automated systems can detect IDFA access without a corresponding ATT permission request. This triggers automatic rejection.

Related Resources

App Rejected for Data Collection Issues

Fix data collection rejection issues for App Store and Google Play. How to properly disclose data practices, SDKs, and tracking.

iOS Privacy Manifest Requirements

Guide to iOS privacy manifest requirements. What APIs require justification, how to create your manifest, and avoiding rejection.

App Rejected for Privacy Policy Issues

App rejected for privacy policy violations? Learn exactly what Apple and Google require in your privacy policy and how to fix compliance issues.

Stop Guessing. Start Scanning.

Join developers who pass app store review on their first try.

Start Free Scan

Single scan $9 · Pro $29/mo · Team $79/mo