Spotlight
The Dark Horse of WWDC 2023: Privacy Policies Finally Get Real
My typical WWDC experience is a fusion of scavenger hunt, chess match, and séance. The objective: digest everything (developer session videos, updated documentation pages, press releases, live Q&A sessions, etc.) to synthesize what it all means…before our team gets hit by the inevitable deluge of customer and media inquiries.
This blog is the final result of that process, adapted from our internal working docs. It's the comprehensive summary that I wanted to read, and perhaps it can save your team a few weeks of research.
Here are the main components of the privacy-related updates Apple announced this week:
- Privacy Manifests. Standardized files that outline the privacy practices of an app or third-party framework (SDK).
- Privacy Report. An auto-generated reference doc, based on the details contained in all relevant Privacy Manifest files, designed to make it easier to fill out the Privacy Nutrition Label questionnaire during App Store submission.
- SDK Signing. A way for app developers to be confident that the third-party SDKs they use are the original, validated versions and have not been tampered with.
- Privacy-impacting SDKs. A list of SDKs that Apple judges to have particularly high impact on user privacy. Any SDK on this list will be required to include a Privacy Manifest file, and be signed by the original developer (these steps are also recommended but not required for SDKs that are not on the list).
- Required Reason APIs. A limited selection of iOS functionality that could potentially be used for fingerprinting, for which an “allowed reason” for usage must be declared in the Privacy Manifest file. (Note that “API” in this context means things like accessing disk space, not service APIs the way we typically think of them in the world of mobile marketing).
- Tracking Domains. Internet domains that an app or SDK connects to that engage in “tracking.” These must be declared in the Privacy Manifest file, and network requests to these domains will fail until the user gives ATT consent.
- Domain Profiler in Instruments. Tooling in Xcode that developers can use to compare an app’s network requests against a list of internet domains the OS believes to be capable of “profiling” across multiple apps and websites.
- Link Tracking Protection and Safari Private Browsing Improvements. New functionality in Messages, Mail, and Safari Private Browsing to strip URL query parameters used to track users across websites, and block various other forms of cross-site tracking.
- SKAdNetwork 5.0. The new version will support re-engagement attribution (app opens), and is coming “later this year.” That is literally all we know so far.
Full details on all of the above in the post.
WWDC 2023 Recap Webinar
Of course, WWDC brought a lot more than just Vision Pro and privacy updates.
For an overview of all the most interesting news, you probably can't do much better than the webinar our team is putting together for next Thursday!
Other WWDC content
There were plenty of great articles coming out of WWDC. Here is a quick roundup of a few of my favorites:
- Did Apple kill fingerprinting with Privacy Manifests? From Eric Seufert, and the title says it all. If you're not a Mobile Dev Memo subscriber, this Twitter thread covers the highlights.
- Vision Pro. Some interesting notes from Andy Matuschak, a former iOS engineer who left Apple in 2014. He notices the continuation of work he did almost a decade ago (showing just how long Apple has been working on this).
- iOS 17 privacy manifests announced at WWDC 2023: here’s how they work and when they’ll be required. Another privacy-related recap by John Koetsier at Singular.
- More general WWDC announcement summaries from Adjust, AppsFlyer, and Kochava.
Interesting Reads
Why are there so many apps now? Do we really need them?
It really does feel like there’s an app for everything these days.
Yes, it really does. This article (hat tip to Adam Lovallo and the GROW.co newsletter) sources most of its viewpoints from people with obvious agendas, which means it's mostly manufactured controversy with a side of unfortunately-skewed conclusions.
However, the author makes a valid point that consumers tend to forget about many of the apps they've downloaded. That's true, for sure, and the conclusion shouldn't be 'apps are bad' — rather, it should be recognizing that apps are just tools, and need to be integrated into the broader brand <> consumer relationship so that they can be used when appropriate.
Brands invest in apps because they're a better experience for customers, and better customer experiences lead to better business outcomes. It really is that simple. But it's also true that now apps are everywhere, having one is no longer a competitive advantage…in fact, NOT having one is becoming a pretty big liability.
Google AMP: how Google tried to fix the web by taking it over
It's been almost almost exactly two years to the day since Google gave up on AMP (Accelerated Mobile Pages).
If that was the last time you thought about it, you might be surprised to learn that AMP still exists. In fact, it's apparently pretty good now. But that's probably too little, too late.
Industry Buzz
Firebase is Shutting Down Dynamic Links
I've been writing about the difficulties of mobile deep linking since 2016, and somehow, here in 2023, it's still very hard to get right.
For most of that time, Firebase Dynamic Links has been one of the only plausible alternatives to Branch. And now Google has announced that it will soon shut down.
Walled Gardens
How Google is improving Search with Generative AI
Google launched a preview of their Search With Generative AI. You've definitely heard about that by now.
Here are some key takeaways about what that will mean for SEO from three experts who are far smarter on this subject than I am:
Ethan Smith posting on LinkedIn:
I expect some traffic to move from organic results towards an AI-generated answer (much like answer box already does), but I expect SEO traffic overall to stay flat or down slightly, but not down significantly.
Eli Schwartz posting on LinkedIn:
For most websites search traffic will decline by 30-50%. A former first position ranking on a query will now be the equivalent of a 10th position given that the generative response will take up the whole fold.
Ryan VanValin posting on LinkedIn:
I believe that this update presents significant traffic erosion potential for some types of queries and page types. Some businesses will be heavily affected by this update, others will be minimally affected (depends on industry and current sources of SEO traffic).
Also, it's very slow compared to the miraculously near-instant results we've all been trained to expect from Google.
Who’s Hiring?
- Rev.com | CRO (Growth Marketing) Product Manager — Austin, TX; Remote
Do you have a mobile growth role you’d like to share with the community?
Just fill out this form — it’s free!
The annual "let’s all rewrite our roadmap" week for mobile (a.k.a., WWDC) is over! And yes, Vision Pro seems really cool. No company in the world is better than Apple at product marketing.
But, back here in real life, there’s another important takeaway: as usual, WWDC also brought its annual collection of user privacy improvements. Apple clearly doesn’t want privacy headlines getting in the way of VR goggles, so these updates didn’t even earn a mention in the keynote. Don’t let that fool you, because they are still a pretty big deal.
Here's the theme: even though Apple made no privacy policy changes this week, their relentless, methodical campaign against 'tracking' continues. The Privacy Engineering team in Cupertino operates on a timeframe of years, and they’re not giving up.
Alex Bauer