Hi everyone, I'm developing an iOS app using the AppsFlyer SDK. I understand that starting with iOS 14.5, if a user denies the App Tracking Transparency (ATT) permission, we are not allowed to access the IDFA or perform cross-app tracking.
However, I’d like to clarify which in-app events are still legally and technically safe to send when the user denies ATT permission.
Specifically, I want to know:
Is it acceptable to send events like onboarding_completed, paywall_viewed, subscription_started, subscribe, subscribe_price, or app_opened if they are not linked to IDFA or any form of user tracking?
Would sending such internal behavioral events (used purely for SKAdNetwork performance tracking or in-app analytics) violate Apple’s privacy policy if no device identifiers are attached?
Additionally, if these events are sent in fully anonymous form (i.e., not associated with IDFA, user ID, email, or any identifiable metadata), does Apple still consider this a privacy concern? In other words, can onboarding_completed, paywall_viewed, subsribe, subscribe_price, etc., be sent in anonymous format without violating ATT policies?
Are there any official Apple guidelines or best practices that outline what types of events are considered compliant in the absence of ATT consent?
My goal is to remain 100% compliant with Apple’s policies while still analyzing meaningful user behavior to improve the in-app experience.
Any clarification or pointers to documentation would be greatly appreciated. Thanks in advance!