Advertising ID reset capability provided

Why it matters

Apple's App Tracking Transparency (ATT) framework, introduced in iOS 14.5, requires explicit user authorization before an app can access the Identifier for Advertisers (IDFA) and use it for cross-app tracking. GDPR Art. 7(3) and CCPA §1798.120 extend this right to reset or limit tracking to all users in regulated regions. An app that displays ads but provides no mechanism for users to reset their advertising ID or access ad preference settings treats the user as a passive tracking target with no control. Google Play Data Safety requires disclosure of advertising ID usage; apps that collect it without providing reset capability face Data Safety accuracy flags. Apple ATT compliance is enforced at the SDK layer — ad SDKs that bypass ATT face App Store removal.

Remediation

For iOS, request ATT authorization before initializing any ad SDK. Provide a Settings link to Apple's advertising preference panel for users who want to reset or limit tracking.

import { Platform, Linking } from 'react-native'
import { requestTrackingPermissionsAsync } from 'expo-tracking-transparency'

// iOS: Request ATT before initializing ad SDK
async function initializeAds() {
  if (Platform.OS === 'ios') {
    const { status } = await requestTrackingPermissionsAsync()
    if (status !== 'granted') {
      // Initialize ad SDK in limited-tracking mode
      AdSDK.init({ limitTracking: true })
      return
    }
  }
  AdSDK.init({ limitTracking: false })
}

// Settings screen: link to platform ad preferences
function openAdSettings() {
  const url = Platform.OS === 'ios'
    ? 'app-settings://'
    : 'https://adssettings.google.com'
  Linking.openURL(url)
}

Add the ATT usage description to app.json: "NSUserTrackingUsageDescription": "This allows us to show you more relevant ads".

Detection

ID: mobile-permissions-privacy.data-handling.ad-id-reset
Severity: low
What to look for: If app displays ads, search for an advertising ID reset option or link to platform-specific ad settings. Count all ad-related SDK initializations and check whether each respects the user's ad tracking preference.
Pass criteria: If app shows ads, it provides at least 1 link or option to reset the advertising ID (or reset/limit ad tracking) accessible from Settings. The link correctly opens platform-specific ad settings.
Fail criteria: App displays ads but provides no way for users to reset advertising ID or limit tracking. Do NOT pass when the link exists but opens a broken or incorrect URL.
Skip (N/A) when: App does not display ads (no ad SDK found in dependencies).
Detail on fail: Quote the ad SDK configuration (or note its absence). "App shows ads but no option to reset advertising ID in settings"

Remediation: Provide users with control over ad tracking by linking to platform-specific settings:

import { Linking } from 'react-native'

function SettingsScreen() {
  const handleResetAdId = () => {
    if (Platform.OS === 'ios') {
      // Open iOS Settings for Privacy > Apple Advertising
      Linking.openURL('app-settings://')
    } else {
      // Open Android Settings for Google Ad Settings
      Linking.openURL('https://adssettings.google.com')
    }
  }

  return (
    <Button
      title="Reset Advertising ID"
      onPress={handleResetAdId}
    />
  )
}

Why it matters

Remediation

For iOS, request ATT authorization before initializing any ad SDK. Provide a Settings link to Apple's advertising preference panel for users who want to reset or limit tracking.

import { Platform, Linking } from 'react-native'
import { requestTrackingPermissionsAsync } from 'expo-tracking-transparency'

// iOS: Request ATT before initializing ad SDK
async function initializeAds() {
  if (Platform.OS === 'ios') {
    const { status } = await requestTrackingPermissionsAsync()
    if (status !== 'granted') {
      // Initialize ad SDK in limited-tracking mode
      AdSDK.init({ limitTracking: true })
      return
    }
  }
  AdSDK.init({ limitTracking: false })
}

// Settings screen: link to platform ad preferences
function openAdSettings() {
  const url = Platform.OS === 'ios'
    ? 'app-settings://'
    : 'https://adssettings.google.com'
  Linking.openURL(url)
}

Add the ATT usage description to app.json: "NSUserTrackingUsageDescription": "This allows us to show you more relevant ads".

Detection

ID: mobile-permissions-privacy.data-handling.ad-id-reset
Severity: low
What to look for: If app displays ads, search for an advertising ID reset option or link to platform-specific ad settings. Count all ad-related SDK initializations and check whether each respects the user's ad tracking preference.
Pass criteria: If app shows ads, it provides at least 1 link or option to reset the advertising ID (or reset/limit ad tracking) accessible from Settings. The link correctly opens platform-specific ad settings.
Fail criteria: App displays ads but provides no way for users to reset advertising ID or limit tracking. Do NOT pass when the link exists but opens a broken or incorrect URL.
Skip (N/A) when: App does not display ads (no ad SDK found in dependencies).
Detail on fail: Quote the ad SDK configuration (or note its absence). "App shows ads but no option to reset advertising ID in settings"

Remediation: Provide users with control over ad tracking by linking to platform-specific settings:

import { Linking } from 'react-native'

function SettingsScreen() {
  const handleResetAdId = () => {
    if (Platform.OS === 'ios') {
      // Open iOS Settings for Privacy > Apple Advertising
      Linking.openURL('app-settings://')
    } else {
      // Open Android Settings for Google Ad Settings
      Linking.openURL('https://adssettings.google.com')
    }
  }

  return (
    <Button
      title="Reset Advertising ID"
      onPress={handleResetAdId}
    />
  )
}

Advertising ID reset capability provided

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History

Advertising ID reset capability provided

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History