use advertising identifier for security purpose

Hi,

Regarding AppTrackingTransparency framework, on https://developer.apple.com/app-store/user-privacy-and-data-use/ , it is mentioned that 

You may track users without obtaining user permission through the AppTrackingTransparency framework if it is for one of the following purposes:

  • When user or device data from your app is linked to third-party data solely on the user’s device and is not sent off the device in a way that can identify the user or device.

  • When the data broker with whom you share data uses the data solely for fraud detection, fraud prevention, or security purposes, and solely on your behalf. For example, using a data broker solely to prevent credit card fraud.

It is also mentioned in https://developer.apple.com/videos/play/wwdc2020/10676/ .
Can I know the procedure for obtaining the advertising identifier without user permission? for example, if we are using it for security purposes.

Thank you.
Answered by in 614386022
Hi there,

I believe this is similar to the question you asked on Use Advertising Identifer for Fraud Detection/Security Purpose. Therefore, I'm providing the same answer here in case it is useful:


From the User Privacy and Data Use page you linked, you will need to receive the user’s permission through the AppTrackingTransparency framework to track them OR access their device’s advertising identifier. While it is true that you may track users without obtaining permission for the specific mentioned purposes (including security as you said), you may not access the advertising identifier without first obtaining user permission.

Depending on what your use case is, our DeviceCheck framework may be of assistance.

If I've missed a distinction between your questions, my apologies; please clarify so I can answer the correct question.
Accepted Answer
Hi there,

I believe this is similar to the question you asked on Use Advertising Identifer for Fraud Detection/Security Purpose. Therefore, I'm providing the same answer here in case it is useful:


From the User Privacy and Data Use page you linked, you will need to receive the user’s permission through the AppTrackingTransparency framework to track them OR access their device’s advertising identifier. While it is true that you may track users without obtaining permission for the specific mentioned purposes (including security as you said), you may not access the advertising identifier without first obtaining user permission.

Depending on what your use case is, our DeviceCheck framework may be of assistance.

If I've missed a distinction between your questions, my apologies; please clarify so I can answer the correct question.
Hi,

Sorry first for creating duplicate thread. ( I cannot find the edit button to modify my original thread to add the wwdc20 tags).

It is clear based from your answer, the difference between tracking and advertising identifier. That means, we will need to shift away from advertising identifier to other way of achieving our purpose (fraud detection/security purpose). We will take a look at DeviceCheck framework as you suggested.

Thank you for the answer.
use advertising identifier for security purpose
 
 
Q