关于IDFA、CAID和「5. 1.2 - Data use & sharing」

今天，2021年3月18日，突然收到了之前从未遇到过的拒审邮件，邮件原文如下：

发件人 Apple
5. 1.2 - Data use & sharing
Please review this information carefully as it impacts your app’s availability on the App Store and requires your immediate action.

Hello,

We are writing to let you know about new information regarding your app.

Upon re-evaluation, we found that your app is not in compliance with the App Store Review Guidelines. Specifically, we found your app is in violation of the following:

Guideline 5.1.2 - Legal - Privacy - Data Use and Sharing


We found that your app collects user and device information to create a unique identifier for the user's device.

Specifically, through the implementation of instance methods such as setBootTimeInSec:, setCarrierInfo:, setCountryCode:, setDeviceName:, setDisk:, setLanguage:, setMachine:, setMemory:, setModel:, setSysFileTime:, setSystemVersion:, and setTimeZone:, your app uses algorithmically converted device and usage data to create a unique identifier and track the user.

Per 3.3.9 of the Apple Developer Program License Agreement, neither you nor your app can use any permanent, device-based identifier, or any data derived therefrom, for purposes of uniquely identifying a device.

Next Steps

To resolve this issue, remove any functionality from your app that uses algorithmically converted device and usage data to create a unique identifier for the user's device. Additionally, remove any related code that derives data from the device for the purpose of uniquely identifying it.

To ensure there is no interruption of the availability of your app on the App Store, please submit an update within 14 days of the date of this message. If we do not receive an update compliant with the App Store Review Guidelines within 14 days, your app will be removed from sale. Please note, if your app is found to be out of compliance for any reason and rejected after the time period provided has elapsed, your app will be removed from sale until a compliant update is submitted, approved and released to the App Store. If your app is removed from sale, the TestFlight version of this app will also be unavailable for external and internal testing and all public TestFlight links will no longer be functional.

Resources

Review Frequently Asked Questions about the new requirements for apps that track users.

In order to return your app to the App Store, you will need to submit an updated version for review which addresses this issue.

If you have any questions about this information, please reply to this message to let us know.

Best regards,

App Store Review

邮件的内容主要在于这一句：We found that your app collects user and device information to create a unique identifier for the user’s device.（我们发现您的应用程序收集用户和设备信息，以便为用户的设备创建唯一标识符。）

事件起因为来自于苹果iOS14IDFA隐私政策，即，在iOS14系统后，应用程序在获取相关的权限时，会有弹窗出现提醒用户是否进行授权，如果用户未授权，广告商将无法访问IDFA，进而将对所有基于idfa的广告业带来巨大影响。

于是，来自中国的互联网巨头和广告协会趁势推出了对此的应对方案，即CAID，并于今年开始在业内大力推广。CAID，作为第三方的监测技术，其实现的前提必须是广告主和媒体方都要同时接入CAID，形成约定好的标准以达到跟踪的目的。

因此，显然，CAID是为绕开IDFA标识而生，且目前还未得到苹果的认可。据中国广告协会表示，该解决方案将不会反对苹果的隐私政策，正在与苹果积极沟通。

但是，通过这个加了CAID的应用收到拒审邮件来看，苹果的态度已经非常清楚了，这是中国广告协助的坑！

欢迎加Q群，更多讨论这个问题：854490144 （MacQQ可能会提示拒绝添加新成员，换手Q加。）