Recently, a reader asked me whether the Apple App Store actually requires developers to comply with the different user privacy preferences that Apple allows users to set (for instance, “Limit Ad Tracking”)?

To Apple’s credit, finding the answer was not difficult, and was actually heartening: yes, Apps must comply with Limited Ad Tracking choices.

In the current documentation on Apple’s App developer website says that the new standard, having to declare what Apps do and don’t track, must be respected (“Your app must comply with IDFA usage in order to be approved by App Review.” Submitting the App to App Review) What is IDFA you ask? IDFA is the “Advertising Identifier”.

And here’s a brief history of Apple’s Ad Tracking, and how we’ve arrived at the current status of Apple actually protecting consumer’s choice to Limit Ad Tracking:
Originally, Apple’s Apps used UDIDs. UDIDs were sort of evil. An Ars Technica article from 2013 explains “even without a specific user name or address, the device’s UDID could be associated with the collected data and the user in question could be identified—a privacy concern for most users.” (After warning from Apple, apps using UDIDs now being rejected, Ars Technica, March 26, 2012)

Fortunately, Apple recognized that UDIDs were evil even before that:
Apple Sneaks A Big Change Into iOS 5: Phasing Out Developer Access To The UDID, Tech Crunch, Aug 19, 2011
“Apple notes that it will be phasing out access to the unique device identifier, or UDID, on iOS devices such as iPhones and iPads.”

About a year later, Apple officially began rejecting apps using UDIDs:
“Apple began rejecting the apps over the weekend, as first noted by TechCrunch, after having warned developers late last year that the UDID was deprecated as of iOS 5.0 (released to the public in October). But Apple is no longer just guiding developers away from using the unique ID; the company has begun playing hardball by rejecting apps that make use of it.” (After warning from Apple, apps using UDIDs now being rejected, Ars Technica, March 26, 2012)

Finally, in 2013, Apple officially started playing bad cop:
Apple forcing developers to ditch unique device IDs, Ars Technica, March 22, 2013
“Apple will officially start rejecting iOS apps that make use of the unique device ID or UDID, in order to track users. The company informed its developer community of the policy late Thursday (followed by a confirmation to Macworld) that it would no longer accept UDID-utilizing apps as of May 1. Instead, the company instructed developers to make use of other identifiers, such as Apple’s new Identifier for Advertising, or IDFA, which was introduced in iOS 6 last fall.”