Respect ATT Tracking Settings with PHP: Disable/Enable Tracking Scripts Based on User Consent
If you’re building a mobile app using Appos Studio and submitting it to the App Store, it’s crucial to comply with Apple’s App Tracking Transparency (ATT) framework. Apple requires apps to disclose and honor user preferences around tracking. If your app opens a website that uses cookies, analytics, or ad scripts, failing to disable these when tracking is denied can result in App Store rejection.
To help you comply, here’s a simple PHP script that dynamically disables or enables tracking scripts (like Google Analytics or Facebook Pixel) based on a user’s ATT status. This is especially useful if your website uses these trackers and is being embedded in a mobile app created with Appos Studio.
When to Use This Script
Add this script to your website if any of the following are true:
- You use tracking cookies or third-party analytics tools.
- You’ve converted your website into a mobile app using Appos Studio.
- You’re submitting your app to Apple’s App Store and need to comply with ATT.
How It Works
- Appos Studio (or your client app) sends the user’s ATT status via a custom HTTP header or URL parameter.
- The script checks the status:
- If tracking is denied, it removes cookies and tracking scripts.
- If tracking is allowed, it includes them as usual.
Example Code with Comments
<?php
// Get the user's ATT status from the request
// Priority: Custom HTTP header > URL parameter > Default to "allow"
$attStatus = $_SERVER['HTTP_X_ATT_STATUS'] ?? $_GET['att'] ?? 'allow';
// Check if tracking has been denied
if ($attStatus === 'denied') {
// Remove any "Set-Cookie" headers to avoid placing tracking cookies
header_remove('Set-Cookie');
// Leave tracking scripts out of the page
$trackingScripts = '';
} else {
// ATT is allowed: include tracking scripts like Google Analytics, etc.
$trackingScripts = '<script src="tracking.js"></script>';
}
// Output the HTML with or without tracking scripts in the <head>
echo "<!DOCTYPE html>
<html>
<head>
<meta charset='UTF-8'>
<title>My Website</title>
$trackingScripts
</head>
<body>
<h1>Welcome to my website!</h1>
<p>Your experience has been tailored based on your privacy preferences.</p>
</body>
</html>";
?>
Final Notes
- You can customize the trackingScripts variable to include any script snippets (Google Tag Manager, Facebook Pixel, etc.).
- If you’re using a CMS like WordPress, this logic may need to be added as a plugin or directly in the theme’s header.php.
If you’re unsure whether your site uses tracking cookies, it’s better to err on the side of caution and implement this logic.
Let me know below if you need help customizing this for your stack!
Comments
-
We’re currently exploring the development of a website scanning tool specifically for Appos Studio users to help streamline ATT compliance before submitting apps to the App Store.
The idea is simple:
Enter your website URL, and our tool will analyze your site for tracking scripts (e.g. Google Analytics, Facebook Pixel, ad networks, etc.) that may collect user data.
This will allow you to:
- Identify any trackers that may conflict with Apple’s ATT policies
- Determine which scripts should be conditionally disabled if a user opts out of tracking
- Implement a compliant solution before your app gets flagged or rejected during review
Until that tool is live, you can manually inspect your site and implement tracking control using the PHP snippet provided above. It dynamically removes cookies and tracking scripts based on the ATT status passed via HTTP headers or URL parameters from the app environment.
Whether you use our example or roll your own, the goal is the same: ensure your app respects tracking preferences and avoids compliance issues with Apple.
Let us know if you’d like early access to test the scanner when it’s ready — or if you need help adapting the script for your framework.
Howdy, Stranger!