iOS apps & Mobile Safari cookies – say bye bye

According to Techcrunch, Apple has begun to reject apps that utilise cookie tracking, HTML5 first party cookies or sometimes called “Safari flip-flop” (I personally had not heard of that one before – see footnotes).

This is the action of taking the user out of the app to mobile Safari on first load and then taking them back. This action is being performed by the app to place a cookie into the Safari cache so that the user of the app can be linked up for further tracking.

If you haven’t seen this in action, here the app doing this (skip to 01:00 to miss the blurb):

Gigaom have also chipped into this story by saying that those app rejections were not due to the cookie issue but due to the way the app interface works. In the case quoted it was due to the app jumping out to Safari and then returning to the app.

This will not be a problem for most developers. Sometimes it is necessary to get authorisation and the only way to get an authorisation maybe via a website. Most have some sort of SDK that relies upon their app being installed or they may have an oauth2 service. Either way you would use a uiwebview / child browser within the app to achieve this. No need to go outside at all.

This is clunky functionality in order to by-pass the sandbox separation of mobile Safari and the app and no one should force this experience on anyone. The only time that mobile Safari should open from an app is if a user wants this to happen.

So the reality here, is that Apple are using the “your app interface functionality sucks” clause to reject these apps. I do not have a problem with this, as I agree that this type of app design is just out right poor.

If Apple are beginning to enforce the other agenda mentioned, the Advertising Identifier, then this is a strange way to go about it. If they are going to enforce that policy I think they will do it via developer announcements and give a cut off date. Either way the only folks who are crying foul with are the marketing and advertisement driven apps folks who have to fix their apps now.


  1. If you put “Safari flip-flop” into Google you are presented with a large selection of faux animal skin style footwear. Not what I was after and not really my style, but if they float your boat, go for it.
  2. Will this have an effect on some free or advertisement driven app strategies? Probably, but there are many other ways to track a user other than cookies. Safari cookies are not great and as we found out last year can be by-passed despite what you may want. For a great article on that episode have a look at Daring Fireball’s “Cookies and Privacy” item.

Joe Molloy is a freelance technical consultant, project manager and writer, based in London, UK.

Joe helps start-ups and companies convert their vision and ideas into real world products and services. Joe specialises in helping companies get it done.