SKAN: A practical standard for the implementation of SKAdNetwork

Join us for a special AMA (ask me anything) webinar about UA in iOS 14
on August 12th @ 10am PT with experts from Lyft, Homa Games, and ironSource

 

Since we’ve announced our support for SKAdNetwork and released the open-source code for everyone to start exploring, we’ve received massive interest from the industry and had many conversations with top advertisers, publishers, ad networks and MMPs on its potential.

The industry, and we, are torn between accepting the likely loss of IDFA (that served so many positive and valuable use-cases) and getting ready for the new reality, one characterized with fragmented data, partial consent, fingerprinting, on-device solutions and … SKAdNetwork.

SKAdNetwork has some benefits, but it also has some severe limitations, and we are actively participating in the development of alternative privacy-friendly methods with other players, and we would love to see them succeed.

Still, with so many unanswered questions and a nearing deadline, there is a void created that is currently being filled with uncertainty and confusion.

We believe that SKAdNetwork – whether we like it or not – will be part of that new reality. And in its current form, SKAdNetwork is a bare-bones framework that requires careful implementation and responsible governance between multiple entities in the ecosystem to ensure that it’s practical and useful.

That’s why we created SKAN. To try and give us a path forward in a land of uncertainty.

Introducing SKAN: A practical model for SKAdNetwork

Today, we’re excited to announce SKAN – a proposal for a standard implementation of SKAdNetwork. SKAN describes how SKAdNetwork should be used in a standardized way by the ecosystem to overcome some of its limitations and enable its adoption in a scalable and trustworthy way.

This spec is the result of many conversations with folks across the industry about the challenges and issues SKAdNetwork will present.

With SKAN, we are aiming to achieve the following:

  • Create a reference implementation plan for SKAdNetwork, to avoid fragmentation and a broken mobile advertising ecosystem.
  • Design a way for SKAdNetwork to be compatible with parallel methods like IDFA-based attribution (when consent is given) and fingerprinting (when permitted) – both of which will be required.
  • Provide a way to centralize and manage the scattered SKAdNetwork postbacks.
  • Govern SKAdNetwork’s “conversion value” and define a standard implementation.
  • Provide a solution for the fraud risk presented in SKAdNetwork (such as the conversion value manipulation, repeating transaction ID attacks, and geo manipulation).
  • Define how marketers and ad networks can measure ROAS and other KPIs.
  • Define the infrastructure necessary for centralized reporting for advertisers.

Access the downloadable PDF of SKAN

Let’s collaborate

We invite everyone to join us and contribute to this spec. We’ve deliberately excluded our name, or any other company’s name from the spec, to encourage collaboration, suggestions, improvements, and most of all criticism.

We know that one player can not shape that future on their own. It’s like that old saying “it takes a village.” We will need to come together as an industry — advertisers, ad networks, publishers, and MMPs — to shape the future of marketing measurement… and we need to do it quickly with iOS 14 launching in September.

If you’d like to learn more, connect with other thought leaders, ask questions and participate in very lively discussions around IDFA and attribution privacy in general, we invite you to join the Mobile Attribution Privacy (MAP) Slack group: click here.

 
 

SKAdNetwork code: Singular releases Github repository with code for ad networks, publishers, advertisers

Join us for a special AMA (ask me anything) webinar about UA in iOS 14
on August 12th @ 10am PT with experts from Lyft, Homa Games, and ironSource

 

Worried about how losing the IDFA will impact your business? Wondering how SKAdNetwork will work, and if it’ll be a viable replacement?

It’s understandable.

The IDFA is not dead yet, but it’s not dead yet in a very Monty Python way. This isn’t just a flesh wound for mobile marketing, and everyone has a lot of questions right now. Fortunately, Singular has been working on SKAdNetwork for over a year now, and we have at least some of the answers.

Plus, we’ve got your back.

Today, we’re releasing reference code for those who want to start experimenting with SKAdNetwork. This GitHub repo has sample code allowing ad networks, publishers, and advertisers to play with new SKAdNetwork capabilities and understand how they’re going to work for each party. The open-source code also demonstrates how an ad server could implement the cryptographic signatures required.

Singular was the first MMP to announce support for SKAdNetwork. Our goal is to make it scalable, simple, and seamless for mobile marketers to measure the impact of their campaigns in a privacy-safe way.

In addition, we will also release Singular’s updated SDK that works with SKAdNetwork plus more information about Singular’s ad network integration shortly.

It’s critical to get ready quickly because Apple is pushing for this to be used as widely as possible, and we expect the industry to shift to this model at some capacity. iOS 14 launches in September, and if we know anything about operating system updates on iOS it’s that they happen quickly: almost everyone updates within a month or two.

The code release contains:

  1. An advertiser sample app
  2. A publisher sample app
  3. A server that simulates an ad network API (including generating the cryptographic signatures required)

Using the code should help ad networks, publishers, and advertisers. We’ve been spending a long time looking into SKAdNetwork and we want to share our understanding so the industry can have an easier time moving forward and adopting this new tool.

Note: you will need to be using Xcode 12 to run the sample ads. Also, as we learn more and as Apple evolves SKAdNetwork, we’ll add to the code samples.

What to do now:

We invite you to watch our on-demand webinar iOS 14 & IDFA: What you need to know.
Join the Mobile Attribution Privacy (MAP) Slack group on IDFA, SKAdNetwork and iOS14.
 
 

Frequently asked questions about the California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act of 2018, CCPA in short, is California’s new privacy law that grants California residents with new rights with respect to their personal information. It will go into effect on January 1, 2020, and is consequently top of mind for many businesses, especially for those that engage in online advertising.

Similar to GDPR, this new regulation requires that all companies collecting, accessing, and processing personal data for California residents must comply with new standards, that while similar to GDPR, introduce some new nuances.

To help address any common CCPA questions you may have, we’ve compiled the top FAQs for the CCPA. Please note that this document is not intended to be a comprehensive analysis of CCPA or guidance on whether it may apply to specific clients. We recommend that you reach out to your internal legal advisors to determine how CCPA may impact your business.

General CCPA FAQs

1. Is Singular a CCPA compliant service provider?

Yes — Singular complies entirely with the CCPA regulation. We can exercise any request received by our customers to provide or delete data, and our built-in mechanisms for managing consents easily allow compliance with Opt-out requests.

Built by security experts, Singular has always been security and privacy driven by design. We treat encryption, security, and privacy as core principles that determine how every new system is defined and built, and these are inherently embedded in the platform.

2. When is the CCPA coming into effect?

Jan 1st, 2020.

3. Who does the CCPA affect?

It applies to all companies processing and holding the personal data of California residents, also known in the regulation as California Consumers, regardless of the company’s location, and meets one or more of the following thresholds:

  • Has an annual gross revenue in excess of $25 million;
  • Annually buys, receives for commercial purposes, sells, or shares the personal information of 50,000 or more California consumers, households or devices; or
  • Derives 50% or more of its annual revenue from selling California consumers’ personal information

4. What are the key principles? 

The CCPA provides consumers with the following rights regarding their collected information:

  • The right to access data – Consumers may request a copy of the specific personal information collected about them in a readily useable format.
  • The right to know – Consumers have the right to know the categories of personal information a business has collected about them, from what sources information was collected, for what purposes the information was collected and used, as well as know about their data being sold or disclosed to a third party for any reason.
  • The right to delete – Consumers can request the deletion of their personal information collected by a business.
  • The right to opt-out – Consumers must be able to opt-out of the sale of their personal information.
  • The right to not be discriminated against for exercising CCPA rights – Consumers have the right not to be discriminated against when exercising any of the above rights.

5. What are the penalties for non-compliance?

The California Attorney General will first provide a business with 30 days’ notice to cure any noncompliance with the CCPA. If the business remains noncompliant after 30 days, it may be subject to fines. Violations of the CCPA are subject to a civil penalty not to exceed $2,500 per violation; intentional violations of the CCPA are liable for a civil penalty of up to $7,500 per violation.

6. What is the difference between a service provider and a business?

A service provider will handle the data it receives in relation to a particular customer, only to serve that particular customer and for no other secondary business purposes, neither for itself nor for any other customer, and for no purpose outside of the business relationship with the customer. On the other hand, a business may use the data it receives (however it receives it) for a business purpose.

7. Opt-in vs. opt-out?

This is presumably the biggest difference between GDPR and CCPA. While GDPR required all personal data processing to be “Opt-In”, CCPA talks about consumers and their rights to opt-out. Furthermore, there is CCPA specific language around Opt-Out applying only in cases of a business selling data, so the notion of Consent is quite different between GDPR and CCPA.

8. What about users under the age of 16?

For children under the age of 16, CCPA requires an explicit Opt-In, referred to as “Right to Opt-In” by the regulation. For children under the age of 13, a parent or guardian must affirmatively authorize the sale of information.

9. I’m not using Singular for attribution or event tracking. Does CCPA apply here?

If Singular doesn’t collect personal (user level) data for your users, it is not technically a Service Provider in the CCPA context.

10. Do you have an updated California Data Privacy Addendum I can sign?

Yes, please reach out to your Customer Success Manager to get our latest addendum created for CCPA.

11. What else is Singular doing around the CCPA?

Built by security experts, Singular has always been security and privacy driven by design. We treat encryption, security, and privacy as core principles that determine how every new system is defined and built, and these are inherently embedded in the platform.

We took great pride in preparing for GDPR which equipped our customers with easy to use interfaces, supporting both server-side and client-side requests. We are also pioneering a Mobile Attribution Privacy group called MAP, in close collaboration with leading ad networks and attribution providers, to further ensure privacy is constantly addressed as a first priority in the attribution space.

 

Looking for more information or have questions? Contact us at privacy@singular.net or dpo@singular.net

Disclaimer: The information provided by Singular is for informational purposes only and not for the purpose of providing legal advice. Please contact your attorney to obtain advice on specific issues or questions.