Prior to Apple’s recent World Wide Developer Conference, there were rumors spreading about potential changes to Apple’s IDFA (Identifier For Advertising). As it turned out, Apple was just restricting apps in the Kids category: they can no longer use third-party analytics or advertising.
That’s in line with Apple’s strong privacy story and what it has done in WebKit, the engine that powers the Safari web browser. Already two years ago Apple released Intelligent Tracking Prevention to limit cross-site tracking and third-party cookies, and version 2.2 was just recently released.
But whether we’re talking iOS, Android or the web, the drift of the mobile ecosystem is towards increased privacy. And that impacts marketers.
So where do we go?
At Singular, we’ve spent considerable time imagining and planning for a world where mobile apps and marketers would have to survive in a privacy-safe environment without a common device identifier like IDFA on devices.
In fact, we think there’s an opportunity to re-engineer some components to create a world that is privacy safe, marketer friendly, and fraud-free (as a big bonus). And we’re ready to ask others to join us (keep reading for more details).
Measurement and privacy
Prior to 2012, advertisers and marketers measured the effectiveness of their iOS campaigns using iPhone UDID (Unique Device Identifiers). UDIDs were not privacy-safe because they were unchangeable and permanent, which enables limitless tracking of users essentially in perpetuity.
In an early step to increase privacy, Apple created a semi-permanent identifier called IDFA (IDentifier For Advertising) to address the need for marketers to understand which ads and campaigns work, while also protecting consumers. An IDFA is essentially a random, unique number that, by itself, reveals no personally identifying information. In addition, it was designed to be reset by the consumer if anyone decides to do so.
The IDFA quickly became a central mechanism for the entire mobile marketing ecosystem on iOS, and has a role in countless systems and scenarios, from targeting, retargeting, analytics, rate limiting, personalization, identity, and more.
But what would the world look like without it?
The world without IDFA
After years of relying on an identifier like the IDFA, imagining the marketing world without it at all is challenging. What are some of the main challenges of living without the IDFA … and what alternatives exist?
Last-Touch and Multi-Touch Attribution Models
Mobile attribution providers use IDFAs to identify a device, and link an ad impression or click to a mobile app install. Or, essentially, any conversion.
Without a deterministic link such as the IDFA, both last-touch as well as multi-touch attribution will become much more challenging. Essentially, it won’t be easy to plot out the customer journey in a reliable manner.
As a result, attribution providers will have to look for alternatives. (Keep reading for one of them.)
One of the holy grails for marketers is to track individuals not only across apps, but also across devices. This is useful for marketers because it helps understand true human behavior, which oftentimes happens between devices.
People-based attribution has been the topic of many announcements from multiple mobile measurement companies lately, mostly because it would be amazing to solve that challenge on a holistic level.
There is one major challenge, however.
Concepts like the “persona graph” or “device graph” are problematic by nature, as they require cross-app and cross-domain (web) tracking. Seeing what Apple’s WebKit team has been writing about Intelligent Tracking Prevention and hearing what CEO Tim Cook has been saying about privacy, it’s pretty clear where Apple lands on cross-domain tracking.
Guess what: removing the IDFA would have a major impact on tracking users across apps. And that adds up to a very problematic future for a “people-based attribution” vision.
Fraud prevention solutions rely on ad identifiers to ensure the accuracy of advertising attribution. Some types of fraud can be eliminated or reduced with this identifier. Deleting the IDFA could lead to weaknesses for fraudsters could exploit.
Click spammers could more easily fake a click as if it came from a device, thereby taking credit for conversions that they are not responsible for.
Ad networks and marketers rely on their ability to link an ad campaign to a particular user in order to understand how their campaigns are performing. That tells marketers what their ROI is, or informs other KPIs that provide valuable feedback.
Without an IDFA connecting the dots between ads and app installs, this will be challenging.
And that could impact marketers’ ability to optimize their campaigns, as well as ad networks’ ability to do so. Think about how your ad networks optimize heavily towards post-install events today — some in a very black box manner.
All of that could be disrupted.
Retargeting often works by identifying a segment of users we would like to communicate with. Example: people who added an item to a cart, but did not make a purchase.
These segments are then pushed to ad platforms dedicated for retargeting in order to bring people back into your app.
The way segments are communicated today in the mobile universe is mostly based on advertising identifiers. Making these ineffective would dramatically impact the ability to retarget your customers. Marketers would have to resort to other means of identifiable information, such as email addresses, which won’t necessarily be a good step forward in terms of privacy.
It’s worth noting this situation would also tilt the playing field in a number of ways:
- Marketers that collect emails from their users would have a significant advantage. Not every app does that, and bigger, more trusted brands can do so more effectively than smaller ones.
- Big ad networks (Facebook/Google/etc.) that have their customer’s emails would do better. Smaller ad networks, with thousands of smaller publishers, most likely do not have those emails, which could therefore not be used for targeting purposes.
So what are the alternatives?
Alternative #1: Fingerprinting
If you think about it, app marketers already live with one IDFA-less world: mobile web.
Given the mobile browser’s inability to access the IDFA, marketing measurement companies use a technology called fingerprinting to attribute web to app conversion flows. Fingerprinting collects mobile device attributes like IP addresses, device types, software versions, and more, and uses them to create a “signature” that probabilistically identifies a device.
That same signature is collected both on the click and when the advertised app is launched. Then the two are matched, with some statistical error.
In a world without IDFA at all, the app to app conversion flows could simply mimic the web to app flows, using fingerprinting in much the same way.
Fingerprinting can work with fairly high levels of accuracy (80-95%, depending on devices and available information) but it can be seen as an invasive and non-permissioned type of tracking. In a way, it may work against the very thing that Apple is trying to achieve: more privacy for users. It also has GDPR implications, which would be problematic since it’s not always clear how to obtain user consent when fingerprinting. Or, even if you can ask for it, it’s an open question whether you’d get it.
Fingerprinting uses device attributes such as IP, OS Version, Device Model, and other parameters. While it can have high levels of accuracy, it is still probabilistic not deterministic, and therefore it can have poor accuracy under certain circumstances. Device attributes are not always unique, and some (like IP address) change often. Therefore, the signature can either match the wrong device to an activity, or not match at all.P.S.: Some mobile attribution vendors position low-accuracy fingerprinting products, like matching on an IP subnet, as a feature not a bug!
Fraudsters can leverage a fingerprinting-first world. For example, click spammers wouldn’t need to fire clicks for a large number of device IDs. Instead they could use various techniques to generate clicks for common signatures, thereby cheating marketers and disrupting ad networks’ ability to do their jobs and get paid for it.This is a problem especially with iOS. The number of possible iPhone signatures is pretty small since many devices are extremely similar in terms of software versions and hardware models.
- Limited attribution models
While fingerprinting can solve for last-touch attribution models, it will make the attribution windows shorter. And, it will be significantly more complex to store multiple touchpoints based on the fingerprint, given their short life-span. This in effect enables short-lived last-click or view-through attribution, but not more advanced multi-touch attribution models.
While fingerprinting solves for attribution, being able to communicate a segment to a third-party retargeting company will be impossible without some shared identity. Emails could be used in some cases, but not in all.
- The statistical nature of fingerprints increases, to some degree, the privacy of particular individuals, and makes it impossible to completely deterministically track users.
- This is already a pre-existing solution that enables the entire ecosystem to continue to function the day after IDFA. ROI could still be calculated. Partner postbacks are still possible, and advertisers’ BI setups could stay in tact. This is more important to consumers than some might recognize: advertising pays for the massive amount of free content and experiences the internet provides.
Alternative #2: SKAdNetwork
There’s another potential solution available.
In March of 2018, Apple released a framework called SKAdNetwork that enables attribution of mobile app installs without exposing the IDFA.
SKAdNetwork works by having the mobile operating system become a privacy-oriented mediator between the publisher (the app where the ad is shown), the advertiser (a different app being advertised) and the ad network (that places the ad in the first place).
The ad network displaying the ad in the publisher’s app will have to pass special parameters to the iTunes Service process on the device when an ad click happens. These values will be stored, and if the app was installed as a result of that click, and subsequently launched, the device will send a postback to the ad network in a pre-agreed path between Apple and the ad network.
The postback tells the ad network — and therefore the advertiser — that the ad was successful.
The beauty about the process from a privacy point of view is that the postback does not contain any device identifiers, thus disassociating the identity of the clicking device from the installing device. The postback itself is signed by Apple, which allows the ad network or any third party to verify it, and thereby know that an actual install truly happened from that ad click.
There are some downsides, however.
- View-through attribution
Forget about view-through attribution … viewing events are not part of the SKAdNetwork model, and therefore would not be available for attribution.
- Multi-touch attribution
SKAdNetwork only stores the last click that led to the App Store open, which means that MTA models would be impossible. To be fair, in today’s privacy-sensitive world, impression data from the top publishers (Facebook, Google, Apple, etc) is not available anyway. That already great limits the capability of achieving MTA, so perhaps the loss here isn’t massive.
- Campaign optimization
Matching down-funnel events such as revenue and purchases to the ad campaign would be impossible with how SKAdNetwork is implemented today.This is also a tricky area for Apple to implement without running the risk that malicious parties would collaborate to decipher a user’s identity. For example, the app could intentionally send conversion events that could be used to identify the user. A possible path for implementation would be similar to what WebKit proposed here where the number of possible conversions will be limited to 64, and a delay (24 to 48 hours) would be introduced to make it difficult to correlate between conversions and an existing user. But doing so on a mobile device that goes offline could also be tricky.
While SKAdNetwork can help with attribution, being able to communicate a segment to a third party retargeting company will be impossible without some shared identity. As we’ve already seen above, emails could be used in some cases, but not in all.
SKAdNetwork makes a direct connection between a click and an install without relying on the IDFA. This kind of connection could even survive an IDFA reset — something that consumers can do at any time they wish.
- Fraud prevention
SKAdNetwork provides advantages that aid in fraud prevention.
- The first advantage is that Apple is verifying the install, and that the install is tied to a valid Apple ID. There’s already an existing mechanism for that available today (shameless plug: one that Singular is doing a better job than anyone else preventing fraud with that mechanism, and provides superior results).
- The second advantage is that Apple verifies there was user intent to open the App Store, with the ad click information associated with it. In addition, that ad click information is digitally signed by the ad network, therefore limiting malicious publishers in their attempts to generate fake ad clicks.(For a deeper deep dive into SKAdNetwork and Fraud, subscribe to our blog and stay tuned for a dedicated article.)
Overall, there are some major advantages here, and we see the opportunity to expand SKAdNetwork into a complete — and privacy-safe — solution.
Announcing MAP: the Mobile Attribution Privacy working group
I think SKAdNetwork holds great potential, and deserves wider adoption, but it also requires more work. We at Singular want to be part of that process, and help improve it, and drive adoption.
To harness the power of the technology, we want to make it more effective and relevant for marketers while preserving its privacy protections for consumers.
Therefore, Singular has decided to formally launch MAP, an open working group for mobile marketing stakeholders. That includes marketers, publishers, ad networks, attribution providers, marketing analytics companies … and people, the people who own smartphones and use apps.
The goal of the working group is to address some key points:
- Conducting a comprehensive analysis of the post-IDFA world
- Drafting a proposal for SKAdNetwork improvements, including a privacy-preserving way to utilize SKAdNetwork to analyze cohort data, and addressing other key gaps
- Building out an API specification for data transfer between the ad network and the mobile measurement partner communication in an SKAdNetwork world
- Driving adoption of SKAdNetwork in the mobile ad ecosystem.
I’m asking our customers, partners, and fellow mobile measurement and analytics vendors to partner with us in this effort. Together, I think we can shape the future of that protocol, and work together to ensure proper, safe, legal, and ethical design and implementation.
If you’d like to be part of the Mobile Attribution Privacy (MAP) Coalition, please join us in the MAP Slack group. There, you’ll be able to connect with other industry folks who are working to move the digital marketing community forward in this new, more privacy-safe world.