IDFA deprecation, iOS 14, and ATT: 35 mobile marketers’ questions answered
Last week we held an iOS 14 IDFA deprecation ask-me-anything webinar. We started with 14 questions, and ended up with over 60.
Needless to say, we didn’t get through all the questions.
Today, however, we’re releasing answers to the 35 questions that we didn’t manage to answer during the webinar. They’re all from mobile marketers with queries on what to do without the IDFA. How to measure marketing in iOS 14. Whether App Transparency Tracking (ATT) covers email or fingerprinting. If deferred deeplinks will still work. And, of course, how to start working with Apple’s SKAdNetwork framework.
Thanks to our webinar speakers Gadi Eliashiv, CEO of Singular, and Yevgeny Peres, head of growth at ironSource, and other internal experts at Singular such as chief growth officer Ron Konigsberg, we’ve managed to answer them all.
Which doesn’t mean you won’t have more, of course:
- Watch the webinar here
- Join the Mobile Attribution Privacy group on Slack: more than 2,000 mobile marketers working through the iOS 14 changes just like you
And here are the additional answers:
1) How should we adjust our conversion value setup for Facebook? Will we be able to run with Facebook if we opt to use our own conversion value events instead of Facebook’s?
Conversion values across all networks must be managed using a single tool, as the conversion value is set without having any information about the acquisition source. Facebook provides two ways for managing conversion values which are compatible with running AEO (App Event Optimization) and VO (Value Optimization) campaigns: implementing it with the Facebook SDK or using an MMP SKAdNetwork conversion management.
Using an MMP provides additional value, such as enhanced flexibility for conversion value management, cross-network support, and SKAdNetwork data aggregation across all channels to form a unified view of your marketing results.
Singular is committed to support our customers with implementing SKAdNetwork across all the channels, Facebook included, and we are working closely with the Facebook team to provide the best experience possible (read more about Singular and Facebook here)
2) If a user is on iOS13 or older and installs our app, do we need to surface the ATT prompt? I’m assuming ATT is not supported on phones older than iOS14 so the answer is “no.” Does this mean we can continue to include that user’s IDFA/email/phone for ads targeting?
Yes, that’s correct. Users who don’t upgrade to iOS14 don’t have the ATT prompt available, so their IDFA will be accessible and, as it’s been for the past number of years, subject to LAT (Limit Ad Tracking). With regards to other identifiers, we recommend reading the App Store ToS.
3) What is Apple’s enforcement mechanism to ensure advertisers and vendors are compliant with the AppTrackingTransparency framework?
The primary enforcement mechanism is not providing access to the device’s IDFA without prior user consent. That’s already quite meaningful and restrictive on its own, given that it is the way attribution for self-attributing networks (SAN) like Facebook, Google, Snapchat, Twitter and others are working today.
The second enforcement mechanism is of course the app store review process. We suggest never having to deal with compliance enforcement at that level!
There are additional ATT limitations which are harder to enforce, mostly around fingerprinting and data sharing, and in general processes which are done on the backend and not on the device. The enforcement mechanism for these policy limitations is still not clear, however we do know Apple has a history of enforcing App Store policy and removing apps who don’t comply with it, so we highly recommend reading and following the guidelines.
4) Apple’s updated ATT documentation in the FAQs addresses fingerprinting to identify users or devices. Does this apply to deferred deeplinking as well? I’m asking because the language in the docs imply fingerprinting is prohibited for tracking and measurement, but not deferred deeplinking.
Yes, as deferred deep linking is a result of server-side attribution. If attribution is not allowed when ATT is not granted, deferred deep linking is not possible.
5) Will there be an opportunity for apps to re-prompt uses who have opted out initially?
The ATT prompt will only be shown once. If the user doesn’t accept ATT, the only way to enable it is via the device settings: meaning a user has to manually change his or her settings: a very unlikely scenario.
Note: this is per every app install, so in case of re-installs it will be shown again.
6) What about emails or IDFAs captured before ATT was required?
According to Apple’s policies, developers must receive the user’s permission through the AppTrackingTransparency framework to track that user across apps and websites owned by other companies. This is regardless of when the data was captured, so as long as it’s related to the specific app and is associated with other companies, it can’t be used for tracking the users of that app without consent.
7) Does this mean you will be able to fingerprint LAT (Limit Ad Tracking) enabled users since the consent banner won’t show?
No, LAT users are equivalent to users who didn’t provide their permission to be tracked. Therefore, you can’t run fingerprinting for these users.
8) Are MMPs like Singular, Adjust, Appsflyer, etc. going to get postbacks from SKAdNetwork?
There are different setups for MMP to receive SKAdNetwork postbacks. Some partners will forward every postback to the MMP (a push integration) while others will provide an API for collecting SKAdNetwork data (either aggregated or raw) similar to how Singular collects cost today. Check more details on SKAdNetwork partner integrations here.
9) Let’s assume that we can optimize campaigns with signals (e.g. payer conversions and/or in-game progression events), that we can get in install data + 3 days, and that we are OK with doing it on the campaign level. Can we just ditch user-level attribution and go full on with SKAdnetwork?
Broadly speaking, yes, if that’s all the information you require for optimization then SKAdNetwork can provide all these signals.
In our perspective, iOS14 changes do require a solution which is a bit broader, mostly since there are situations which SKAdNetwork currently doesn’t cover beyond just limited granularity. SKAdNetwork supports only app-to-app campaigns, so additional solutions are required for measuring marketing activities such as email, social, influencers, and web-to-app.
10) Do the ATT changes also affect browser cookies in a way that can block other use cases like session cookies (login methods etc.)?
No, technically ATT doesn’t affect browser cookies or browser sessions if they don’t involve tracking in a native app. Apple has made that clear in this FAQ as one of the described scenarios:
“If a user provides permission for tracking via a separate process on our website, but declines permission in the app tracking transparency prompt, can I track that user across apps and websites owned by other companies?
Developers must get permission via the app tracking transparency prompt for data collected in the app and used for tracking. Data collected separately, outside of the app and not related to the app is not in scope.”
11) Based on wider ATT use, will Apple allow you to opt out of it using the email you provide for your Apple ID?
Apple didn’t comment so far on how ATT affects their own services or whether they allow an opt-out of the Apple ID/email.
It’s worth emphasising that ATT applies to tracking users across apps and websites owned by different companies (so technically it’s OK for Apple not to show ATT if they don’t share or track these emails across apps by others companies). This is similar to how an app developer is allowed to collect and use IDFVs or emails across their own apps, but not share or track these with other companies.
12) So will a user who declines ATT be ineligible for custom audiences targeted within the FB app?
Yes, users who decline ATT can not be targeted using custom audiences.
13) For email, are you expecting action based triggers (e.g abandon basket push notification) to be caught up within ATT rules?
First-party data use is not covered by ATT. First-party data use is, however, something to explain in your app’s privacy nutrition label.
14) What happens if a player changes their mind and goes in and changes their preference from yes to no on the ATT tracking acceptance? Do we have to go back and remove all their data?
According to Apple’s policies, when players change their advertising identifier or activate LAT, then “data associated with the previous advertising identifier will not be linked to their new identifier.” Apple does not provide clear guidance on how exactly to “disassociate the data,” so is up to advertisers themselves to handle this scenario as they see fit, if advertisers are collecting user-level data too.
Singular’s interpretation of this is that the “associated data” includes any information from associated apps or websites owned by other companies, including attribution data, so Singular will “organic-fy” the user from that point going forward, and events from that user will be attributed to organic rather than the original attribution source.
15) I play a game that successfully convinced me to enably tracking since they simply said I might lose the account once I forget the password, if it is not cross tracked through other apps (for example, I linked my game account with Facebook).
That’s an interesting incentive! Publishers and developers have definitely strategized how to incentivize opt-in. Some app developers are even testing native soft pop-ups with some of their users to a) understand opt-in rates b) understand language that could improve consent rates.
16) If a user has LAT turned on, are we even allowed to serve the ATT prompt? If not, is this a technical limitation, or an Apple policy limitation?
No, you’re not. This is an implementation detail, meaning this is a technical limitation and not just policy.
17) Just to make sure , will the SKAdnetwork attribution method work with LAT users for installs that were previously ignored by Facebook ?
Yes, that’s correct. SKAdNetwork provides visibility to all users, including LAT users.
In this sense, SKAdNetwork provides a level of visibility which was missing up to now to a very significant portion of iOS users.
18) Can you clarify this point: Apps will need to ask for permission for any kind of tracking; it’s not only if you have IDFA or not.
That’s correct. The language in the ATT prompt is about tracking, not a specific technology for tracking. So whether you’re using IDFA, an email address, fingerprinting … they all need permission.
19) Is the blocking of fingerprinting only on app install tracking? Is probabilistic/fingerprinting still OK on app-to-mobile web pixel tracking?
No, it’s for all kinds of tracking. For app-to-mobile measurement, Apple is now planning to provide “private click measurement” in SKAdNetwork.
20) How will Singular be dealing with the forced data delay window? Will that mean an additional one day delay in data seen on the dashboards?
Singular will display SKAdNetwork data as soon as the postback is sent by the partner to Singular. Most partners (that support forwarding postbacks) are supporting near real time forwarding of SKAdNetwork postbacks. However, some partners may be forwarding this data in batches or with some delay, in which case there will be an additional delay in SKAN reporting in Singular. In the cases of delays from partners, Singular supports receiving the original time of the SKAdNetwork postback as received by the partner, so we do support backdating the data.
21) Can we expect the impact in terms of reporting and measurement to be more or less the same as the Facebook tracking change we faced with facebook view-through attribution (VTA) last year?
Facebook’s view-through attribution change only impacted user-level data shared with advertisers. However, MMPs were still able to access the data and provide aggregated reporting and measurement which takes VTA data into account. With SKAdNetwork, the limitation is more strict.
The good news on VTA is that SKAdNetwork now supports view-through attribution.
22) Is SKAdNetwork more subject to fraud? Will MMP fraud prevention tools still work? Does Apple protect against fraudulent traffic, or click hijacking etc?
SKAdNetwork includes a cryptographic signature from Apple that enables validation of the data and basically prevents fraudulent actors from forging or faking SKAdNetwork notifications, but there are still some problems.
First and foremost, the post-install conversion values are not included in that signed data. On top of that, country and geolocation data isn’t encoded in there. Which means that bad actors can misreport conversion values. The good news: Singular solved for this by adding additional layers of validation (via HTTP 307 redirects) to stop SKAdNetwork fraud.
23) How can you determine what creative drove an app install? There is no such information in the metadata conversionValue in SKAdNetwork.
This will be different per ad platform. Mostly, you’ll only be able to do this by using campaign ID numbers — the hundred values that SKAdNetwork provides — for this purpose.
24) Can app publishers still use first-party identifiers for segmentation on top of first-party data?
First party data, collected with the user’s consent, can definitely be used for segmentation and product analysis.
25) Assuming most marketers will use SKAN for attribution, do you think that means the end of ad fraud on iOS? Or will fraudsters find new creative ways to cheat the system? Also, do you expect CPCs/CPAs to significantly increase following ATT? And, how ready is the industry?
Fraudsters will always try to find new ways to bypass existing mechanisms. SKAN changes will definitely make them reinvent their working methods, but we don’t expect fraud to go away.
In fact, we’ve already discussed specific gaps with SKAdNetwork fraud prevention and we recommend using a solution (like ours) which takes fraud into account in all scenarios.
26) When do you guys think Apple will make ATT live? I am hearing it could be March …
We’re already prepared for the full SKAdNetwork rollout, and we are helping our customers be ready as soon as possible. But … as you might expect, we can’t really speculate about the exact date.
We highly recommend you get set up for success with ATT and SKAdNetwork sooner rather than later.
27) Is your SKAdNetwork analytics dashboard already available?
Yes, our SKAdNetwork analytics dashboard is live with our beta customers. We’re working closely with our ad partners and networks like Facebook and ironSource for general release as soon as possible.
28) Do you think Apple will extend the conversion value timer window from 24 hours to greater? If so, won’t it get close to fairly deterministic tracking?
You can already extend the timer to beyond 24 hours, in fact the Singular SKAN Solution supports cohorts with up to 7 days.
Apple will only report conversions or installs in groups of customers, so it won’t be deterministic. The factors include delayed optimization, granularity limitations, and limiting number of events (only six bits) to be tracked.
29) Can we still capture parameters attached to a universal link from the mobile web to an app?
Yes, this is technically possible. As mentioned in the webinar, the policy around using this data for tracking is still not clear. At Singular, we plan to provide options for disabling and enabling the use of that data according to your interpretation.
30) For mobile web environments, can you not use GTM or third-party tracking tools such as Voluum to bypass the fingerprinting restraints?
There are different ways to technically bypass fingerprinting constraints. The problem is not with technical solutions but whether they are permitted by Apple’s privacy rules. And, of course, dealing with the inevitable consequences of not respecting App Store policies.
31) Do Facebook and Google already send SKAdNetwork data so apps can see it in Singular dashboard?
No, neither Facebook or Google have enabled SKAdNetwork data externally to advertisers/MMPs yet. But we expect this to happen very, very soon. However, we are live with other ad networks that have been ahead of the curve.
32) If we choose to stop using IDFA entirely and not prompt the user with ATT, would we still be subject to any of the issues you’ve discussed around collecting emails?
Yes, the rules around other identifiers apply even if you are not using IDFA. Using user identifiers across apps and websites requires user permission via the App Tracking Transparency (ATT) prompt.
33) Will iOS reach on lookalike audiences get smaller post IDFA?
34) Is the use of first-party data allowed within your app? For example, a user orders Thai food, and we show them Thai restaurants that they can order from.
Consider, however, what you need to reveal in your app’s privacy nutrition label on the App Store.
35) What happens if people log in to our app via Facebook Connect? Would we be able to track more data this way?
No. That can only be used for single-sign-on.
More questions? Talk to us!
Other people have questions. You need specific answers and guidance for your specific situation. Request a demo today and we’ll show you how Singular’s SKAdNetwork solution can work for precisely your app and your business.