IDFA iOS 14 FAQ: What’s true, what’s fake, and what’s total fantasy
My personal goal for Singular for the past two years has been to get ready for this scenario: the deprecation of the IDFA.
Well, it happened.
At Singular, we’ve been writing and speaking about IDFA deprecation for a long time. We’ve formed the Mobile Attribution Privacy group with top brands to plan out a PII attribution future, and we’ve been speaking to as many people as possible.
It has been a crazy week so far, and it’s only the beginning. Fortunately, Singular has a SKAdNetwork solution for marketers that you’ll be able to see and test very soon. But I have to say I am quite surprised that an event so dramatic as this one — throwing an $80 billion market into upheaval — is getting very little publicity, and I also see very little content on this topic outside of Singular.
In what has been published, I’ve seen some interesting thoughts and claims, and some obvious falsehoods. I want to share my educated opinions on those.
I’ll start by saying that this all depends on whose point of view we’re taking. In this case, I’m trying to take Apple’s POV, which, based on everything I’ve seen them do on the web and now on mobile, is very (VERY) privacy oriented. I may also refer to them as the “law” since they are pretty much the law when it comes to iOS.
Finally, be aware that this is my opinion based on the facts at hand, and things may change. I will, however, try to update this every couple of days with what I’m learning.
The IDFA iOS 14 FAQ
Claim: “This is not the end of the world.”
I think the next few months will be challenging for the entire mobile ad ecosystem (publishers, advertisers, ad networks, mobile measurement partners) and anyone in adjacent spaces since we’ll have to adjust to yet-another-new-normal.
Seeing how Apple kept iterating on its parallel solution for the web (ITP), I am convinced that there will be more iterations on SKAdNetwork that will make it better. Our job as a leading MMP is to define how marketers can still get unbiased measurement and understand their ROAS, and that’s where we’ll spend most of our energy.
Claim: “Device identifiers are never used across different app publishers for attribution.”
I think this is incorrect because the way attribution works today does involve sharing a device ID between the publisher app to the advertiser app. In fact, just connecting a click to an app open is a connection that’s created between user activity in two different apps. And it’s certainly something that goes from a personal device to a third-party company as well as the app publisher.
Claim: “But we’re a GDPR and CCPA compliant MMP/network/etc.”
I don’t think Apple cares. Apple takes GDPR and CCPA as the baseline. It’s table stakes, and they are now raising the bar, according to their own standards.
Claim: “The IDFA is not going away completely.”
Assessment: Functionally False
Look, here’s my thinking on the topic:
- You need people to opt-in. The message is scary, and while you can customize at least some of it, most people will say no. I think Apple doesn’t want people to click it.
- But let’s say, by some magic, you do get people to click it, and your app can now access the IDFA: it is likely still useless because people are just as unlikely to click it in other apps, and then you’ll start having partial views of people.
- And that means that the IDFA is basically useless… you can’t use it to target, or attribute, or anything else. It’s almost equivalent to IDFV at this point.
Claim: “Fingerprinting will always be an option to provide compliant attribution.”
I would love for fingerprinting to “always be an option,” and I’m not a complete privacy zealot by any means, but it’s incorrect:
- In this video released as part of WWDC, they describe that fingerprinting is indeed a form of tracking this applies for:
- Also – In the past two to three years, Apple did a lot of work on Safari, their browser, to reduce cross-site tracking by imposing aggressive limits on cookies and other website data. This project is called ITP, and I believe it was the precursor to all the work Apple did on the IDFA.If you read this ITP article about “Privacy Preserving Ad Click Attribution For the Web” – you will see it bears a lot of resemblance to some mechanisms they added to SKAdNetwork 2.0. And if you look at ITP’s Tracking Prevention Policy, they are very clear about fingerprinting:
Besides, I don’t think that’s the spirit of the law. Or, in other words: in what universe would Apple be cool with fingerprinting when they’re making these very apparent steps towards privacy?
Claim: “There’s no role for the MMP in iOS.”
While some of the mechanisms have changed, the role of the MMP stays exactly the same: provide unbiased measurement that leads to actionable decisions about media buying and mobile marketing efforts.
That job has not changed one bit. SKAdNetwork is going to cause more mess than before, where you’ll now have those “apple-signed install notifications” sent to all sorts of endpoints, and you’ll need a third party to ingest them and validate them.
You’ll also have to deal with details like:
- How do I assign campaign IDs in such a small space (a number between 0 to 99, a total of 100 options)?
- How do I translate these IDs to something meaningful?
- How do I associate cost to it?
- How do I translate my “conversionValue” from a 6-bit number (64 options only) to something meaningful?
- How do I then translate that to ROAS?
All that mess is the job of your measurement provider. That’s where Singular comes in, and I’m sure other MMPs will follow suit (they also don’t have that much time to figure things out because in October iOS 14 will have 50%+ adoption in the market).
IDFA Alternative: “iOS Referrer, similar to the Google PlayStore Referrer.”
This is a nice idea that everybody wished for, but I can’t see Apple going for it.
Why? For the simple reason that it lets the advertiser’s app know exactly where a user came from. And that means that even if you can’t access the IDFA, there’s still some cross-app tracking taking place … which is against the spirit of the law. So I can’t see how it would be compliant with Apple’s push for privacy.
IDFA Alternative: “Mandatory or incentivized opt-ins will work”
Assessment: Not going to work
First of all, mandatory opt-ins will certainly anger Apple. And they probably won’t like incentivized opt-ins either. But that’s not even the biggest problem.
The biggest problem is that you need opt-in everywhere for this to have any meaning:
- Let’s say that I play “CoolGame 3” and they did a great job forcing/incentivizing me to opt-in. Great for them.
- Let’s say that now I see an ad for Uber in CoolGame 3.
- I go on and install Uber.
- Uber wants my ride $$$, so they won’t force me to opt-in. So I would probably opt-out given that scary popup.
- Uber can’t attribute me.
- CoolGame 3 doesn’t get paid.
- CoolGame 3’s great attempts to get me to give them my IDFA didn’t help.
IDFA Alternative: “More granular tracking permissions with attribution as an exception.”
Assessment: Doubt it’ll make iOS 14
That’s great, and I’d love for it to become a reality, but so far, it seems that attribution doesn’t fit the criteria that Apple put in place for exceptions. Additionally, IDFA is simply not accessible by the API without an opt-in.
It’s possible that Apple would expand SKAdnetwork to support more attribution use-cases, but in my opinion, an outright exception to use identifiers would be off the table. Looking at how they handled ITP, they made no exception and considered all of this as collateral damage:
Claim: “This will impact the SDK ad networks more than the SANs.”
Assessment: I think both are equally impacted
SANs are the most powerful networks out there, with extremely precise targeting, and according to our data and ROI Index, they are the top-performing channels that capture the lion share of the spend.
That being said, unless SANs like Facebook and Google get special access, this impact could change things for them just as much as it’s changing things for the SDK Ad Networks, and potentially even more because much of their superiority lies with accurate data, the kind of data Apple will be taking away by anonymizing everything. Also – SANs may also have a large dependency on View-Through attribution, which these changes impact too.
Claim: “Apple already provided exceptions to obtain IDFAs without user opt-in.”
Assessment: Seems false in the beta so far
We tested iOS 14, and the method that gives the app the IDFA is returning 0s in case the user didn’t opt-in. This also aligns with Apple’s documentation, IDFA wouldn’t be accessible without a user opt-in.
I don’t think Apple ever said that you could obtain IDFA without opt-in, and what I do see in their docs doesn’t speak about IDFA:
Idea: “Let’s hash IDFAs, and so the actual IDFA will never leave the device.”
Assessment: Doesn’t solve for privacy
Doing a one-time hash creates a really easy way to utilize the IDFA still. If everybody could collect IDFA, and hash it, then you now essentially got a new IDFA (let’s call it HIDFA – Hashed IDFA).
- CoolGame 3 takes my IDFA and hashes it. They now have my HIDFA, and they send it to CoolGame’s servers.
- Uber takes my IDFA and hashes it. They send my HIDFA it to Uber’s servers.
- Uber and CoolGame 3 can now track me across apps.
So we ended up with the IDFA again.
Claim: “We’ve done fine when Apple deprecated UDID and MAC addresses.”
Assessment: I think it’s irrelevant this time
Yes, we have gone through a lot as an industry, but I don’t think this one is the same. I’d love to be wrong, but in the past, when permanent device identifiers went away, temporary ad IDs gave us what we needed. This is a different scenario entirely, where the OS has stepped into the attribution flow.
Claim: “Facebook will not be affected.”
Assessment: Not sure
Apple has been known to give Facebook an unfair advantage before, whether it’s native integration into the OS or other things. But, in this move, Apple seems to have impacted their own ad network (Apple Search Ads), and play by the same rules.
There is an open question about whether ASA will be able to track installs on LAT users and bill you based on that, but they’re making such a big deal about privacy, it would be SO WEIRD if they just gave ASA or Facebook some magic access… but who knows.
Claim: “This will push all the ad dollars to Android.”
Assessment: I think it’s unlikely
There may be some initial push towards Android where things “simply work,” but I don’t think that’s sustainable. iOS revenue share in most western markets is 65%+, and I doubt app developers will give up that revenue stream. Some of the UA/Advertising capabilities will be impacted on iOS; there’s no doubt about it… but there will be some tools and capabilities that will still enable the advertisers to do their job, and I think these will get much better over time.
Join the conversation
Have questions? You’re not alone. Our entire industry needs to adapt to these new privacy enhancements, and we have to do it fast. We invite you to join our community coalition, Mobile Action Privacy (MAP), on Slack to connect with other thought leaders, ask questions, and share ideas.
You can also watch our on-demand webinar, iOS 14 & IDFA changes: What you need to know, where I reviewed what losing the IDFA means for marketers and what data-driven marketing will look like in the very near future. Stay tuned! More to come. 😊