Protected Audiences API in Privacy Sandbox: a better Topics API?

Privacy Sandbox on Android won’t be fully available in general availability until the end of 2024 or perhaps early 2025. But Google’s done a huge amount of work on integrations and testing, and also significantly expanded the functionality of multiple parts of Privacy Sandbox: especially the Protected Audiences API.

First launched as FLEDGE, the Protected Audiences API was all about retargeting or remarketing. 

Not any more.

“The  Protected Audiences API started off its life as an API focused around solving the retargeting problem, but it’s become a lot more than that,” says Luckey Harpley, a product manager at Remerge. “And I think remarketing will in the end be a small part of it.”

Hit play and keep scrolling …

Privacy Sandbox 2024: faster on mobile, slower on web

Privacy Sandbox on the web and Privacy Sandbox on mobile are so similar in so many ways it’s tempting to link them together. 

(OK, fine, full confession: it’s a big temptation for me.)

But it’s important to remind ourselves that web infrastructure for internet marketing precedes mobile infrastructure for marketing by at least a decade. And that means there’s probably a lot more legacy web marketing infrastructure that is deeply dependent on cookies, including third-party cookies, than existing mobile marketing infrastructure that is completely dependent on the GAID.

(Plus, the web just moves slower than mobile, and that includes technological progress.)

As such, Google’s being extremely cautious about its plans to deprecate the third-party cookie. 

Third-party cookie deprecation was originally scheduled to be some time in 2022, believe it or not. After 2 earlier delays, we now know that 2024 won’t be the year either: Google recently announced that “we will not complete third-party cookie deprecation during the second half of Q4.”

Careful readers will note with a knowing grin that “we will not deprecate cookies in 2024” is not a promise to do it in early 2025. Or in late 2025. Or — frankly — even in 2026.

But true to form, mobile is probably going to move faster.

So despite the fact that the APIs for both web and Android are pretty much the same, the timeframes aren’t connected, says Singular’s head of Privacy Sandbox Omri Gal:

“It appears that it’s going to be slower on the web and probably faster on the device … third party cookies are currently here to stay, but the GAID … I don’t see it going away by the end of this year. But it looks like it’s pretty close in the early part of next year. And this is why it’s important to test.”

So the smart money is on the GAID going away early in 2025, while the third-party cookie might very well last another 6 to 18 months.

Protected Audiences API: all growed up now?

Back in the original Privacy Sandbox days, Topics API was about targeting and Protected Audiences API was about retargeting.

That’s not quite true anymore. 

“I think of the Protected Audiences API more like a protected auction API, and it has two parts,” says Harpley. “There’s the Protected Audiences side that it started with, and as of last December, we have the Protected App Signals side of it.”

Protected App Signals is kind of like Topics API in some senses. But rather than Topics API’s broad interest areas that are user-defined by what apps a person has engaged with, Protected App Signals is about specific actions like app installs, first opens, in-game level achievements, purchase activities, or time in app, Google says in the documentation.

That data is stored and made available to run a “protected auction” in which adtech companies can match up those signals with ad candidates, contextual information and choose a winning ad.

All of this happens on-device in a trusted execution environment, preserving privacy while providing ad relevance.

“The Protected Audiences part is for solving that remarketing problem that allows buyers to join users on the device that they might be interested in remarketing to,” Harpley says. “On the Protected App Signals side, it allows buyers or marketers to save signals about the user on the device, and use those signals at a later date for user acquisition campaigns. So we have these Protected Audiences and we have Protected App Signals both going through this protected auction system to solve both the retargeting and the user acquisition use case.”

In other words, Protected Audiences API is now a full meal deal.

And actually, for targeting, Protected App Signals is more powerful than Topics API, which almost seems redundant now.

(Learn more about Protected App Signals here.)

Testing Privacy Sandbox: Singular and Remerge

Singular has a new SDK with Privacy Sandbox built in, Gal says, which customers and partners have access to and have been testing since this summer. Remerge has a test app, implemented the new SDK, and is running campaigns with a mutual customer.

Google has rolled out Privacy Sandbox to about 1% of Android devices, so there are devices in the wild for testing purposes.

Here’s the flow, generally speaking:

1. An event occurs on-device (let’s say “add to cart”)
2. Singular receives it
3. Singular passes it to the adtech platforms (in this case Remerge)
4. Remerge will not have the GAID, but will respond do the device, letting it know that is interested
5. The device will trigger an ad auction
6. The device will choose a winning ad in the auction
7. An ad will be shown

What’s super interesting is the juxtaposition of today and tomorrow, and how Privacy Sandbox turns existing adtech logic upside down:

• Today, devices know their GAID but not much else in terms of ads
• Adtech companies know a lot about that GAID: where it’s been, what it’s doing, what apps it uses, and so on
• In the future, devices won’t have a GAID, and much of that contextual and behavioral information will live on-device
• In particular, all the information that can track users across apps and connect that activity in a single database won’t be available as it is now 

“The device keeps its clothes on, right? And everything stays hidden,” says Harpley.

Intra-app tracking won’t be possible anymore, he says. There’s still data about what people are doing, and there’s still ways to target valuable users, but the next of that data has moved.

“The device knows if this is a valuable user, and then when we see the user again on the publisher side, we won’t be able to connect it, but that device knows that it should show this information to the publisher,” he says.

So what do you need to do to prepare?

Read the docs and test, says Gal. 

And you’ll be able to do that side-by-side with your existing GAID-based workflow, which is ideal for testing.

“We plan to release a production SDK, Android version, which includes Privacy Sandbox APIs,” Gal says. “So our aim is to have clients with our SDK, with their production app that they are running as usual with GAID live and available, and we’ll be able to test all those APIs on these devices while we still have the regular measurement and regular flows. And that will be the best way to both check and validate that we’re doing everything right and all the dots are connected.”

One thing to note, just as we found with SKAN on iOS … there’s gonna be some growing pains.

So it’s best to start early.

Check out the full Growth Masterminds episode

Check out the full Growth Masterminds episode on YouTube, or on any audio platform that you choose.

Just search “Growth Masterminds” on your podcast platform of choice.