What is fingerprinting?
Digital fingerprinting, also known as probabilistic attribution, refers to a process that advertisers sometimes use to gather information about users who have interacted with their ads in order to identify their unique device. Fingerprinting works by combining certain publicly available attributes of a user’s device, location, and more to create a unique identifier or “fingerprint” of their device. Specifically, the attributes that are collected to identify a user’s device include their computer or mobile hardware, operating system, IP address, web browser, and more.
The two main types of fingerprinting include browser fingerprinting, in which information is collected through the user’s browser, and device fingerprinting, in which information is collected through the apps a user has installed on their mobile phone.
Fingerprinting is typically performed by third-party tracking and attribution companies instead of individual websites or apps. This allows these third-party providers to collect tracking information across multiple sites and apps, create a unique identifier for the user, and match subsequent app activity such as installs or in-app purchases.
It’s important to note that in iOS 14, there is very limited space for fingerprinting.
Apple has specifically said that unless someone has consented to tracking, you cannot track them across websites and apps. While some mobile attribution and marketing measurement vendors translate that to mean “you can’t use the IDFA,” the reality is that Apple has said it means any means of tracking at all.
And that means that using fingerprinting to track users or measure mobile marketing on iOS is a business risk that could get app developers in hot water with Apple.
Uses of fingerprinting
The two most common use cases of fingerprinting include retargeting and mobile attribution.
In the context of retargeting, the most common type of tracking is done through website and app cookies. Since users can clear and block cookies on the sites and apps they visit, fingerprinting allows advertisers to still identify which users that have interacted with their ads. This information is then used to retarget the user with relevant ads, and ideally increase their ROAS.
Fingerprinting is also a technique used to perform mobile attribution. When a user clicks on an ad that has a tracking link attached, this information is collected by third-party attribution providers and combined in order to create a unique device fingerprint. If the user then downloads or opens a mobile app after clicking the ad, the attribution provider is able to match their device fingerprint with the previous ad click and correctly attribute it to subsequent user actions. This added layer of attribution ensures that advertisers are able to pinpoint exactly which ads are leading to valuable app installs or in-app activity, regardless if the user has cleared their cookies.
Mobile device identifiers are also only available inside apps, which means that any ad campaigns that are using a mobile web environment may need the use of fingerprinting to perform attribution. For example, our probabilistic attribution FAQ page provides the following examples of mobile web campaigns that make use of fingerprinting for attribution:
- Email campaigns
- Tracking organic downloads from your mobile web landing page
- Campaigns with ad networks working with mobile web inventory (Android only after iOS 14)
How Singular uses fingerprinting
Singular uses fingerprinting as one of its techniques to perform mobile attribution for advertisers where allowed by platform owners and desired by mobile app marketers.
When a user clicks on ads that have tracking links or downloads an app, the Singular SDK can collect this information in a database that can later be searched for the relevant user fingerprint. If there’s a match in the database, the associated ad is then attributed with the app activity.
Since fingerprinting is a probabilistic attribution method, it is not always as reliable as directly matching devices with their unique identifier. For that reason, Singular uses fingerprinting as a backup attribution technique if there is no device identifier available or if there’s no Google Install Referrer available.
Since the release of iOS 14, Apple requires app developers to request permission to track users when you’re tracking or measuring across websites and apps owned by different companies. This severely limits when and where you can use fingerprinting on iOS (more details here).
Due to the increased difficulty and probabilistic nature of fingerprinting, this technique also has a different attribution lookback window than cookies or device identifiers. For example, unique identifiers such as IP addresses typically change more often than a device identifier. As a result, the accuracy of fingerprinting decays exponentially after 24 hours, which is why Singular limits the lookback window to 24 hours in order to achieve the highest possible attribution accuracy.
AdExchanger highlights this decay in probabilistic attribution accuracy as follows:
Compared with deterministically matched attribution, fingerprinting is 98% accurate when the fingerprint match is made within the first 10 minutes, which is also when the majority (56%) of attribution occurs. If the attribution window is between 10 minutes and three hours, accuracy drops to 80%. Between three and 24 hours, using fingerprinting logic is a coin flip – only 50% accurate.
Finally, in order to achieve the highest degree of attribution accuracy, Singular collects and stores a variety of publicly available data points which can include:
- IP Address
- OS Name
- OS Version
- User Agent
We’ve reduced the number of data points we collect on iOS 14 specifically. Keep in mind this information is provided by HTTP headers and is in accordance with Google and Apple privacy policies.
If you would like to learn about all of the mobile attribution techniques Singular uses in addition to fingerprinting, you can find more information in our Help Center.