Fingerprinting with iOS 14: Reality or delusion?

This guest post was written by David Philippson, the CEO of DataSeat

Readers of this article will be aware that the IDFA has been living on borrowed time since Apple announced its deprecation back in June 2020. There has been much speculation from stakeholders in the industry, but few give context and detail, and all typically stick to their own company’s narrative – which more often than not has been negatively affected by Apple’s decision. 

My intent in this article is to be transparent about the efficacy of the three attribution methodologies (IDFA, SKAdNetwork, and fingerprinting) available to marketers on iOS, and make some predictions to open the debate beyond the current stakeholder narratives and interests. My detailed knowledge and strong opinions come from having founded pioneer Mobile Measurement Partner (MMP) AdXtracking back in 2011, which also helped me predict the deprecation of IDFA in this adexchanger article one month prior to Apple’s announcement.

The first important point to note is that Apple introduced the IDFA back in 2012 for the purposes of marketing attribution. What they did not expect – and what I believe is Apple’s biggest objection/issue with IDFA – was the widespread abuse by many large ad networks who discovered they could run far more profitable advertising campaigns by storing device ids (without consumer consent), and building profiles of behavior. This can be described as User Acquisition with behavioral targeting driven by device graphs. An easy way to understand this is with the following example:

If a large advertising network knew the device ID of every Match 3 game user and depositor in the world, who would they serve ads to when they win a new match 3 game client?

This practice is what I predict is Apple’s biggest objection to the IDFA, and thus is what stops immediately after IDFA deprecation. If you are an advertiser, expect to feel this pain, as whether you knew it or not, the majority of the performance of your UA campaigns is currently driven by such practices.

To replace IDFA’s function in attribution, Apple has introduced SKAdnetwork, or SKA, which is a privacy-first mechanism for Networks to receive install notifications. From a marketer’s perspective, SKA is extremely limited when compared to the current norms of deterministic IDFA attribution and probabilistic fingerprinting. Most notably, the install notifications do not allow a network to decipher which impression or click led to a download – to the detriment of optimization. The install and in-app event notifications are also delayed by 24hrs+, meaning any real-time decisions are delayed and any LTV calculations are limited to less granular 6-bit conversion values. This essentially means LTV and ROAS reporting will be severely limited. Two additional difficulties on the Supply side are:

  1. Mobile web publishers are not trackable at all by SKA;
  2. App publishers need to upgrade their apps and ad serving SDKs to be compatible, and this will take a long time to propagate – most likely many months beyond the ban. This last point means that many publishers, impressions and clicks won’t be trackable at all for a long time. Currently, only 15% of in-app bid requests that we see are SKA compatible.

While there is no question that deterministic IDFA tracking will come to an abrupt stop when Apple rolls out App Tracking Transparency (ATT), the same cannot be said for probabilistic fingerprinting. Fingerprinting (or FP) was originally created to facilitate tracking mobile web clicks where no device ID was available, and involves an MMP recording user metadata on click (typically IP address, OS version, Device model) and matching those device properties when a download occurs. The method has some clear flaws, such as false positive and negative rates.

A false positive occurs when an organic download in the same time interval has the same OS version, model, and IP address as a paid click, and is incorrectly attributed to that campaign. A false negative is when a user’s fingerprint changes between the click and the install event –  e.g. because they are on a cellular connection, or are traveling – and what should be attributed to a paid campaign is instead labeled as organic. When discussing this topic, many advertisers ask me how accurate fingerprinting really is. The answer is incredibly complex, as it depends on so many variables, but for the sake of this article let’s assume 90% accurate and 10% false-negative/positives on a short attribution window.

When considering the benefits of fingerprinting, we should do so in comparison to SKA and not its doomed counterpart, the IDFA. So in comparison to SKA, FP allows for real-time download notifications, which benefits optimization. It is compatible with all traffic: both in-app and mobile web. Granular event capturing (and therefore LTV monitoring) is possible using the device’s IDFV, and most importantly there is no persistent identifier that allows networks to build user profiles and device graphs of users without their consent, so arguably it can achieve the majority of consumer privacy gains without damaging the marketer’s ability to run profitable campaigns. It’s worth noting that FP has never been enabled for SRN’s (FB, Twitter, Snap etc.), as they all pushed their own agenda of gathering as many device IDs as possible.  

On the face of it, FP sounds like the best solution in an imperfect world. There is no doubt that marketers, MMPs, networks, and DSPs would prefer fingerprinting to SKA. Unfortunately, however, Apple does not have the same view. In their recently updated privacy FAQs they make it quite clear the FP is not allowed. 

In fact, this has been the case and stated in the developer program license agreement since 2016.

Unsurprisingly – and to make matters even more complicated – it appears that each of the MMPs have a slightly different view of this ambiguous situation, which could mean that a marketer’s experience of IDFA deprecation will be dependent on which MMP they use. Links to the different MMP guidance can be found below:

  • Kochava: view is that FP will remain:  “Re-configure your iOS attribution settings to maximize the accuracy of probabilistic attribution”;
  • AppsFlyer: view is that FP should be the advertiser’s choice, and are offering an “advanced privacy mode” (where fingerprinting is not enabled), and a “regular mode” (where FP is enabled);
  • Singular: is suggesting that FP will be in breach of Apple’s recently published terms and could be turned off: “you may choose to ask Singular to prevent any probabilistic matching for your campaigns in preparation for iOS 14”;
  • Adjust: view appears to be that FP will remain and are offering enhanced capabilities: “This includes an enhanced number of data points that are used for probabilistic matching, to attribute installs from clicks when the IDFA isn’t available”;
  • Branch: view is that FP is not in breach, as it does not allow for a persistent identifier: “Probabilistic modeling does not form a persistent ID, and MMPs do not use this technique to share or combine personal user information across companies.”

Unfortunately, what is best for performance marketing is irrelevant. The only thing that is relevant is which policies Apple decides to enforce, and how aggressively they do so. Despite the advertising industry’s dissatisfaction with SKA’s capabilities, its curious delay, and Facebook’s rather hypocritical ad campaign against it, it is obvious that Apple has thought this through and put a significant amount of effort into delivering a consumer privacy-first solution.

We do not think they will stand back and watch it fail. As fingerprinting gives marketers a far superior solution to that offered by Apple SKA, who would adopt SKA if they were still allowed to fingerprint? We suspect no one. Which is the exact reason we should all prepare ourselves for Apple to act quickly and aggressively to enforce a ban on fingerprinting shortly after ATT. Apple has set precedents enforcing their terms in the past by rejecting apps that contain SDKs that breach their terms of service, as well as warning app developers that they are responsible for the code their apps contain, and are at risk of permanent rejection from the App Store.

My advice to advertisers is:

  1. Maintain a close relationship with your MMP to understand their policies and capabilities for FP & SKA;
  2. Understand each of your media partners’ views and intentions regarding FP and SKA;
  3. Invest time working with transparent DSPs and networks which specialize in contextual targeting, as this will become the strategy of the future;
  4. Decide whether to implement the ATT popup or not – an increasing number of advertisers see the cost of presenting an alarming data sharing message as outweighing the benefits of a low opt-in rate;
  5. Regardless of whether you present the popup or not, configure your 6-bit conversion value to provide as much useful LTV information as possible after the download
  6. Finally, be prepared to turn FP off, should my prediction of a ban plus enforcement take place.

In the meantime, I think we all are looking forward to Apple confirming the updated release date of ATT, and their enforcement practices on fingerprinting.

David Philippson is the founder and CEO of DataSeat, an in-house mobile programmatic advertising solution. Prior to DataSeat, David served as the co-founder and COO of AD-X, one of the first attribution platforms for mobile, which was acquired by Criteo in 2013.

Photo by hessam nabavi on Unsplash