In considering Apple’s decision to effectively deprecate its advertising device identifier (IDFA) in the weeks since it was announced at WWDC, I’ve come to the conclusion that the impact of this change will be enormous and transformational for the mobile advertising industry: an entirely new paradigm is being created, and completely new processes, tools, and infrastructure need to be built to accommodate it. I explain the implications of these changes in extensive detail in this post, and I won’t go into them here.
But what if I’m wrong?
What if the damage from these changes is contained in such a way so as the preserve the existing mobile advertising paradigm — that of deterministic attribution at the device level, on top of which all marketing efficiency is constructed? And assuming this is the case — how have I been wrong? Which assumptions of mine were invalid, directionally incorrect, or simply shortsighted?
I think it’s important in thinking about broad market trends over medium-term (1-3 years) timelines to attempt to rigorously challenge the underlying assumptions and guesswork that serve as change agents. One way to ensure this is to hold oneself accountable to predictions by making them public, as I do at the end of each year. I have been wrong about a lot of things — I predicted that Apple would not launch a mobile ad network, for instance — but I try to stress test the underlying components of any prediction such that the logical chassis of any prognostication is sturdy. I attempt to do that here by examining the mitigating factors that could potentially soften the blow of IDFA deprecation.
Google doesn’t follow suit and deprecate the GAID
Consensus opinion seems to be that Google will emulate Apple’s decision to deprecate the IDFA and will create a similar opt-in mechanic that will allow a user to control which apps access their Google Android IDs (GAIDs). I talk about why I believe this assumption is reasonable in this post from February, in which I explored the fallout of a hypothetical decision by Apple to deprecate the IDFA, and in this post.
While Google is by no means obligated to do so, I think it is very unlikely that Google won’t follow Apple’s lead and deprecate the GAID. Apple and Google have remained more or less in lockstep with respect to privacy controls, with banning third-party cookies in Chrome and in introducing a Limit Ad Tracking setting on Android. The optics of Google not remaining in lockstep with Apple with respect to advertising identifier access would be problematic: Google is currently being probed for an anti-trust case related to its dominance in the online advertising market. While GAID deprecation isn’t related to its market position with advertising, one could make the argument that by not deprecating the GAID, Android becomes a more attractive platform for developers (and thus advertisers), bolstering its app advertising business.
But Google might take a softer touch with privacy controls that don’t result in the effective deprecation of the GAID. If this is the case, and advertisers have broader access to GAIDs than IDFAs, more advertising money might flow to Android and the bear case around IDFA deprecation — that it leads to the total destruction of the device-identifier-centric mobile marketing model — is harder to defend.
But App Store revenue is roughly double that of Google Play. Apple deprecating the IDFA means more than Google deprecating the GAID: even if Google doesn’t follow suit, the impact of “mere” IDFA deprecation (versus deprecation of mobile advertising IDs generally), holding all other assumptions constant, is extreme.
Opt-in rates for ad tracking are very high
No one really knows with any credible clarity how users will react to ad tracking opt-in prompts. TapResearch has been conducting in-app surveys around how users will respond to opt-in prompts, and those are not very encouraging, but if opt-in rates are surprisingly high (for example, 70%+), then the impact of the opt-in mechanic will be muted and probabilistic models can simply supplement deterministic attribution.
The big open question around opt-in rates is whether the platforms will allow the incentivization of opt-in: if, for instance, an app could give a user free credits or some form of reward for opting into ad tracking. If app developers are allowed to incentivize tracking, they might be able to reach the levels of opt in that allow for scaled, device-identifier-centric app marketing.
But one thing to keep in mind on this topic is that LAT rates are already very high: the MMP Singular measured LAT rates of more than 30% in the US. Even a 70% opt in rate would put total device identifier access at less than half (70% of 70%, or 49%).
Apple doesn’t or can’t enforce its proscription of device fingerprinting
Apple has been clear that it will not allow for the fingerprinting of a device if the user has not opted into ad tracking. And we can take guidance around Apple’s attitude towards fingerprinting through the position it takes in WebKit.
But perhaps Apple will choose to not enforce this position — it’s possible that Apple will allow some form of fingerprinting to be done at the device level, and these fingerprints will create the opportunity to do device-level ad targeting even when a user has not opted into tracking.
Apple allows third-party Single Sign On even if a user has opted out of ad tracking
The primary pushback I received from my analysis of Facebook’s vulnerability to IDFA deprecation is that Facebook isn’t dependent on IDFA since it has its SDK integrated into many apps: it has full access to the device and, with Single Sign On, can very effortlessly tie any given device to a Facebook ID without IDFA.
I don’t think this is credible. Firstly, Facebook Login rates in many types of apps (especially games) are incredibly low: it’s not easy to force a user to register an account after install, and registration and log-in mechanics increase churn. For some apps, like subscription products, registration mechanics aren’t as imposing, but for many types of games they are a non-starter.
The question, though, is whether Apple even allows for third-party SSO if a user has not opted into ad tracking. And we have some guidance around how Apple is likely to approach this: Apple launched Sign in with Apple at last year’s WWDC, likely as a means of reducing Facebook’s reach across the app ecosystem via Facebook login. Could Apple limit SSO to just Sign in with Apple if a user has opted out of ad tracking? Or might it prevent SSO completely if a user has opted out of ad tracking? This is all unclear, but it doesn’t seem likely that Apple would go to the trouble of introducing an opt-in mechanic to then allow developers (and Facebook) to sidestep it via SSO.
One wildcard here: Facebook has the phone number of each of WhatsApp’s 1.5BN monthly active users, and a phone number is a much more precise identifier than anything else that Facebook could potentially use for matching a device to a Facebook account: back in 2014, I posited that Facebook’s motivation in acquiring WhatsApp was to acquire those phone numbers. How a phone number could potentially be gleaned by Facebook via an app is unclear: the app would have to request the phone number from the user if they’ve opted out of ad tracking, which is suspect.
I think one key consideration in all of this, with respect to the assumptions above and any application of a workaround or loophole, is the total control over the ecosystem that Apple commands through its review process. Apple can keep an app in jail for any infraction of its terms: as the gatekeeper to the App Store, Apple can ensure that all apps are in absolute compliance with not just the letter of its terms but also the spirit. Any proposed workaround to the privacy protections coming to iOS 14 assumes that either Apple won’t be able to detect what the developer and its ad partners are doing or that Apple simply won’t care.