Apple made two announcements at its annual developers’ conference, WWDC, last Monday that caused mobile marketers to take pause. These were:
- Apple updated its iTunes app submission guidelines to declare that children’s apps (defined specifically here as apps submitted to the “Kids” category) can no longer include any app or advertising tracking;
- Apple revealed a new single-sign on (SSO) product called Sign In with Apple. This product will allow users to sign into third-party services via a random email address that Apple associates with the user’s iOS account email address; in this way, the user’s real email address is hidden from third-party services, and communications are relayed between the service and the user via Apple. Apple noted in its submission guidelines update that integration of Apple’s SSO product will be required in all apps that offer third-party sign in.
Many commentators interpreted Apple’s SSO product as an attack on Google and Facebook, which both offer single-sign on products and use user emails as targeting features for advertising campaigns. For example, an app developer can create a lookalike audience on Facebook using its users’ email addresses to target similar users; if the only email addresses it has for users are the obfuscated Apple values, Facebook won’t be able to match email data with its internal user data to identify users.
But I think the impact of this consequence of Apple’s SSO product is exaggerated. Firstly, this will only apply to new users that register with Apple SSO, and Apple hasn’t indicated that it won’t also allow app developers to collect email addresses through other means (eg. asking them to provide a non-Apple SSO email address). Secondly, email isn’t the singular identifier that Facebook and Google really use to anchor data to individual people: those are the platform identifiers, the IDFA on iOS and the Advertising ID on Android.
But developers are also increasingly harvesting phone numbers from users as unique identifiers, and phone numbers change far less frequently than device identifiers. And since phone numbers are required for two-factor authentication, then users mostly have no choice but to keep them current with their favorite services. Apple’s forced SSO integration won’t prevent app developers from being able to target users with unique data; it may simply change which pieces of unique data are used.
So while I think the degree to which Apple SSO impacts Google and Facebook has been blown out of proportion, I do think it potentially presages a very important change to the mobile ecosystem: the deprecation of the IDFA altogether.
Apple’s change in guidelines related to children’s apps hints at this. If Apple is building a precedent around rejecting advertising tracking in certain categories, it certainly doesn’t seem totally infeasible that it extends that judgment to all categories by deprecating the IDFA, just as it deprecated the UDID back in 2012.
The phasing out of the IDFA would have a tremendous impact on the mobile advertising ecosystem. Even the prospect of the IDFA’s demise should inspire some consideration by marketers around how their business endures in a world without that identifier, since it ties into basically every aspect of mobile marketing: targeting, attribution, re-engagement, etc. Without the IDFA, almost all of the machinery upon which modern mobile marketing relies becomes obsolete and in need of re-tooling. Developers should at the very least understand conceptually what a continuation of business plan looks like in the wake of the IDFA’s deprecation.
Frankly, marketers should have been considering this for a while — at least since the revelation of SKAdNetwork and the introduction of IDFA Zeroing. Apple has been tip-toeing toward an IDFA-less reality for a while, and non-direct response marketing formats have forced marketers to build comprehensive macro models of performance that don’t account for individual attribution, anyway. In a post titled Mobile’s post-attribution era from 2017, I wrote:
App developers are no longer competing for the uninitiated: they’re no longer exclusively trying to reach first adopters in the developed world. Since everyone has a smartphone, everyone is a potential customer, and so marketing tactics have changed: hyper-targeted direct response ads have a place in every company’s strategic arsenal, but since users are everywhere, they need to be reached everywhere. Direct response, alone, simply isn’t broad enough to reach the total addressable market of a company operating in a big, expansive lifestyle space.
If a business is wholly reliant on perfect marketing attribution at the level of the individual user, then that business can’t weather the deprecation of the IDFA (and its viability with the IDFA is likely only illusory). The most agile mobile marketers — the ones who have reached beyond direct response — have already thought through these marketing models and, while they likely wouldn’t welcome the end of the IDFA, can at least withstand it. Every marketer should be thinking about how their job changes if the IDFA goes away.