The mobile industry is undergoing one of the most fundamental changes of recent years. Apple has decided that early 2021, app developers will no longer have access to IDFA by default.
IDFA is a unique device identifier used for ad attribution, retargeting, alike audiences, analytics and other tasks. After the change, in order to receive the IDFA, an app developer must explicitly request the user’s permission (which is similar to allowing push notifications in an app). According to various estimates, the share of users who will provide access to their IDFA doesn’t exceed 10%.
Apple has provided privacy-friendly alternatives for attribution, but they fail to cover even a small fraction of the tasks that teams working on developing and promoting mobile apps currently have.
This shift means that mobile marketing (estimated at $80 billion), and by extension the mobile industry, are about to change drastically. In this essay, we will discuss in detail what will change, how it will affect the main players in the mobile advertising market such as developers, ad systems, attribution service providers, and advertisers.
IDFA (Identifier for Advertisers) is a unique identifier of an iOS device. It is used in mobile apps for user attribution and tells advertisers where a user came from.
With iOS 14, to be released in early 2021, every app that wants to use an advertising user ID (IDFA) will have to explicitly ask permission from the user.
This will work in the same way as requesting permission to send push notifications.
Request to use IDFA will look like this – the text on the popup will ask: “Would you like to give permission to track you across apps and websites owned by other companies?”
The text is very straightforward, and the button to refuse is located below, making it more convenient to deny access to the IDFA. Most experts agree that 9 out of 10 people will most probably not opt in. After the initial declaration, Apple suggested a milder design for the popup, yet the idea remains largely the same and won’t bring fundamental changes.
Thus Apple is breaking the existing ad traffic attribution infrastructure under the pretext of privacy concerns. And this will affect everyone: ad networks systems, mobile developers, advertisers, and users.
Previously, mobile developers and ad networks could use the IDFA without the explicit consent of the user. But now, the situation is radically changing:
1. Without access to IDFA, mobile ad attribution services (Appsflyer, Adjust and others) will no longer be able to trace back a significant portion of mobile traffic. It is important to understand that IDFA is now the primary accurate attribution tool. Appsflyer, Adjust and others will be forced to switch to less accurate and less efficient methods of determining the source of installs (e.g., device fingerprinting).
2. This will reduce the accuracy of traffic attribution, which will complicate things for companies developing and promoting mobile apps. In the future, it could lead to an increase in the cost of attribution.
3. We can expect a rise in acquisition costs as accurate targeting will become much more limited. Such popular and effective tools as lookalike audiences and retargeting will now be available only for a small portion of users who agreed to honor a request to provide access to the IDFA or used a relevant email or phone number while signing up.
Apple offered the market an alternative, privacy-friendly traffic attribution system. This system makes it possible to send information about installs to advertising networks without explicitly revealing information about the user. But, unfortunately, the capabilities of this system are severely limited and don’t cover basic marketing needs.
One of the biggest problems is that developers and ad systems will no longer have access to user-level data. They will only see aggregated data in the account.
Developers will no longer be able to calculate and segment ROI or link attribution data to product events.
It’s hard to predict the results of this change. But here are some possible scenarios:
Traffic attribution helps find out where a particular user came from. This is a critical task for performance marketing, as without high-quality attribution, it is impossible to determine which advertising campaigns are profitable (i.e., are making money) and which are not.
On the web, attribution is tackled in a simple way – we just need to add special parameters (usually utm-parameters) to the ad links leading to the site.
This scheme doesn’t work with mobile apps largely because mobile app stores add an intermediate step to the process and do not provide information about where the user came from.
Another reason is the policy of a number of leading advertising systems on the market. For example, Facebook doesn’t allow you to add any parameters when promoting mobile apps through its ad network.
Therefore, there are other methods for traffic attribution for mobile apps out there. Say you have a mobile app or a mobile game. To acquire users to your app, you purchase ad traffic. This is what happens in order to link ad clicks to an app’s install:
If you are not familiar with this topic, then here is a good essay.
As is evident in the process described above, data about users who click on ads is key to the logic behind mobile traffic attribution systems. The IDFA is the central element of the data collected, and if IDFA is missing, the accuracy of this attribution method will drop dramatically.
Without IDFA, services will have to rely on fingerprinting, which is significantly less accurate than IDFA. Since IDFA is a unique device identifier, using it allows you to accurately determine the source of the user’s traffic. If you don’t have access to IDFA attribution services, you will have to use fingerprinting.
Fingerprinting is a way of obtaining a device ID from a set of indirect attributes. As indirect signs, you can consider such things as the operating system’s version, IP address, operator, time and some other parameters. This identifier should make it possible to tell different users apart and remain unique to each user if possible.
However, fingerprinting is not accurate enough. Thus, as the proportion of users whose IDFA is accessible decreases, the accuracy of mobile attribution will worsen.
Fingerprinting is already used today, but for a rather small proportion of ad traffic. The reason is that some users are already invisible to ad networks (they don’t give access to their IDFA).
In 2016, Apple released LAT (limit ad tracking) that allows iOS users to opt out of targeted advertising by not giving out their IDFA and thus becoming “invisible” to ad networks. This feature is hidden in Settings> Privacy> Advertising, and also appeared when activating a new iPhone. However, even in this inconspicuous way of presenting it, about 30% of all users turned this option on. The number of invisible users increased from 15% in 2016 to 30% in 2020.
Before iOS 6 (2012), instead of IDFA, there was UDID available, which you couldn’t reset and it was always available. With such a tight bond, each user could be uniquely identified, a privacy nightmare. So Apple introduced IDFA in iOS 6. It is possible to reset it, and it also changes when the device is reset. Meanwhile, IDFA remains constant across different apps on the same device.
To summarize all of the above, IDFA plays a key role in solving the problems of purchasing and attributing ad traffic. The existing ad market is largely dependent on IDFA. It is the one thing that makes this connection between an advertising click and new users in the app. With the release of iOS 14, IDFA will become unavailable for most users, which will change the laws of mobile marketing.
At WWDC 2020, Apple unveiled a new operating system, and at the same time “delighted” the iOS app developer community that now IDFA won’t be a default feature any longer. Instead, the user will control IDFA access for each app by responding to a native popup inside the app. The design might change but the idea will remain the same.
The developer controls when to show this dialog. This means that he has the opportunity to explain to the user what the IDFA is for. It’s the same with push notifications: If you first explain why there is a need to enable them, more users will agree to receive them.
It is worth noting, however, that the IDFA popup will only allow minimal customization: Developers can only change the secondary text. Mind that everything is still subject to change—we will know how everything will actually work only once iOS 14 is released.
Another notable point in the design is that the Ask App Not to Track button is placed lower, which means it is more convenient for the finger to press. The warning itself sounds quite menacing too. All of this is bound to have a negative effect on the conversion to consent.
According to experts, the number of people who allow access to IDFA will drop to about 10%. For users who will not give access to their IDFA, a string of zeros will be provided instead of an identifier.
Apple has also presented its own attribution method to the market. To do this, the company created the SKAdnetwork privacy-friendly attribution framework, which allows you to transfer data to advertising networks without violating the privacy of a particular user.
The first version of SKAdnetwork was released in March 2018 in iOS 11.3, but very few used it: attribution through IDFA proved to be much more efficient and gave more data.
Apple’s attribution scheme works in the same way as other MMPs (mobile measurement partner), with some peculiarities. Developers and ad systems don’t have access to user-level attribution data, and only receive it in aggregated form, which dramatically reduces its usefulness since it doesn’t allow calculating ROI by user segment.
Only Apple-authorized ad networks will be able to receive postbacks about attribution. To do this, they will need to register, implement the ad mechanism and handle the postback. Without this, Apple won’t transmit installation data to the ad network.
To send the attribution event, the developers have the updateConversionValue method, which, after the first call, creates a 24-hour window. This is the only period where you can submit additional attribution data, such as install or event value.
Developers often submit data within months after the first attribution such as in products with a strong long-term retention or monetization models that involve subscriptions. In these cases, purchases can happen many months and years after the app’s first launch (which is a long funnel). It is convenient to send such data to ad networks to improve targeting. The 24-hour window severely limits this model. For example, it won’t be possible to register a first-purchase event in a monetization model that involves a trial and subscription (the minimum trial duration is 3 days) .
Event values can be used in different ways. For example, it can be the value of an event, measured in money: a user who came from campaign X bought a subscription for Value. Based on this data, you can improve your targeting. You can also encode the events themselves using value. For example, value = 0 means there was an install, value = 1 indicates the user activated a trial subscription, and so on.
Apple imposes a number of restrictions on Value:
Moreover, not everything can be considered as value, but the one Apple sees possible:
The postback may include a conversion value and the source app’s ID if Apple determines that providing the values meets Apple’s privacy threshold.
There are still no updates in App Store review guidelines, so it’s impossible to figure out what exactly can’t be submitted.
Retargeting and lookalike won’t be practically available.
Retargeting is an opportunity to show ads to an audience that has already interacted with a product. For example, a developer can show ads to active users in the app who are not paying customers, or retain those who have stopped using the product. To do this, a developer collects relevant user IDs, uploads them to the ad account and launches ads targeting this audience.
Facebook accepts not only IDFA as identifiers, but also emails, phone numbers and other data associated with a specific person. Thus, retargeting will continue to work if the developer has this additional data and can give it to the ad network.
Facebook has a clear advantage here: By using its large data set from all apps (Whatsapp, Facebook, Messenger, Instagram), the company has to see only one user parameter to get the rest of user IDs, as well as his email and phone number. However, we can’t really tell from Apple’s guidelines whether it is possible to transfer user data for a user who hasn’t enabled tracking. Plus, Apple is promoting its privacy-safe Sign In With Apple authentication method, which developers are required to support along with other authentication methods, limiting the ability to collect this kind of information.
This can also affect the design of mobile apps. Developers can start to force users to sign up before using the product. If you are already fed up with the need to allow cookies on all of the websites you are visiting, then expect something similar to happen in iOS apps.
A similar problem will occur with lookalike audiences, that is, audiences of users similar to a certain other cohort of users. If the audience you use to build a lookalike is small, you won’t be able to build a high-quality lookalike audience.
In addition to IDFA, iOS has another identifier – IDFV (identifier for vendor). This identifier remains the same across apps from the same developer, but it differs for different publishers. Therefore, ad networks won’t be able to use it to define a user within the attribution task.
However, due to the fact that the IDFV is the same in the apps of one particular developer, this developer understands which apps each user is using. This is convenient in order to advertise new apps in your other apps. For example, such schemes may be relevant for publishers of hyper-casual games, who often promote new products using cross-promotions in their other apps.
IDFV gives a rather vivid advantage to large publishers over small independent players. Large publishers are also more tolerant towards errors when acquiring paid traffic. In contrast, for small players, unprofitable ad campaigns can have a devastating effect.
These factors can possibly lead to faster consolidation of the mobile market (both horizontal and vertical). Thus we can expect large publishers to acquire small players. These big players will keep the traffic moving within their ecosystem, advertising their apps to their users. But neither ad networks nor MMPs have a place this scheme.
Among the major players in the attribution market, Adjust has been the most vocal about the situation. One of the company’s proposals to Apple is to use IDFA locally on the device for hash counting. The hash is computed using the SHA256 algorithm on the combination of IDFA and IDFV strings. It is transmitted to the server along with the IDFV. Then, the MMP (traffic attribution service) gets the IDFA from ad networks and does the search. If something matches the hash from the device, then attribution takes place.
However, it doesn’t look like Apple will buy into it:
At the time of this writing, there are no tools that will allow attribution at the current quality level in the future iOS 14. Adjust, along with other market leaders, has offered a few alternatives. Unfortunately, none of the proposed methods are in line with Apple’s policy and do not offer a quality alternative to IDFA.
iOS 14 will be released in early 2021.
Half of all devices are expected to upgrade by the end of 2020. Since the apps must support the new API to access IDFA, developers will lose access to IDFA immediately after the OS upgrade. They will be able to get it after the update is released and the users give their consent.
This will likely result in a situation where giving access by the users will look like a wave on the graph: a sharp drop in the first months followed by a gradual rise as developers start updating their apps.
Adjust has released an excellent guide on how to get your app ready for iOS 14, starting with understanding which third-party services and SDKs in your app are using IDFA.
To get access to IDFA, the developer needs to ask the users for their consent. Meanwhile, the developer will decide at what point to show the pop-up with a proposal.
This means that before showing the pop-up, you can use custom elements to explain to the user why you need them to open access to IDFA.
Developers have only one chance to ask the user for access to their IDFA, similar to prompting for enabling push notifications. We can expect developers to do their best to explain why they need IDFA before displaying the popup.
The marketing and product analytics sector will suffer the most. It will no longer be possible to access attribution data at runtime. The developers who used the IDFA as their user IDs will also suffer. To keep the analytics working correctly, they will have to change the identifier to IDFV or to an internal ID. Even so, it will be very difficult to maintain consistency with historical data.
The global mobile advertising market size stands at 80 billion USD, so we shouldn’t expect it to die or somehow shrink significantly. Companies will continue to acquire users for their mobile apps through paid ads. The question is, how efficiently will they do so? First, it will be more difficult to measure the effectiveness of campaigns. Second, lookalike audiences and retargeting will practically stop working.
At this stage, it is not clear what will happen to the ad traffic attribution market. If only 10% of the audience remains (these are the ones who have agreed to being tracked), will it make sense to use services such as Appsflyer or Adjust? Will it be justified to pay for these services? Apple encloses marketing data within itself and doesn’t want to give any of it away to developers or ad systems. Apple has already been sued because of this.
IOS 14 and restricting access to IDFA is also a big bomber for the ad systems. The mobile market is, in fact, a duopoly dominated by Facebook and Google—they will be hit the hardest.
We can expect accelerated growth in user acquisition costs, as well as consolidation of the mobile market.
In a more distant future, perhaps Google will decide to follow in Apple’s footsteps. Google also has its own LAT (which turns off access to advertising ID) and its own attribution system in the Firebase, which launched a year later after Apple. It is expected that Google will also make the IDFA equivalent unavailable on Android devices in the foreseeable future. This will be quite a kick in the head from Google towards Facebook’s position in the mobile ad market.
However, there are still many questions that were not covered in Apple’s User privacy and Data use guidelines:
In the most pessimistic scenario of all, in the next versions of iOS, Apple will block access to external analytics services to user data and promote its own analytics tools. On the one hand, this preserves the privacy of users, and on the other hand, it makes it difficult to create high-quality products.
This essay was written in collaboration with Oleg Yakubenkov. Oleg is the founder of GoPractice (a simulator for learning growth).