Another June is over, another WWDC has come and gone. Just as we’re all getting to grips with App Tracking Transparency (ATT) and iOS 14, Apple have announced features that will be arriving with iOS 15, hitting devices in a matter of weeks (this autumn – likely September).
Many changes were announced for iOS 15 that are consistent with Apple’s focus on privacy – including changes that further limit tracking and increase transparency. Below I have highlighted the three major implications that app marketers need to pay attention to:
1. SKAdNetwork (SKAN) postbacks to advertiser’s endpoint
One of the few perceived benefits of SKAN over previous attribution methods was that it was seen as a way for advertisers to gain increased transparency from an industry that has been dominated by blackbox ad networks. The fact that SKAN postbacks include the “source App ID” (the publisher that has driven the download) was seen as a win, as the likes of Facebook, Google and other ad networks previously have not shared this data with advertisers.
This brief positive realisation was stopped in its tracks when Facebook and Google announced that they would not to share granular SKAN data with advertisers or attribution partners. Whilst frustrating, there was nothing an advertiser could do – as the iOS 14.5+ SKAN postbacks go directly to the network. The network is in complete control of if they share the data, who with, and to what level of granularity.
Welcome iOS 15! Advertisers can now configure an additional universal SKAN postback – allowing them to receive all postbacks from all ad networks (including Google & Facebook). This is a win for advertisers and MMPs, and a further demonstration of Apple’s willingness to force its agenda on the giants of the industry. Small caveat for those advertisers celebrating this news: that raw data alone may not be as useful as you would hope. It is possible that SKAN data going via the network to the MMP is more valuable, as the data can be enriched with essential campaign information that is necessary for any deeper analysis.
2. App Privacy Report
The app privacy report in iOS 15 makes it easy for consumers to see exactly when and where data is being sent outside of the apps they are using. With a couple of taps, a user will be able to select an app and immediately see which third parties that app is calling and sharing data with.
This report will not list first party domains, so it is completely OK for an app to be sending and receiving data between the app and the company that owns the app. It will, however, list all third party domains. What will likely appear top of the list (and thus get the most consumer scrutiny) will be MMPs, analytics and measurement platforms, data brokers, mediators, and ad network SDKs.
What is unknown is how much consumers will care and what action they will take. Considering most apps will be listing the usual suspect we believe the impact of this feature will be minimal on mobile app advertising.
3. iCloud Private Relay
With iOS 15, Apple is upgrading its service for iCloud users (and calling it iCloud+). iCloud+ will offer a suite of new privacy features, including Private Relay for Safari. Through a toggle switch – which is ‘on’ by default – iCloud Private Relay will enable users to obfuscate their IP address (like a VPN).
An additional setting ‘Preserve Approximate Location’ then allows users to pick how accurately their new IP address should reflect their true location. By default, this is set to ‘on’.
From our own tests at Dataseat, we were able to confirm that our testing engineer – working from home in the exotic suburbs of Milton Keynes (50 miles north of London) – appeared under a Milton Keynes IP address when using this setting.
With ‘Preserve Approximate Location’ disabled, they appeared under a generic London IP address.
For now, this will only impact a small fraction of traffic relevant to iOS app advertisers, as private relay applies only to Safari mobile web traffic for paid iCloud users. The private relay does not apply to iPhone users using Chrome or other browsers, and more importantly it does not apply to app traffic. The latter point being the most significant, as IP address is used by app developers for a vast array of user cases – not least probabilistic matching for attribution.
Having worked with David and Paul at Criteo I am delighted to have rejoined my old colleagues at Dataseat as Director of Business Development. If anyone would like to discuss any of these topics further with me please email me at firstname.lastname@example.org