The Fiksu Blog

Marketing Attribution – Beyond The UDID

It’s no secret that the UDID has been a topic of controversy in recent weeks. Recent reports that Apple is rejecting some apps that utilize the UDID have generated significant levels of confusion and debate. Exacerbating matters are conflicting reports and escalating rumors of what apps Apple is or is not approving leaving app developers and marketers struggling to answer the question of how best to grow their business in the face of UDID deprecation.

Our goal in this post is to fill you in on what the current situation is – what is known fact, what is rumor, and finally, to answer the question: “what’s an app marketer to do?” as our industry progresses beyond the UDID.

The Situation

Apple announced its plans to deprecate (retire) the UDID last August. Based on past Apple history, many in the industry interpreted this as an early warning, so UDID alternatives have not progressed much until recently. It now appears that Apple is increasingly utilizing the app approval process to influence UDID usage and how such usage is communicated to consumers.

The difficulty for developers is knowing what is and is not acceptable to Apple relative to UDIDs.

Kim-Mai Cutler of TechCrunch, who originally broke the news, about apps being rejected clarified what is acceptable in a subsequent posting. She cited the current confusion in the market, and provided an example of an actual rejection, in which Apple cites the use of UDIDs without disclosure as the cause for the rejection. She further notes that some apps are still getting through the approval process, even if they access UDIDs. “The distinction is that they need to disclose this fact to users and ask for permission.”

Getting Apps Approved  - Strategies for Success

In fact, most apps accessing UDIDs are still being accepted. What we’ve heard from our Fiksu clients, the media, and others in the industry is that apps that disclose the use of UDIDs to the user, provide opt-outs, and encrypt UDIDs are currently receiving approval. In addition, app developers are increasingly providing more comprehensive privacy policies and providing URLs to that policy in their app store landing pages. This lets consumers more easily review the privacy policy prior to downloading apps.

Flurry has also done a similar client audit, and VP of marketing, Peter Farago, was quoted as saying, “There is literally not one developer’s app that we could find that had a rejection due to UDID alone.”

So What Does This Mean for Mobile App Marketers?

It’s increasingly clear that the UDID is on its way out. What’s not yet clear is the exact timeline for elimination, which technologies are going to replace it and which will receive widest adoption. As such, savvy marketers need to manage multiple technologies during this difficult transitional stage.

Here is a review of the major technologies currently being proposed in the market:

  • HTML5 1st Party Cookie Tracking: This technique tracks ad performance by setting the Safari equivalent of a first party cookie. This results in accurate ad attribution with no room for ambiguity. Cookies are not device identifiers and cannot be shared with other apps. This method has the advantage of being the mobile equivalent of a commonly used and widely accepted web tracking solution, and does a good job of balancing the need for ad performance attribution with user privacy. Because it provides a direct link between clicks, installs and post-install events, it is well-suited for identifying ad sources that attract loyal users. Its major drawback is a redirect to a Safari page on the first launch of the app, which shows up as a short animated flash. It should also be noted that such an experience may be branded and integrated into the user experience. Cookie tracking is an effective solution for those focused on getting the best quality attribution for measuring ROI on media spend.
  • Digital Fingerprinting: This technology matches attributes such as a user’s IP address, OS level and other data to “fingerprint” the user and statistically estimate conversions. For example, if a particular IP address clicks on an ad for an app, and then the same IP address creates an install of that app 60 seconds later, chances are good the user who clicked and the user who installed the app are one and the same. Where this gets tricky is that the data points used are not unique and can change, so there can be errors. Though this method works well for tracking simple conversions, it is not sufficiently reliable for tracking post-install events, which are critical to identifying ad sources that generate high quality, loyal users.
  • MAC Address Tracking: A number of ad networks have viewed substituting the UDID with another unique identifier tied to the hardware device, the MAC Address. Some variants encrypt the address or use it as a key. The major benefit of this method is that it requires minimal change to existing infrastructure – MAC Addresses are handled in a similar manner to UDIDs. Many in the market believe that MAC Addresses carry similar privacy issues as the UDID and thus are not viewed as a long-term solution.
  • OpenUDID and SecureUDID: These are technologies that offer open source implementations, a unique id, and the promise of an explicit opt-out for users. These implementations utilize the device copy/paste buffer as the location for storing this ID. Since the copy/paste buffer wasn’t intended for long-term storage, there is concern that this method may ultimately be frowned upon by Apple, but there appears to be support amongst some of the ad networks for these methods.  

What’s the Right Choice?

Each of the methods above has advantages and drawbacks. Some vendors have lined up behind particular technologies and are pushing them hard as the best choice. Ideally, a single solution supported by Apple would be the best solution.

Very recently rumors have been circulating that Apple will not fully deprecate UDIDs until the launch of iOS 6, and at that time advocate a first party cookie option. But this is unconfirmed. Even if accurate, developers still need alternate solutions between now and then.  

Ultimately it is the availability of traffic on the ad networks, and the corresponding technologies chosen by the networks that may drive decisions for developers.

How Are Ad Networks Voting?

Most app developers we speak to hope for one solution that will be widely adopted by the ad networks. 

Fiksu works with more than 35 networks covering 90 percent of available impressions and has been actively surveying the market.

Right now, the ad networks are extremely fragmented on the best way forward. Some are taking a “wait and see” approach. Some have already invested time and effort in support of the MAC option. A number have implemented or have committed to providing changes needed for cookie tracking, and there has also been some support expressed for OpenUDID. Finally, a few are even supporting multiple technologies.

Given this state of fragmentation, we expect to see continued evolution and change across the iOS ecosystem in the coming months. As a result, finding the right mix of tracking and attribution – while ensuring sufficient market reach – has become much more difficult for marketers.

So What’s an App Marketer to Do?

First, app marketers should contact the networks or vendors they partner with, and understand what SDK changes they need to implement in order to move beyond the UDID.   

For the short term, developers who want to maximize available traffic should continue to support the UDID. Despite the numerous technology and tracking announcements, the reality is that most traffic available on the market today utilizes UDID tracking – it is going to take the ad networks and the publisher sites time to settle on new solutions and to implement them.  

Developers should carefully review their disclosures and privacy policy and ensure that they contain appropriate user disclosure.

Developers should at the same time be reviewing their ad partnerships and determine the impact to their code.

Ultimately this will be a difficult transitional stage, but one which will leave the industry with stronger user protections. 

Fiksu’s Plans – Provide Full Coverage

To ensure we stay ahead of these market changes and to provide our clients with the widest range of traffic, Fiksu is rolling out a multi-prong solution, one that balances consumer privacy with the market need to attribute ad spend to identify the most profitable sources of downloads.

Rather than limit capabilities or reach by mandating use of one particular technology, we will provide a range of solutions including:

  • HTML5 First Party Cookies;  
  • Digital Fingerprinting; 
  • MAC Address attribution;
  • OpenUDID and SecureUDID initiatives.

Clients will have access to all of these methods, eliminating difficult decisions and tradeoffs. This will enable us to maximize reach, support the widest variety of ad networks and meet our clients’ specific needs. Stay tuned for more soon as our industry moves beyond the UDID.

Add new comment

Latest from the Twittersphere