The moment Apple first announced its privacy changes, mobile marketers started thinking about potential workarounds.
That’s simply how we people cope with limitations. It’s in our nature.
At the time, one particular idea got the most traction – utilizing fingerprinting.
Back then, fingerprinting was not yet explicitly forbidden or disenabled. However, in 2022, things aren’t looking as good for fingerprinting. In fact, many proclaim this attribution method dead.
Why is that?
Upon reading this article, things will be more than clear.
What is fingerprinting & how does it work in mobile marketing?
Fingerprinting is an attribution method in which advertisers rely on device recognition. Provided by mobile MMPs (mobile measurement partners), it is used when marketers don’t have access to the users’ identifier for advertisers (e.g. IDFA, GAID).
By recognizing the users’ devices, advertisers are able to collect data from users who interacted with their ads.
Here’s how it all works.
When users interact with mobile ad URLs, they share certain pieces of publicly available data. This data makes fingerprinting possible, as it includes:
- IP address
- Device brand, model, and carrier
- OS name and version
- Timestamp
- Language
Combined, these data pieces form so-called device fingerprints. The more parameters are included in the fingerprint, the rarer the combination is, resulting in precise user recognition.
When a “fingerprinted” user clicks an ad and installs an app, the MMP will provide marketers with a corresponding ID. With this information, they know from which source these users came from, and which actions they took next.
On the flip side, fingerprints are not permanent and tend to expire very quickly. For this reason, they are mainly used to analyze install attribution – the period between a click and an app install.
In other words, fingerprinting allows marketers to identify users and track early interactions with their brands.
How accurate is fingerprinting?
Fingerprinting is not 100% accurate. For this reason, it is not considered to be a deterministic attribution solution.
Where can it go wrong?
Let’s exemplify with a family of two that installed the same app.
Family members that use the same wifi network will get assigned the same IP address. Additionally, if they happen to own the same devices with the same OS version, they will be recognized as identical users.
The truth is, these two users could have come from different sources.
For example, one user may have downloaded the app directly from the app store, while the other one originated from a Facebook ad campaign.
Sure, such cases are quite rare. To put it into numbers, fingerprinting is considered 98% accurate (Adexchanger). However, this is only true if a user is fingerprinted right after the interaction – during the first ten minutes. As time passes, its accuracy lowers. When a fingerprint match is made in the timeframe between 10 minutes to three hours, the accuracy falls to 80%.
All things considered, fingerprinting falls into the category of probabilistic attribution solutions.
The difference between fingerprinting and probabilistic attribution
In the industry jargon, fingerprinting, and probabilistic attribution are frequently considered “the same thing”.
This is very wrong, and here’s why.
The main difference between the two is – one is privacy-compliant while the other one isn’t.
And today, this is a big difference.
Probabilistic attribution is a process of linking users to mobile marketing campaigns based on probabilities. It provides statistical estimates of how likely users are to come from specific marketing campaigns.
In this process, probabilistic attribution solutions rely on privacy-safe data. For example, anonymized user-level data, SKAN data, and data from ATT opt-in users. In other words, they do not use or collect any type of identifiable user information.
When it comes to fingerprinting, this is not the case.
Fingerprinting is a very specific type of probabilistic attribution with a clear goal – matching device parameters (IP address and others) to an ad interaction. The sheer purpose of this data collection process is to identify and distinguish users, which is not allowed.
Not to mention all of this is done without the users’ consent.
Fingerprinting is dead: 4 reasons why
Some say fingerprinting is dying, while others say it is already dead.
Either way, the number of those who still count on fingerprinting as a long-term solution is getting shorter and shorter.
Why all the negativity?
Here’s not one, not two, but 4 major reasons.
Most major ad platforms don’t allow fingerprinting anyway
Even if fingerprinting were to be “allowed” in the privacy age, it wouldn’t bring in data from the majority of mobile users.
The thing is, fingerprinting is limited to ad networks that are using links in their ads. This means that the world’s leading mobile ad networks such as Facebook, Google, and Snapchat don’t support it.
According to Singular’s data on iOS users, fingerprinting only allows marketers to track approximately 25% of users.
This percentage may not be super small, but it’s definitely not worth the risk that comes with it.
Apple explicitly forbids fingerprinting for mobile apps
Apple was the first one to introduce privacy changes, and also the first to say a loud NO to fingerprinting.
The moment Apple depreciated IDFA, it has made it perfectly clear that fingerprinting opt-out users is not an option. For this purpose, they’ve updated their User privacy and Data Use FAQ with this question and explanation:
Can I fingerprint or use signals from the device to try to identify the device or a user?
No. Per the Apple Developer Program License Agreement, you may not derive data from a device for the purpose of uniquely identifying it.
The statement continues to clarify which device and user-level data sets are prohibited. Finally, it states that the apps that don’t comply with these rules may be rejected from the App Store.
Sounds more than clear, right?
Despite this, some app developers have been ignoring all of this and hoping for the best.
Why is that?
Well, fingerprinting may not be perfect, but it is superior to Apple’s attribution solution – SkadNetwork (SKAN). Unlike SKAN, fingerprinting delivers real-time data, and it works with all types of traffic, including in-app and mobile web traffic.
However, Apple didn't devote so much time and money creating SKAN only to let marketers attribute data outside of their ecosystem.
In order to stop fingerprinting, Apple is constantly improving its app reviewer to recognize device fingerprinting SDKs. As a result, an increasing number of apps and app updates are getting rejected from the App Store.
Apple Private Relay battles fingerprinting on the web browser
Apple is battling fingerprinting on more than one front.
As a part of the iOS 15 update, they’ve introduced Private Relay, a feature that battles fingerprinting in the Safari browser.
Currently, Private Relay exists as a beta version feature available to Apple iCloud Plus users. Its main purpose is to protect the users’ privacy while browsing the mobile web with Safari. This is achieved by disguising the users' IP addresses and browsing activity so that no third party can access it.
Currently, the feature is limited to a specific group of users. However, if it fulfills its purpose, Apple will likely expand its usage.
The predictions are that Private Relay will eventually become a default feature for the Safari browser. Some go even further, predicting Apple will send all of its traffic through the Private Relay filter – including in-app traffic.
As mentioned before, when it comes to apps, Apple currently prevents fingerprinting by rejecting apps and app updates from its store.
Since this approach still didn’t stop fingerprinting for good, using Private Relay for this purpose sounds like a viable option.
But we’ll just have to wait and see if that will happen.
Google Privacy Sandbox will likely eliminate fingerprinting
At Google, they are also very well aware of the fingerprinting issue in mobile marketing.
However, unlike Apple, they don’t plan on “playing" police.
Google plans on making fingerprinting impossible through its brand new technological innovations.
These innovations come as a part of their privacy framework called Privacy Sandbox. This framework was initially developed for the Chrome browser, but Google is set to bring it to Android as well. If you would like to know more about what Privacy Sandbox is all about and what it means for mobile marketers, you can read our article here.
The main goal behind the Privacy Sandbox is to eliminate third-party cookies (web) and cross-app identifiers. Most importantly, this includes Google Advertising ID (GAID), the equivalent of Apple’s IDFA.
Even without these data pieces, Google promises to deliver high-quality targeted advertising.
One of the main aces they have up their sleeve at Google is SDK Runtime. With this strategy, they hope to put a stop to fingerprinting once and for all.
How?
Currently, every app’s code contains SDKs from various ad networks and MMPs. As a result, they share the same access levels and operate in the same environment as the host. This also means they have access to device-level data, which allows them to perform fingerprinting.
SDK Runtime is designed to stop this data exchange.
With it, the codes from the host app will be separated from 3rd party advertising SDKs. They will run in dedicated, safe environments, and won’t have the same permissions as the app owner.
In this scenario, the host app will determine the permission levels these SDKs will have. Without full data access, they won’t have the technical ability needed to read device parameters and fingerprint them.
Just like that – POOF – the fingerprinting era on Android devices will probably end. This change is coming in two years, and it’s going to be a big one.
How to compensate for the loss of fingerprinting?
As can be seen, both Apple and Google are on the quest to stop fingerprinting once and for all.
As a result, all marketers who are dependent on this attribution method will ultimately need to abandon it.
On the plus side, thanks to over a year of experience with privacy limitations, mobile marketers discovered some valuable solutions to fight this loss of data.
Here are some of them.
Figuring out SKAdNetwork data
Sooner or later, most marketers who advertise on iOS will embrace Apple’s attribution solution – SKAN.
Even though it is limited and way different from the traditional way of attributing users, SKAN is not as data-poor as it was initially believed.
By design, SKAdNetwork brings in aggregated, delayed data with no user-level granularity. The key piece of data it provides marketers with is Conversion Value.
It has been over a year since this solution was introduced, and advertisers have learned a lot about measuring Conversion Value data.
Depending on the app’s type and monetization strategy, they use different strategies to optimize and read this piece of data.
Some optimize it to measure engagement, some focus on conversions, while others use it to measure IAP or ad revenue. For those who want to know more about this, here is our detailed guide on best practices to master Conversion Values.
However, relying on SKAdNetwork alone to optimize mobile marketing campaigns won’t do it. In order to get a bigger picture, marketers usually complement SKAN with some type of (allowed) probabilistic solution.
Utilizing predictive data
A lot of app marketers agree – nowadays, being able to predict is more important than ever before.
Privacy limitations have created huge data gaps, and the best-known way to fill them is by using data provided by predictive modeling solutions.
Here’s how they work.
Predictive solutions collect different data types such as historical user behavior data, UA campaign data, and data from different tracking tools. Next, all of this data is combined and analyzed by powerful machine learning which produces predictions.
The key data pieces predictive modeling provides marketers with are user LTVs – especially when it comes to SKAN.
The thing is, SKAdNetwork only gives marketers one chance to obtain post-install data on acquired users. Plus, this chance comes with strict time limits.
If marketers don’t manage to estimate the value of new users quickly, they will have trouble optimizing their ad campaigns.
However, if they have predictive LTV data, marketers can make quick campaign optimization choices even if the actual results aren’t in yet.
It may be the most important one, but LTV isn’t the only important KPI predictive modeling can provide.
Quality predictive solutions usually inform marketers of other important KPIs as well. For example, Tempr.’s predictive solution also brings granular predictions for ROAS and Cost Per Event (CPE).
Move on from fingerprinting with the right partner
Upon reading this article, you finally feel ready to forget about fingerprinting? Now, you’re probably wondering what your next steps should be. We can help you with this. Feel free to check out our product and contact us with any questions you may think of!