IDFA: The way users are tracked today is unsustainable

February 10, 2021 3 min read

  • David Reischer

    Product Manager at Permutive

  • Apple’s privacy update for its Identifier for Advertisers (IDFA), requiring app developers to request permission from users to track them for ad targeting, will be released this quarter — adding fuel to the privacy fire. 

    The changes will have a significant impact in the app ecosystem, to such an extent that Facebook, Snap and gaming developer Unity Software have warned about the potential impact to their ad-supported businesses. Facebook is set to lose millions, as this change has a direct impact on their Audience Network product, which relies on the capability of data portability across environments outside their own and operated apps. 

    In an effort to get ahead of Apple’s update, it’s been widely reported that Facebook has already begun to serve opt-in pop-ups to iOS users, however this permission-based message is followed up by a separate message from Apple — creating a pop-up war that isn’t likely to ease any privacy concerns from users. 

    Privacy changes won’t stop at iOS 

    It shouldn’t come as a surprise that what we’ve already seen on the web is now happening in the app ecosystem — and it won’t stop with iOS. The same privacy issues exist on Android and on connected TV, and the reality is that the whole app ecosystem is going to move away from a single identifier. The way users are being tracked today is unsustainable from a privacy perspective. 

    Not everyone is adopting a permission to track approach. Google has announced that it does not intend to use any consent pop ups — accepting the fact they won’t get access to IDFAs on iOS. Instead it’s taking Apple’s lead on anti-tracking across apps and the web by exploring anti-tracking alternatives for Android, according to Bloomberg.

    While the tech giant is in a different position to other businesses, as they own a lot of data themselves, it’s an interesting signal that the industry is moving towards protecting user privacy as a standard — a growing requirement for an increasingly privacy-savvy consumer.  

    Publishers need secure ways to let data into their environments

    The demise of IDFA is unavoidable, but the industry can prepare by looking at the privacy changes that are happening on the web with the deprecation of third-party cookies. The strategies that publishers are developing on the open web, are the same strategies they need to adopt in their app environments. Publishers should be offering privacy-safe ways to enable advertiser use cases, ones that aren’t built on the fact that you can track users wherever they are.

    Apple not only talks about the use of IDFA for cross domain tracking but also the use of email addresses. As an app, if you don’t have consent from a user you’re not allowed to use a user’s email address as a drop-in replacement.

    For publishers, this means they can’t just shift to a model where they try to replicate what IDFA is doing or what the cookie has done on the open web, by using deterministic identifiers. When using deterministic identifiers they either need the same consent as when using IDFAs, or they need to shift to a new model where the identifier does not leave their environment. 

    Instead advertisers will need to work more closely with publishers, and publishers will need the right tools to enable privacy-safe data connectivity that does not expose user IDs.