Dane Buchanan, Global Director of Data, Analytics, & Tech gives his view on Apple’s recent WWDC conference and what it means for performance marketers.
Since the 2023 annual Apple WWDC developer conference the internet has been abuzz with the new Vision Pro headset. However, for performance marketers and measurement enthusiasts, Apple snuck in a few important announcements that certainly should not be overlooked.
The smallest announcement, yet the one causing the most chatter, was SKAN 5.0. It had a mere 10 – 20 sec spotlight and as of now, the only thing certain is its introduction of re-engagement measurement, set for release later this year. Given the low take-up/ implementation of SKAN 4.0 at present, it will be interesting to see whether SKAN 5.0 will add anything else major to the measurement mix.
Outside of SKAN the big announcement concerned Privacy Manifests, SDK signing, and Private Relay. The target of these updates: digital fingerprinting. To be clear, this is a nefarious practice, and one we do not endorse. What exactly is digital fingerprinting?
Every laptop, tablet, and phone has a set of attributes such as OS version, device type, location, screen layout, etc. These attributes can be combined together to create a unique ID or fingerprint. This means that even if you have opted out of tracking, your movements and transactions can still be monitored online. Companies can then use this information to show you targeted ads without your permission. We can all agree that this is not putting the consumer first, and it is not how we expect our privacy-safe digital world to operate moving forward.
Yes, Apple did tell us all, at WWDC 22, that fingerprinting is banned, but ultimately it was just a policy. Apple’s Privacy Manifests and SDK signing are now swooping in, aiming to standardize what information is collected and shared by an app to third parties, including MMPs. In short, a Privacy Manifest is a standardized file that details the privacy practices of an app or ad tech vendor. They will contain details on how the app is using data, the data it is collecting, the reason it is collecting it, and a list of tracking domains.
Privacy Manifests will make it easier for app owners/ developers to be accountable, ensuring that fingerprinting can’t accidentally take place within their app. SDK signing is here to give app developers confidence that the SDKs they use are fully compliant and trustworthy.
Apple also opened up Private Relay to app developers for testing. Currently, Private Relay is a premium product for those who subscribe to iCloud+. Private Relay essentially makes IP address tracking useless for fingerprinting, so any solutions that rely on this as a means of attributing performance will need to go back to the drawing board. The opening up of this feature hints at it becoming mainstream in the near future, with all apps potentially having the opportunity to obscure IP addresses, etc.
Finally, it seems that even UTMs are not safe. While we can’t explicitly state they will be blocked, the updates to iOS 17 suggest that Apple might remove these parameters from links shared via Messages & Mail.
In essence, there are no surprises here. User-level attribution was given its marching orders in 2020. All Apple has done this year is put a little more pressure on app owners to make the change.
In regards to timeline, Apple has stated that from the fall of this year, it will start to check if apps have an SDK signature and Privacy Manifest. If it is not there, Apple will give the app developer a nudge via email. This process will continue until Spring of 2024, at this point, it will be necessary for your app to have a Privacy Manifest and SDK signatures before it can be released/ updated on the App Store.
For app owners who have adapted to SKAN and the emerging privacy-first world, these developments should pose no concerns. Privacy Manifests, SDK signatures, Private Relay – they’re all designed to simplify your life and ensure you don’t inadvertently allow your consumers to be tracked. For anyone else, your time is up, you need to get to grips with SKAN now.
For both groups, the outcome is the same, you need to start building a privacy-focused measurement framework, one that relies on aggregated data and not customer-level identifiers.
What should you do now:
- Consult your MMP, they can help to provide Privacy Manifests and signing SDKs
- Ensure your developers are prepared and researching how these changes will be deployed in your app
- Outside of your MMP, speak with all your other partners and ensure they are prepared
- Build your privacy first measurement framework – your media agency should be your first port of call, they will either be able to build this or guide you on the best tech to use
- Stay calm. Yes, things are changing, but performance can still be measured and optimized