In April 2021, Apple announced the release of iOS 14.5 and the company’s latest move to give users more control over their data. A new feature called App Tracking Transparency (ATT) requires mobile apps to ask users’ permission for tracking their activity as they use other applications – a technique called cross-app tracking that advertisers use to deliver relevant ads.
With Google set to replace cookies with anonymised tracking (FLoC) in Chrome, the tracking technology advertisers have relied on for years is on its way out. The question everyone is asking now is, how can PPC advertisers track users and attribute success in a privacy-centric web?
What’s the big deal about iOS 14.5?
Apple released iOS 14.5 on 26 April, which included the much-talked-about App Tracking Transparency (ATT) feature. Apple first told us about this feature at last summer’s WWDC and it was initially due for release with iOS 14 in autumn 2020. However, Apple delayed the release of ATT to give developers time to update their mobile apps.
Now, the feature is here and all iOS apps are required to use the framework to request permission from users in order to collect and share data with other apps (including browsers) for tracking activity across apps and websites.
Here’s what Apple says about App Tracking Transparency on the official documentation page:
“You must use the AppTrackingTransparency framework if your app collects data about end users and shares it with other companies for purposes of tracking across apps and web sites. The AppTrackingTransparency framework presents an app-tracking authorization request to the user and provides the tracking authorization status.”
This applies to all users who have updated to iOS 14.5 and this will be the standard moving forward for Apple’s mobile operating system.
This means a company like Facebook can still track users within its own app without requesting permission. It can also track users across Instagram, Facebook Messenger and WhatsApp because these apps are all housed under the same company/developer.
However, Facebook can no longer track users’ activity in Safari, Chrome or YouTube without asking for permission from users through ATT.
Here’s a mockup of what an ATT notification looks like in iOS 14.5:
The notification explains which app is requesting permission and why they’re requesting access to this data – in this case, to “measure advertising efficiency,” which is a typical tech talk for tracking and attribution.
Users can either deny or allow access to their data and the formatting here is interesting. Apple leads with the refusal but uses gentle phrasing here with “Ask App Not to Track” instead of “Deny” or anything more resolute.
This isn’t a request, though. By clicking “Ask App Not to Track,” users block access to their device’s system advertising identifier (IDFA) and prevent the app from tracking their activity across other apps.
Here’s what the documentation for iOS users says:
“If you choose Ask App Not to Track, the app developer can’t access the system advertising identifier (IDFA), which is often used for tracking. The app is also not permitted to track your activity using other information that identifies you or your device, such as your email address.”
There’s an odd disconnect between the action and the phrasing here, which leaves us wondering if users who are unsure about tracking technology or how to respond to this notification will select “Ask App Not to Track” simply because the phasing sounds less absolute.
Crucially, if users don’t want to see this notification every time they download an app, they can turn tracking off using the Allow Apps to Request to Track toggle switch in settings. This prevents apps from asking for permission to track users and all apps will be blocked by default.
What does this mean for PPC tracking and attribution?
We discussed what this means for a company like Facebook earlier and this is important because Google and Facebook are the two big giants in PPC advertising. If Google and Facebook are unable to track users’ activity across other apps, their tracking technology is severely affected.
This hurt two key aspects of their advertising platforms. First, their ad targeting systems are weaker because they can’t access behavioural data from other apps – for example, Facebook can’t track what users are searching for in Google or which product pages they’re visiting in Chrome. And, if they can’t track this activity, they can’t use this data to help advertisers deliver ads to users based on their activity on other apps or websites.
The other big issue with not being able to track users’ activity across other apps is that advertisers lose the ability to attribute conversions to earlier interactions taking place in other apps or websites.
For example, let’s say a user first discovers your brand in Google Search, has a casual browse around your site and leaves before taking any action – a common scenario. If they see one of your ads on Facebook at a later date and click through to your website, there’s a good chance they’ll have a stronger purchase intent on the second visit and they might buy from you on this occasion.
The problem is, you’ll pass all credit for this conversion to the Facebook ad when that first interaction on Google Search played an important role. When this happens at scale, there’s a danger you’ll pull spend on the campaigns that started everything and the Facebook ad doesn’t get the conversion anymore because, now, it’s just an ad from a brand they’ve never seen before.
Given the length of modern consumer journeys and the number of apps and devices they take place across, the loss of tracking between apps leaves a lot of black holes for targeting and attribution.
What’s this about Google and FLoC?
Google is taking action of its own to protect the privacy of users by phasing out cookies in its Chrome browser and replacing them with anonymised tracking technology. The search giant says cookies will be completely phased out by the end of 2022 but it’s already putting plans in motion for replacing them with tracking technology that doesn’t identify individual users.
After months of speculation, Google confirmed in March that it will not replace cookies with any alternative technology that tracks individuals.
“We continue to get questions about whether Google will join others in the ad tech industry who plan to replace third-party cookies with alternative user-level identifiers. Today, we’re making explicit that once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products.” – David Temkin, Director of Product Management, Ads Privacy and Trust
Google’s proposed alternative is something called Federated Learning of Cohorts (FLoC), which clusters users into groups (or cohorts) that share similar interests and behaviours without identifying anyone through personal data. The idea is that you can still target audiences by showing ads to anonymous groups, based on their collective behaviour.
Based on early tests, Google says it expects to see “at least 95% of the conversions per dollar spent when compared to cookie-based advertising.”
Unfortunately, we know very little about how Google will implement this technology – eg: how many cohorts there will be, how these cohorts will be compiled and how it will protect the data it collects.
This is the biggest issue for advertisers with Google’s roadmap – it could improve targeting in many regards but there’s no way of knowing yet and this makes it difficult to adapt strategies ahead of the upcoming changes.
How can advertisers prepare for a privacy-centric web?
Apple and Google are taking very different approaches to protect the privacy of their users. Apple has already implemented a robust system that gives iOS users a lot of control over how companies track them on mobile devices.
Meanwhile, Google is gearing up to replace cookies with a new tracking system but it hasn’t committed to tackling mobile tracking on Android devices. Which make up the vast majority of smartphones around the world.
Segment campaigns by OS & keep an eye on iOS performance
In terms of dealing with iOS 14.5, the first thing to do is keep an eye on the data while paying particular attention to conversion rates and any unusual changes in attribution. The big question is, how many users will “ask” apps not to track them on iOS and how this impacts targeting and attribution?
If performance tanks or analytics becomes unmanageable, the short-term solution will be to target Android users in your advertising campaigns and run separate campaigns for iOS users so you can test and optimise workarounds. In Google Ads, you can create mobile-only campaigns and use device targeting options to target Android and iOS separately.
Stay up to date with Google privacy announcements
Dealing with Google’s cookie phase-out is more complex because we still don’t know what we’re dealing with. It is already facing resistance from significant tech names – including Firefox, Edge, Safari GitHub and DuckDuckGo – that all raise concerns about FLoC creating more privacy issues than it solves. At this stage, there’s no reason to think Google will abandon FLoC but nothing is guaranteed.
Use Facebook’s Conversion API for server-side PPC tracking
Facebook already has one workaround for cookieless browsers that you can start using right away.
The Conversion API allows you to share user event data (actions) directly from your server to Facebook’s. This server-to-server data exchange sends data directly from your website to Facebook without touching the browser so any changes to cookies and browser-based tracking are irrelevant.
Facebook outlines three uses for its Conversions API:
- Measure customer actions in more ways: For example, you can share delayed values, user scores or lead scores and use them for optimisation in our other business tools. This gives you further visibility into your customer’s full journey.
- Improve the accuracy of data used for targeting, measurement and optimisation when used in addition to the pixel.
- Control the data you share: Conversions API is designed to give you more control over what data you share and when you share it (when implemented separately from pixel).
The Conversions API works with your Facebook Pixel to capture user event data on your website and send it directly to Facebook’s server without relying on cookies – so this will work regardless of browser settings.
Further change is always ahead
Whatever the future holds for data privacy, advertisers are facing some big changes but we’ve been here before with major disruptions, such as the mobile web and GDPR.
Some companies are already paving the way for cookieless advertising and eBay has stepped up as one of the first advertising platforms to launch an entirely cookieless system. In fact, Ebay’s general manager of UK advertising, Harmony Murphy, sees the transition towards a privacy-centric web as an opportunity to improve online advertising. Speaking to Raconteur Media, Murphy says the move will force marketers to be less subjective about data to become more objective by using first-party data, which is more relevant to each target audience.
It’s also worth remembering that there’s a lot of pressure on the advertising giants – especially Facebook and Google – to make this work for advertisers. If conversions and ROI fall, then advertisers are going to spend less on ads, which is the main source of revenue for both companies and advertisers will quickly put their money into any rival platforms that offer a better solution.
In the meantime, we have to pay attention to all of the developments happening in the PPC space, especially future iOS updates and Chrome’s transition to cookieless browsing.