Apple is arguably the most popular and innovative tech company in the world. Throughout its history, Apple has invented many revolutionary products, like the iPod, iPhone, iPad, and iWatch.
Over time, the company has created its own ecosystem that incorporates many areas, such as hardware, software, marketplaces, and services.
But over the past few years, Apple has become famous for another area; user privacy.
In this infographic, we’ll highlight the changes that Apple has made to its products and services to strengthen user privacy and explain what this means for the AdTech and MarTech industries.
An overview of Apple’s ecosystem
- Apple TV
Products and Services
- Safari web browser
- App Store
- Apple Pay
- Apple TV+
A Snapshot of the Privacy Settings in Apple Safari and iOS
Apple released its Safari web browser for Mac computers in 2003 and for iOS in 2007 with the release of the first iPhone. Safari is powered by the web browser engine Webkit.
Intelligent Tracking Prevention (ITP)
In September 2017, Webkit released version 1.0 of Intelligent Tracking Prevention (ITP), a feature that aims to strengthen user privacy by preventing cross-site tracking. Since then, Webkit has released numerous updates that have shut down workarounds and made it harder for companies to identify and track users across different websites.
ITP incorporates a machine-learning model, known as the Machine Learning Classifier, to assess which domains have the ability to track users across different websites. This model is based on statistics collected by the browser.
If a domain has been classed as a tracking domain, then any data it stores in the Safari browser will be restricted.
Below is an overview of how Safari’s ITP handles first-party cookies, third-party cookies, and other web browser storage methods.
- Third-party cookies are blocked by default.
- If a web visitor clicks on a link containing a query string or fragment identifier, then any data stored in LocalStorage in the web visitor’s browser will be set to expire in 7 days, provided the referring domain has been classified as being a tracking domain.
- All cookies created by a third-party CNAME-cloaked HTTP response will be set to expire in 7 days.
Privacy Preserving Ad Click Attribution
When ITP started blocking third-party cookies, it had an immediate and negative impact on behavioral ad targeting, frequency capping, measurement, and attribution.
Although Safari hasn’t provided any alternatives for ad targeting and frequency capping, it has proposed a solution that will allow advertisers to run limited attribution in a privacy-friendly way.
Safari’s proposal is called Privacy Preserving Ad Click Attribution.
Here’s a really simplified overview of how Webkit’s Privacy Preserving Ad Click Attribution would work:
- A user clicks on an ad on supershoes.com. Webkit’s Privacy Preserving Ad Click Attribution uses two new anchor elements: adDestination and adCampaignID. These elements will be included in the ad’s markup and passed to the advertiser’s landing page.
- The user is directed to the advertiser’s landing page (basketballshoes.com) and converts (e.g. buys the product). When a user converts on basketballshoes.com, a tracking pixel, like the ones used currently to track conversions, will be sent back to supershoes.com. The .well-known/ad-click-attribution/21/25 path will be passed to Safari and register that a conversion has taken place.
- Somewhere between 24-48 hours after the recorded conversion, Safari will send the conversion data to supershoes.com and basetballshoes.com via a stateless POST request, with a header referer (i.e. basketballshoes.com) being sent to supershoes.com so that both sites know that a conversion for that ad click has occurred.
This is similar to how Google Chrome’s Privacy Sandbox measurement and attribution standard could work — i.e. attribution would be done by the browser instead of by a third-party company via cookies and won’t rely on identifying individuals — and again, AdTech and MarTech companies will be at the mercy of Safari for measurement and attribution.
For AdTech and MarTech companies, it means that there’ll be less attribution data available, but they’ll still be able to tell which ad resulted in a conversion and know which publisher delivered that ad click, provided the conversion took place between the 24-48 delay.
If the user converted outside of that delay, then they won’t have attribution data for that conversion.
Safari’s Privacy Preserving Ad Click Attribution solution is still being discussed and worked on in the W3C privacy group. There’s no word yet if and when this will become a published standard and whether other browsers will also adopt it.
Apple released its mobile operating system iOS in 2007 with the release of the first iPhone. iOS also powers many earlier versions of other Apple devices like the iPad and Apple TV.
In June 2020 during its Worldwide Developers Conference (WWDC), Apple announced a series of privacy updates to iOS that have more or less eliminated an important element of in-app mobile advertising and measurement — the Apple IDFA.
What Is Apple’s IDFA?
Apple’s identifier for advertisers (IDFA) is a string of numbers and letters assigned to Apple devices like iPhones, iPad, and Apple TVs. Advertisers use the IDFA to identify iOS, iPadOS, and tvOS users across apps to deliver personalized and targeted advertising, run frequency capping, measure campaign performance, and attribute impressions and clicks to app installs.
Here’s an example of what an IDFA could look like:
How Do AdTech Companies Use Apple’s IDFA Currently?
App developers can access a device’s IDFA and pass it to their AdTech and measurement partners.
AdTech companies like SSPs, DSPs, and ad networks and mobile measurement platforms (MMPs) use the IDFA to identify users, which is needed to power the following:
- Ad targeting and retargeting
- Frequency capping
- Campaign measurement
- Ad fraud detection
What Changes Will Apple’s iOS 14 Bring to The IDFA?
Before a device’s IDFA can be accessed by a mobile app developer, they’ll first need to get consent from the user.
If the user allows the app developer to access their IDFA, then the IDFA will be passed as usual. If the user doesn’t allow the app developer to access their IDFA, then the IDFA will be zeroed out, making it useless from an identification point of view.
The mobile app developer will only be able to ask the user for access to their IDFA once per install.
Apple’s SKAdNetwork aims to provide conversion data to advertisers but without revealing any user-level or device-level data. It is Apple’s version of a privacy-friendly way to attribute app installs.
A couple of points about the SKAdNetwork:
- The IDFA won’t be passed to AdTech platforms or MMPs, even if a user has opted in.
- All attribution data will pass through SKAdNetwork and then onto the AdTech platform or MMP.
- SKAdNetwork will only attribute app installs (via the last-click model) and not view-through conversions.
- Campaign IDs are limited to 100 per AdTech platform (e.g. ad network or MMP).
ITP for All Browsers in iOS 14, iPad 14, and Safari 14
With the release of iOS 14, iPad 14, and Safari 14 on September 15, 2020, Apple included a couple of new privacy features:
- Privacy Report: Users will now be able to see how many trackers were blocked by Safari on a given page, as well as other information about trackers.
- ITP for all web browsers: For iOS 14 users, ITP will be applied to all web browsers, not only Safari.
This means that all web browsers, not just Safari, in iOS (v14 and above) will include the Intelligent Tracking Prevention feature.