SKAdNetwork Adoption, Privacy Sandbox Updates, and How Marketers Should Prepare for Changes Now

Two of the biggest names in the tech game — Google and Apple — are spearheading a number of consumer privacy changes that are primed to shake up the entire mobile industry. If you need more background on some of these, check out our blogs:

With this context, we’ll dive into some of the highlights from a recent webinar featuring industry experts — Adam Landis, Head of Growth at Branch, and David Philippson, Co-founder and CEO at Dataseat (now part of the Verve Group) — to get to the bottom of what’s really going on with SKAdNetwork (SKAN) and Google Privacy Sandbox, and how marketers should be preparing for the future of privacy and measurement.

TL;DR

  • Don’t shy from the complexity — and don’t be fooled, privacy is complex.
  • It may be tempting to break the rules (we’re looking at you, fingerprinting) — but do you want to wake up with your business on the front page of the Wall Street Journal for breaking them?
  • Deterministic measurement is going away. Invest in strategies now that will stand the test of time (or privacy) —  this will ensure continuity and set you up to thrive in the future.

What’s really going on with SKAdNetwork adoption?

Current SKAdNetwork industry adoption rates hover around 30%. But why? Much of the reason falls to Apple itself with what many considered subpar products in SKAN 2 and SKAN 3 that didn’t deliver much of a return on effort as well as a wishy-washy approach to enforcement, but those days are coming to a close. As of May 1, 2024, Apple has started requiring something called privacy manifest, which is intended to stop fingerprinting — a practice that involves collecting and analyzing unique device and user data to create a distinct identifier for a user during a specific point in time — and force advertisers to use SKAN only.

According to Phillipson, “What Apple has done is listed five commonly-used APIs within the Apple operating system that a developer or a third-party partner can access. They’re basically saying, if you or any third party is using any of these APIs, you need a privacy manifest, and you then have to explain why you’re using these APIs. What this will allow is for Apple, the App Store, and the app developer to actually have a ‘privacy nutrition label.’ So that consumers that are in the App Store looking at your app will be able to say, ‘Well, this app from a privacy perspective, is very clean.”

Essentially, app owners will be responsible for letting Apple know what they’re doing with private user information. But if the onus falls on app owners, can’t they just lie? Maybe. But at what cost? Nobody wants to be caught in a potentially business-damaging scandal.

In some ways, Apple is relying on honesty. But Phillipson suggested that, “If you have an app, you’re very likely using the disk space API, so that means you need a privacy manifest. If you have a privacy manifest, you have a variable in your privacy manifest called NS privacy tracking. It’s a yes or a no, and you need to indicate whether you or a third party do any tracking. So at that point you’re either going to have to say, ‘yes, we have an MMP SDK,’ or you’re gonna have to lie. You’re a brave person if you’re going to lie.”

Given Apple’s previous ambiguity on the rules and how many of them are left up for interpretation, starting May 1 in a post-privacy manifest world Apple will start rejecting apps that don’t publish a privacy manifest. The good news is that most of the supply side is raring to go; Dataseat found that, as of February 2024, 94% of inventory is SKAN-ready.

What’s really going on with Google Privacy Sandbox?

Google Privacy Sandbox suddenly doesn’t seem like some far-flung future state; it’s much more real now.

“Google is very advertising friendly. It’s privacy-first for the consumer, but ensuring it supports the ad ecosystem. Friendliness comes with a downside, which is speed,” Philippson said.

Google’s mobile devices are much more varied than Apple’s. Whereas Apple could just turn off IDFA with an update, Google has many more hoops to jump through to get their GAID off handsets made by other companies like Samsung and OnePlus.

Philippson predicted, “GAID not being an identifier for adtech whether it’s MMPs for attribution or DSP for retargeting impression, frequency, capping — all of the important stuff that persistent identifiers are useful for — is still going to be available in 2025, and it’s still going to be available, very likely, in the first part of 2026.”

Does this mean you can ignore the Privacy Sandbox right now? Nope. While these identifiers are still available, you should try to get to parity without them before they go away. More on that later.

What is the purpose of a mobile measurement partner in this new world?

If all this attribution data is going away, getting aggregated, or becoming anonymized, what’s the point of an MMP — which integrates with mobile app publishers and ad networks to track user behavior and attribute events?

“The purpose of the MMP is to abstract the complexity of these multiple data sources and help the advertiser arrive at a source of truth. So you’re going to have constantly conflicting data sources with intentions that are just naturally selfish. Facebook is selfish in saying, ‘I drove this conversion,’ and they might have had a hand in driving this conversion, but it might have also come from Google, [or] it might have come from Apple search. So the short answer is, you take all these data sources and then you figure out a way to normalize them through incrementality lift testing: you shut one off [to] find out how much else you drove. You’ll get a coefficient of what Facebook overreports or underreports. That’s a number, and then you track all three of those moving forward,” Landis said.

MMPs are massively important in this new world because they are on point to give you one attribution source of truth. It might just be a little different than what you’re used to. As Landis explained, “Measurement is the past; signal is the future.” So it will go from knowing you got 40 installs from this source to being 95% sure it caused 40-ish installs, which is still very helpful given the amount of data that is going away.

What should marketers do to prepare now?

Should marketers take advantage of user-level information up until the last second they are allowed to or be more proactive and change strategies now? The consensus in the webinar was: invest now to thrive in the future.

When it comes to Privacy Sandbox, Landis advised that “user-level info is going to go away, period. It’s going to be anonymized. It’s going to be aggregated. It’s going to be opaque. We’re not going to be able to do deterministic tracking in the future. So you need to figure out how to do business without it today or else you’re gonna lose…Make sure that you’re not getting a huge hit to your business in revenue if it goes away because it is going away. And, if it’s going to cause you to lose money, then you better figure out now — before you lose money — how to deal with it. Run it in parallel. Figure out how to get to parity without the ID while you have the ID to lean on.”

And for SKAN, Phillipson said, “What you should not do is ignore that SKAN is coming or have the attitude that ‘I’m going to be able to carry on probabilistically matching with another MMP forever.’ There are other MMPs out there saying to advertisers that this isn’t going away. Carry on using it. Carry on paying my [MMP’s] extortion license fees, but they haven’t got nearly as wide a value proposition as Branch. If all you do is attribution, of course you fear it going away because you haven’t got much value proposition.”

This is just a glimpse of what was discussed. For the full, in-depth conversation, watch The Unpopular Truth about the State of Privacy webinar. If you have questions about the future of privacy, reach out to our team!