Tech Solution

Apple’s ‘privacy’ changes undermine international advertising best practices

Apple’s decision to require users to opt-in to its IDFA tracking has understandably disrupted the ad tech ecosystem. Its new measures, albeit now delayed until “early” 2021, ignore current initiatives from the IAB around transparency and privacy-first best practices.

The IAB-led initiatives I’m referring to include ads.txt, app-ads.txt, sellers.json, the GDPR Transparency and Consent Framework (TCF), and the Open Measurement SDK. Each of these solutions was created to help standardize marketing practices around the world. And in doing so, the IAB managed to help simplify digital advertising processes while making them more open and transparent to all parties.

Privacy first, transparency second

The new approach Apple plans to roll out as part of iOS 14 will fragment those worldwide practices and vastly reduce transparency. The IAB Europe recently urged Apple to consider adhering to its TCF standards in order to promote interoperability as opposed to shutting vendors out. The TCF was designed to ensure compliance with European privacy laws when processing personal data or accessing and/or storing information on a user’s device. Unfortunately, Apple took a different approach on privacy with its decision to essentially deprecate the IDFA.

In its July statement, the IAB Tech Lab explained that Apple’s plans regarding iOS 14 conflict with the TCF standards. For example, on Apple devices, users can opt-in or opt-out of services such as geolocation data on the operating system (OS) level. But if the user chooses to do so, app publishers will not be notified. As a result, apps would still be showing an opt-in request pop-up and annoying the user, while being unable to signal the user’s choice to its vendors.

On the other hand, if a user is using an app that meets TCF standards but does not opt-in to ad tracking, the publisher will not be able to synchronize the user’s choice with Apple’s OS. Therefore, iOS isn’t able to register the user’s choice on the system level.

Both scenarios regarding iOS 14 hinder user-centric transparency. The ideal solution would be for Apple to join global privacy standards, like the IAB’s, rather than develop its own proprietary methods. But let’s dig deeper.

Comparing App-ads.txt and SKAdNetwork/Info.plist

App-ads.txt is just one of several measures the IAB has taken to reduce ad fraud in the industry and promote more transparency — but it’s also the most applicable when comparing its goals to that of Apple’s IDFA update (i.e., SKAdNetwork). With app-ads.txt, publishers maintain a text file on their developer URL, which lists all authorized vendors of their inventory. This information is readily available to anyone who wants to access it. And in doing so, brands and agencies can ensure that their marketing dollars only go to authorized and reputable vendors.

Apple’s SKAdNetwork, on the other hand, requires publishers to enter the registered IDs of each of their vendors (i.e., ad networks) into the Info.plist file within the app’s configuration data in the App Store. Now you might be thinking, so where is the lack of transparency from Apple? Well, the problem is that only Apple is able to view the ad network partners listed.

The two concepts, app-ads.txt and Info.plist, share similar features, but when it comes to real transparency they are far from the same. Here’s a more detailed breakdown:


App-ads.txt SkAdNetwork and Info.plist
Initiated by IAB Tech Lab Apple
Launched March 13, 2019, for mobile and OTT, with wide adoption across the industry March 29, 2018 (iOS 11.3 update), but only a handful of industry insiders even paid attention
Purpose To enable buyers to distribute programmatic spend only through channels that are explicitly trusted and authorized by the originating publisher and combat ad fraud through illegitimate inventory arbitrage Info.plist is part of SKAdNetwork. It is a property list file in a publisher’s app that contains the app’s configuration data in the App Store
Implementation for Publishers Publish authorized sellers and monetization platforms in plain text on the developer URL, including the domain name of the advertiser, the seller account ID, the type of relationship, and certification authority ID
  • Update Info.plist and include a purpose string in the system prompt NSUserTrackingUsageDescription with a custom message describing why you’d like to track a user
  • Add the authorized ad network ID to the Info.plist by updating the SKAdNetworkItems key with the additional dictionary
  • You can find an open list of SKAdNetwork IDs here
  • Unified/standardized open solution that can be crawled by all tech vendors
  • IAB Tech Lab offers access to an aggregation of ads.txt files published around the internet (for IAB members only)
  • According to Pixalate, apps that lack an app-ads.txt file have 13{69439eabc38bbe67fb47fc503d1b0f790fcef507f9cafca8a4ef4fbfe163a7c5} more invalid traffic versus apps that have one in place
  • Fewer insights into data stream from third-party vendors means less likelihood that users can be triangulated and individually identified
  • Apple confirms the authenticity of all apps, so the likelihood of ad fraud is reduced
  • Apple and Roku do not support the IAB standard for crawling for app-ads.txt yet. For Apple, authorized sellers need to be identified via a public search API  (BidSwitch, 42matters, and Apptopia offer public mapping of developer URLs as well)
  • Implementing app-ads.txt is not mandatory, so adoption was slow (at least at the beginning)
  • Only allows five parameters to be transmitted
  • Data will be exchanged between Apple and ad  networks directly — neither the app nor any other third party will be able to collect, verify, or act on the data


Even though the implementation of these two solutions is relatively simple, the implications are very different. It seems like Apple is implementing new measures in the name of privacy while simultaneously building new walls around its user data. This, in turn, is undermining a mobile advertising ecosystem that is trying to keep apps free for end users. Meanwhile, the IAB has been working with partners across the industry to champion solutions for greater transparency.

To be more straightforward, Apple’s dramatic changes in the name of privacy conflict with more sensible transparency moves already underway by the IAB. While Apple first introduced SKAdNetwork and Info.plist in March 2018, only a handful of industry insiders even batted an eye at the time. But now with the future of the IDFA in limbo, Apple’s SKAdNetwork and Info.plist may very well be the future.

While everyone agrees that privacy-first approaches represent the next phase of digital advertising, there are many paths to achieving this goal for users. It’s time for all parties to take the extra time Apple has granted us in order to come together with user experience in mind. Let’s resolve the conflicts and start building an open, transparent, and privacy-centric future within the digital advertising ecosystem.

Ionut Ciobotaru is Chief Product Officer at Verve Group. He founded mobile monetization platform PubNative and has 15+ years of experience in the ad tech industry. He previously held leading roles at Applift, Weebo, and EA.

Source link

Comments Off on Apple’s ‘privacy’ changes undermine international advertising best practices