Wes Biggs is the Co-Founder and CTO of Adfonic. Here he discusses up the latest developments in the UDID changes - and what it means for the mobile ad industry.
The evolving changes to the iOS application ecosystem, and concerns over the use of device identifiers, continue to reverberate throughout the mobile industry. A host of technological alternatives have been proposed, some of which are gaining traction. Also, in welcome news, the mobile advertising world has finally started eyeing up the elephant in the room: privacy frameworks, user disclosure and what exactly needs to be done to balance the interests of many diverse participants in the value chain.
When Apple began rejecting App Store submissions in late March, citing usage of the unique device identifier (UDID), there was an immediate frenzy of activity. iOS developers, analytics engines, and ad networks have all come to rely on the UDID as a convenient method to provide a wide range of functionality. For mobile advertising networks, the UDID provides a cross-application identifier that can be used similarly to how cookies are used for PC browser-based advertising. This approach allows usage to be correlated across different applications a user may have installed, whereas cookies and other browser-based storage mechanisms in iOS applications are “sandboxed,” accessible only by the single application that stored them in the first place.
The industry dialogue quickly reached fever pitch, with technology vendors quite naturally competing for airtime, and networks and SSPs urgently looking at which (if any) alternatives their partners could or would support.
To be fair, Apple had broadcast its intentions as early as August 2011 by noting in their iOS SDK documentation for the then-forthcoming iOS 5 release that the method used to access the UDID was now considered deprecated – programmer code for a feature that is slated for removal in a later version. And in fact, that’s when a number of projects kicked off to find alternative approaches that could ensure the continuity of features close to any mobile (or, indeed, digital) advertiser’s heart, with frequency capping and app install conversion tracking front and centre.
Two key working groups that emerged early on were ODIN (a very Nordic-Saga-sounding acronym for Open Device Identification Number) and OpenUDID. The former has been set up to provide a forum for widespread adoption of alternative device identifiers across multiple platforms, with an initial view to using the in-built 802.11 (i.e. WiFi) MAC address of iOS devices as a seed for the unique identifier. As this value is accessible from all iOS applications, it’s effectively a drop-in replacement for UDID, but shares many of the same privacy concerns. OpenUDID, in contrast, focused on a method whereby a randomised identifier could be created for each user, and internally uses the copy-and-paste functionality of iOS to correlate usage between applications.
In addition, a number of alternative tracking methods have emerged, primarily focused on ensuring the continued availability of install tracking functionality. While brand-led rich media and video engagement models are picking up steam in the mobile display space, campaigns driving app store installs as the conversion action continue to be the bread and butter of mobile performance advertising. Solutions such as AD-X, an imprint of Mobile Future Group, and MobileAppTracking, a spin-off of online affiliate tracking company HasOffers, have gained traction. Each uses proprietary technology to enable attribution, and works in varying degrees across different mobile ad networks and buying points.
While the initial discussion has focused almost exclusively on the technology question of unique user and device identification, it is only now that a more nuanced discussion is emerging around consumer privacy, disclosure and developer best practices. Indeed, Apple has obliquely signaled that this is the real issue at hand, with reports of applications using UDID which were initially rejected being accepted at the second submission attempt, provided that they included language in their terms and conditions and/or privacy policy that made it clear to the consumer that their device identifier would be collected and utilised for tracking or mobile advertising purposes.
Disclosure best practice is far from a settled debate, even in the online world. Debate is rumbling (and rather loudly at the moment, given the adoption of the European ePrivacy directive, or so-called “cookie law”) on do-not-track semantics, opt-in versus opt-out approaches, and the applicability of existing industry self-regulation to the mobile sphere. Mobile advertising is at once a much simpler (smaller, at this point in time, as an industry in both number of players and volume of advertising) and a much more complex beast (no common browser environment across all devices; a mix of competing app store environments and mobile web). Organisations such as the Mobile Marketing Association (MMA) and Internet Advertising Bureau (IAB, through their Mobile Center of Excellence) are leading the charge, and other industry names such as TrustE are starting to propose platforms for providing user choice.
It’s important to note that while some ad networks operate their own opt-out schemes, there is no ubiquitous solution on mobile, and technological barriers mean that wholesale adoption of an approach like the DAA’s AdChoices are problematic. On the other hand, the focus on UDID is, for the first time, bringing the key players in the mobile advertising industry together under a variety of umbrellas, and these problems, while complex, are not intractable. Both the ODIN and OpenUDID projects are looking at mechanisms to enable users to opt out of sharing their device identifiers, and sample disclosure language, building on the MMA’s Privacy Policy Guidelines for Mobile Apps, should be in developers’ hands soon.
In short, the debate about UDIDs is no longer really about UDIDs – it is merely the first major focal point to spark discussion on mobile privacy and the interdependencies between mobile app users, mobile developers, and the advertising industry. In the short term, reasonable alternatives are quickly being adopted, and as time progresses, new standards and best practices will emerge. But the ride is certainly not over yet.