In 2018, the European Union’s General Data Protection Regulation (GDPR) took effect and launched the beginning of a new era in data privacy. Now the industry’s giants are trying to prove to their consumers that they heard their concerns and will protect their data. 

The app world didn’t escape the privacy frenzy. In their WWDC event in June 2020, Apple announced a radical change related to advertising tracking: the Identifier for Advertisers (IDFA) will become unavailable to marketers when users opt-out of tracking. A year later, while iOS 14.5 is rolling out, they made privacy one of the star elements of their keynote. 

Not one to be left behind, Google also made confidentiality its priority with the announcement of its Privacy Sandbox that will block third-party cookies, one of the main components of online user tracking.

With the arrival of App Tracking Transparency (a feature of iOS 14.5 that asks iPhone users if they want to allow tracking when they open an app) at Apple and the end of third-party cookies at Google, the mobile advertising world is looking at some big changes.

Why is privacy still such a hot topic in 2021?

Ever since Snowden’s revelations about the NSA in 2013, data collection and the right to privacy have been some of the main talking points in the digital world. A study published by Statista. In May 2021, tells us that 74% of US internet users are more alarmed than ever about their online privacy, and only 23% of them trust social media ads.

The launch of the GDPR in 2018 was the catalyst for a series of legal reforms in different regions: the California Consumer Privacy Act (CCPA) and the Brazilian LGPD (both enforced in 2020), after those, privacy bills were proposed in Hawaii, Massachusetts, New Jersey, Pennsylvania, Rhode Island, Puerto Rico, and Washington.

All these are focused on protecting users’ personal data (and yes, according to the IAB, the IDFA is considered personal data under the GDPR for example). Moreover, privacy is one of the main concerns for mobile users. Splitmetrics even put privacy as one of their top mobile ad trends for 2021, adding that 36% of consumers stated that they were less comfortable sharing their information now than they were a year ago.

It’s no surprise that TikTok was the big success of both 2020 and 2021, but in those two years, the video-sharing app came under fire several times because of the way it was handling data. The app got in trouble with the US and Indian governments over this issue, and then later with the European Union, pushing ByteDance (the company owning TikTok) to announce that they would open a Transparency & Accountability center in Ireland in 2022, like the ones they opened in Los Angeles and Washington.

Although it didn’t stop the Chinese app from giving itself permission to collect biometric data of US users, including faceprints and voiceprints in their new privacy policy in June 2021. Newspapers tackled the big question: is TikTok safe? The answer seemed to be a consensus: it collects as much data as other social media platforms like Facebook, Twitter, or Instagram.

That heavy coverage of privacy issues with TikTok (in addition to the US government threatening to forbid them access to the American market) shed a light on the privacy concern shared by so many mobile users. It’s not just about which company has access to your personal data, but if you trust them or not on how they will use it.

Users are heavily invested in the topic, whether it focuses on the treatment of their personal information or the ads they’re targeted by:

• 41% of mobile users said that receiving unwanted marketing communications was one of their main privacy concerns
• 84% of the participants of Cisco’s Consumer Privacy Survey said they cared about privacy and wanted more control over how their data is being used.

Data security is at the forefront of users’ worries, as can attest to the critical success of the documentary The Social Dilemma which streamed on Netflix and gathered a lot of attention when it came out.

Users have a lot of questions about their privacy, now more than ever they are less trusting of companies’ use of their personal information. The key to success in a privacy-conscious era is to make sure you are trustworthy to your users so they feel safe entrusting their data to you. This is why Apple made privacy the cornerstone of its 2021 WWDC, after the release of iOS 14.5, which already brought a lot of change privacy-wise on Apple’s devices.

Apple’s App Tracking Transparency framework and advertising after iOS 14.5

In June 2020, Apple took the mobile industry by storm announcing their App Tracking Transparency (ATT) framework that would change the way the Identifier for Advertisers (IDFA) could be accessed and used for advertising tracking. This meant that, after the launch of iOS 14.5 (on April 26, 2021), developers would need to collect an explicit opt-in from users before being allowed to access their IDFA.

The IDFA is an essential tool of personalized ads, it’s also the primary means by which iOS ad campaigns are measured and optimized. That announcement caused a lot of fear in the advertising industry, how can you offer personalized ads if you’re not gonna get access to the IDFA? Everyone agreed that users would be most likely to refuse tracking, especially when asked with such vocabulary. 

Eric Seufert notices on Mobile Dev Memo that the official ATT prompt that apps have to showcase (at least the non-modifiable part of it) is wildly different from the one Apple uses. Developers cannot change the first part of the prompt which says “[name of the app] would like permission to track you across apps and websites owned by other companies”. 

He argues that the ATT prompt text is loaded, making users focus on the tracking part which can be scary and won’t encourage them to accept tracking. Meanwhile, in an iPhone’s settings when choosing to opt-in or opt-out of personalized advertising, Apple is only asking if you want to activate personalized ads or not without mentioning that you allow tracking. 

Even though Apple’s wording can be questioned, the prompt is there to ensure that users have all the facts at their disposal. Developers who want to better inform their users can always set up a pre-prompt page and personalize the prompt (to some extent) to help users trust them. The website attprompts.com is registering examples of ATT prompts on a variety of apps.

Before iOS 14.5, Apple’s users could still opt out of tracking, but they had to go into their settings and search for it. The arrival of GRPD and other privacy laws emphasize the fact that opting-out is giving less choice to the user than opting-in. Users who activated the Limit Ad Tracking function in previous iOS are automatically classified as if having refused tracking and won’t see ATT prompts.

Developers are also allowed to choose when the prompt will appear and if they want to show a pre-prompt page where they will have more space and freedom to explain to their users why they should allow tracking.

So far, the ATT opt-in rate is around 20%, as was feared by most advertisers. In two months of existence, ATT is shaping ad spending. As a matter of fact, with the rising adoption of iOS 14.5 (which reached a 70% adoption rate in late June), people are moving their ad spend to Android. Digiday has observed a clear shift, stating that marketers are choosing to allocate more money to Android than Apple.

Others tried to fight back against the loss of IDFA by implementing their very own identifier like Chinese tech giants who tried to implement CAID (Chinese Advertising ID). They were trying to recreate an identifier similar to IDFA to not lose any reach with the implementation of ATT, as they would not need to ask for consumer consent to access and use CAID. However, CAID was quickly banned by Apple, preventing its use.

But ATT is here to stay, presented as the long-awaited answer to consumers’ need for privacy. But Apple has heard the doubts of marketers (and the drop of ad spend on iOS) and has announced in their WWDC 2021 that advertisers would receive a copy of SKAdNetwork postback when iOS 15 goes live. This will allow marketers to have access to new data, some of which they had before losing access to IDFA.

iOS 15 is going all-in on privacy

With the adoption rate of iOS 14.5 (and now 14.6) rising, more and more consumers are faced with ATT prompts, the majority of them choosing not to be tracked. And Apple is planning on moving forward with even more privacy functions launching with iOS 15 in the Fall.

Have you ever wondered what happens to all the data your phone collects? iOS 15’s App Privacy Report is there to answer those questions. It will allow users to see a detailed overview of which apps asked for personal information and how they’re using it. Available in the iPhone settings, it will showcase how many times apps have accessed data, which kind of data (contacts, microphone, etc.), and where this information is going.

iOS 15 also promises new features to protect users’ emails with Hide My Email or further preventing tracking with iCloud Private Relay and Intelligent Tracking Prevention. 

App Tracking Transparency is changing the game of mobile advertising, and as usual, big changes go hand in hand between Apple and Google.

Android 12 and the cookie apocalypse

While Google seems to be reaping the benefits of the ATT framework, for now, the tech giant is still advertising a big shift on privacy, mainly through their privacy sandbox and what has been called the “cookie apocalypse”.

In 2019, Google announced the Privacy Sandbox, the initiative aims to create a safer web notably through their browser, Google Chrome. The purpose of the privacy sandbox is to lay third-party cookies to rest. Websites won’t be allowed to track users thanks to cookies, they will have to rely on Google’s FLoC (Federated Learning of Cohort) which will analyze users’ behavior locally, directly in Google.

Dubbed the “cookie apocalypse”, the privacy sandbox will be deployed in late 2022, meaning Google could start phasing out third-party cookies in 2023. Their main goal is to convince advertisers that the replacement of individual identifiers by group identifiers will not devaluate the success of their ad campaigns.

While Google is pushing developers to rely more and more on them, its advertising unit is also the target of an antitrust lawsuit in the European Union. The progressive disappearance of third-party cookies in Google is seen by some as a move that will give the tech giant even more power in advertising. The Californian firm already controls half the global interactive advertising business; soon, it will have unrivaled access to its browser’s users’ data. 

Although Google’s Privacy Sandbox was tailored for Chrome, it’s now also coming to mobile. In June 2021, Google informed developers that with Android 12, when users opt-out of ads personalization their advertising identifier (GAID) will no longer be available.

Despite some similarities, this differs from Apple’s ATT. For starters, Apple’s ATT prompts are opt-in and show up individually on every app. Meaning that users will have to make a tracking decision for every single app, one at a time, and as long as they don’t explicitly accept tracking, tracking refusal will be considered as the default setting.

Google’s solution will let users opt out of personalized ads, but they will have to do so on their own (search for the setting in their phone by themselves). Once they opt out they will opt-out of tracking for every app.

This means that in iOS, tracking will be off by default and users will need to opt-in on an app-to-app basis while it will be on by default in Android where users will have the opportunity to opt-out for all of them at once.

What happens now?

Personalized ads are the backbone of the freemium models. They also bring more revenue than regular ads. In 2016, a study led by IHS Markit found that the click-through rate for targeted ads was 5.3 times higher than for traditional ads. It even increased to 10.8 times higher when the person being targeted had clicked on similar ads before. However, both the Privacy Sandbox and ATT are gonna make it more difficult for marketers to collect data.

Because of these changes, ad personalization will rely more heavily on first-party data, your ad campaigns will depend on the data you were able to collect on your users. There are several ways to collect it, whether it be through registration information, in-app surveys, or behavioral data. 

Both Apple and Google’s new regulations will shift the power imbalance in data collection. Under the guise of protecting the user’s privacy, they are awarding themselves with even more power. The European Commission has started an investigation to look into possible anti-competitive conduct by Google regarding the disappearance of third-party cookies.

Because it will be harder for developers to collect data by themselves, they’re more likely to have to rely on Google and Apple’s share of first-party data, which allows them access to consumer’s behavioral data. However, you can bypass this kind of data by focusing on a contextualized approach. Meaning you’d adapt your ad to the context in which it is shared (like advertising your gaming app next to gaming articles).

First-party data and contextual advertising are the only techniques that don’t require cross-site tracking, which makes them useful tools in a privacy-conscious era.

While it’s clear that both Google and Apple will gain a lot with their new privacy regulations, it’s important to remember that, outside of a power play led by the two major players of the mobile industry, users are still asking for privacy. Their bold moves are answering a very real demand from mobile users, we just have to be careful about how it’s executed. 

The CEO of Brave (a privacy-focused browser company), Brendan Eich said in a Fast Company article: “Privacy-first means user-first, not Google-first”. Google and Apple are playing a rigged game where they hold the advantage and will likely gain from the rising prices of online advertising. But at the heart of the privacy issue is the growing concern from users and their data.

Give users what they want

There’s little doubt that both ATT prompts and the disappearance of third-party cookies will push marketers to advertise on platforms that possess a huge amount of first-party data (like Facebook and Google) and who won’t need to rely on cross-tracking. It doesn’t mean that you can’t play your cards well enough to come out on top of the situation. 

A study led by Akamai found that 58% of consumers would let companies they trust use their data to improve their experience. If you want to collect useful data from your users, you need to make them trust you, and be clear about what you’re gonna do with the information they give you.

In the wake of those privacy updates, it will become essential to build a trusting relationship with your consumer base. Figure out who they are, what they like, and why they are using your app. Interact with them as much as you can (whether it be directly in-app or with social media), create a bond. 

People care about privacy because they want to be treated as humans and not raw data or marketing products, they want their experiences to feel more genuine and safe.

How to build a privacy-friendly app

To nurture a trusting relationship with your users, you need to make sure that your app is tailored to respect their privacy. Bruce Gustafson, CEO of the Developers Alliance, is giving great recommendations on how to build a privacy-friendly app:

• Keep your data requests appropriate (don’t ask for information you don’t need to run your app efficiently), 
• Purge and audit your data from time to time, you don’t need to keep old data. Not only you won’t have to stock it but your users might be reassured to know you won’t keep years of their data when you only need the most recent ones. As for those you need to keep, you can encrypt and segment it to add an extra layer of security
• Be transparent, explain why you’re collecting data and how you will use it, your privacy policy should be found effortlessly on your app and easily understandable
• Pay attention to when you’re asking, ask for the necessary information at first, then wait until you have built a reliable bond to ask for more, always explaining why you need it of course!
• Give users a choice, for those who don’t feel comfortable sharing data, you can always rely on contextual advertising
• Don’t sell data, you will lose control over it and may still be held accountable for what others have done with it (and lose your audience’s trust in the process)
• Be careful about changing the rules, always warn your users before changing your privacy policy 
• Stay up to date with legislation, if you cover a large territory some of your audience may fall under a specific jurisdiction and you will need to comply
• Have a disaster plan ready, you never know if or when a breach could happen but you need to be ready and figure out how to reassure your users in case it happens

If you want your users to trust you, you need to give them reasons to!

Let’s recap!

Privacy is a legitimate concern shared by a majority of online users. Governments have understood that and tried to set up legislations (like GDPR and CCPA) to improve online safety, and now Apple and Google are making waves in the digital world. 

Apple’s App Tracking Transparency feature and Google’s Privacy Sandbox are pushing for a clear shift in the digital advertising industry. They’re waving an apparent war against tracking but it’s clear that reducing third-party access to tracking will benefit them while allowing them the illusion of providing their users with more privacy. 

These changes cause concern because ads are an essential part of the app world economy. But you don’t have to sacrifice privacy to run a successful ad campaign. You don’t need user’s data just for advertising, sometimes you also need it to improve the user experience on your app. But whatever you do, you can’t break your user’s trust, it’s the most important thing you have. 

Even though big changes are on the horizon, Google and Apple’s power play will push developers to rely more on first-party data. Doing so is not always a burden, you can make sure your app is safe for your users and offer them the best experience possible without alienating your audience with security issues.

In the long run, reorganizing your app around first-party data and making sure your users feel safe will be beneficial for your brand. The mobile landscape is always evolving, but creating a trusting relationship with your users is an invaluable tool to withstand those changes.

What can you do to stay relevant to your target audience?

• Expand your collection of first-party data or rely on sources that already have them
• Bet on contextual ads if you lack relevant data
• Create a trustworthy image of your brand and bond with your target audience
• Be responsible with the data your users entrusted you with
• Build your app to be privacy-conscious

What are your thoughts on this? Did you notice any changes after the implementation of ATT prompts with iOS 14.5? Tell us in the comments!