For the past year, iOS device fingerprinting has been a popular — and sometimes only available — method to reliably identify end users for advertising and other purposes. However, the recent enactment of Apple’s new privacy rules for IDFA-based tracking has made it much harder for developers to use this approach. Some have found ways around Apple’s restrictions but doing so typically buys them an App Store submission rejection or in some extreme cases, an account suspension. Others have opted to abandon the technology entirely. This leaves the mobile ad tech industry scrambling to find alternatives that can deliver a comparable level of performance.
While it might be difficult to feasibly iOS device fingerprinting replicate the full set of characteristics used for IDFA fingerprinting, there are many other factors that can collectively provide an excellent substitute: device type, OS version, screen resolution and language settings, list of installed apps, hardware information, network connectivity and MAC address. The key is to be selective about the data collected; enough signals gathered over time can create a highly unique and stable profile that cannot be replicated by another end user.
One option is to build a fingerprint using the persistent bits that are freely available on most iOS devices (hardware, disk and memory size, OS and kernel information). This approach has the advantage of not being dependent on consent from the end user. Another option is to use location tracking but that requires the user to install a management profile on their device which is an expensive, complex and resource-heavy process.
It might seem counterintuitive that marketers would continue to employ device fingerprinting techniques after Apple rolled out its new privacy rules for IDFA-based tracking but the reality is there are no easy replacements. It is also important to note that the vast majority of iOS users have no idea that they are being tracked with this type of metric – a large portion simply view it as part of their normal web or app usage.
Regardless of the specifics, it is clear that Apple intends to prevent developers from circumventing its restrictions and that those who do face potential scrutiny from App Review. The shady methods for bypassing this include the integration of third-party SDKs that enable what is known as device fingerprinting or probabilistic attribution, which involves leveraging the same types of data points used to calculate an IDFA for advertising purposes. The most common example is the SDK from Adjust which is now being banned from the App Store.
While many in the marketing industry have dreaded the day that Apple finally enforces its ATT rules, there are some who believe it’s worth the risk to continue with device fingerprinting if they can develop alternative technologies that offer a similarly high-performance solution. This is particularly true for marketers looking to mitigate fraud, such as payment fraud, chargebacks and loyalty program abuse. The specialized data sets collected by SEON’s device fingerprinting technology are tailor-made to this type of use case.