Saturday, October 23, 2021
Ios/Mac

AppLovin SDK Re-Routed Apple’s SKAdNetwork Postbacks To Itself


Mobile advertisers say that ad network AppLovin routed marketing outcome data from an Apple iOS 15 framework to itself, rather than to advertisers themselves. If true and intentional, this would be a violation of trust between Applovin and its customers.

“There have been several reports within the gaming vertical that the AppLovin MAX SDK is overriding and setting by default their own endpoint to catch all iOS 15 SKAN postback copies, which contain very sensitive attribution data,” an anonymous tip sent to industry forum MobileDevMemo says. “This was caught when developers from big game studios reviewed the building process of their iOS apps when using the AppLovin MAX Unity SDK. They noticed that their endpoints were automatically replaced while building their apps. AppLoving set their endpoint with the highest priority, effectively overriding any configuration developers may have set.”

Eric Seufert, mobile analyst, owner of MobileDevMemo, and former marketing executive for Rovio, notified me about the issue.

Since then, at least one industry expert provided corroboration.

“We have discovered that they are setting NSAdvertisingAttributionReportEndpoint to their own endpoint in the postprocess script in Unity plugin 4.3.6/4.3.7, so if someone is using internal or [an] MMP solution to collect Postback copies and have this version of AL SDK [they] might be very surprised,” a data scientist at a major European games publisher told me.

(This person was not the original leaker, but also wishes to remain anonymous since they are not allowed to speak to the press for their company.)

This is a complex and technical issue.

In plain language, with context, what is happening here is this:

  1. Apple released iOS 14.5 this year with more privacy features, including App Tracking Transparency (ATT)
  2. ATT on iOS 14.5 allowed iPhone owners to choose whether to reveal an identifier called IDFA to advertisers or not (in the past, advertisers saw IDFAs for iPhones whenever their owners saw or clicked on an ad)
  3. Mobile marketers used IDFA to measure results of ad campaigns, especially for mobile app install ad campaigns
  4. Since only about 20% of people opted in to tracking in iOS 14.5, IDFA is essentially deprecated: it’s no longer useful for measuring ad campaigns
  5. However, since Apple knows that advertisers do need to know if their ads are working, Apple created a privacy-safe methodology for marketing measurement, called SKAdNetwork
  6. In iOS 14.5, Apple’s SKAdNetwork informed ad networks when an ad successfully resulted in a mobile app installation via a technology called a postback (without revealing precise information about the person or device on which the install occurred)
  7. In the very recently released iOS 15, that notification now goes to advertisers themselves, or a service they designate
  8. Mobile app publishers allege that AppLovin overrode this functionality to continue getting the SKAdNetwork postbacks, rather than respecting their wishes as reflected in their code
  9. AppLovin says (see below) that this was documented and expected behavior, and can be changed by advertisers, and has made changes to respect advertisers’ choices

After publishers inquired, my source says, AppLovin reverted the change and published a new version of their SDK where using the AppLovin endpoint is optional. The company’s demo app, published on GitHub, shows multiple edits in the past two days after just two in the past month.

Applovin essentially says this was a misunderstanding.

“Currently Apple supports a single endpoint and AppLovin supports forwarding this data to multiple endpoints for convenience (including MMPs, with whom we have already successfully tested forwarding at client request),” a representative told me. “While many of our developers manually enable [NSAdvertisingAttributionReportEndpoint] using the instructions in our documentation, our Unity plugin allows developers a way to automate many steps of an integration process, including the feature in question. As is common practice for all similar Unity plugins, it is designed to create an app that is ready to test/submit to the app store. This feature request was documented for all developers using native integration and our Unity plugin.”

(See AppLovin’s full statement below for more details.)

Complicating all of this is massive consolidation in the mobile adtech space.

Since Apple’s new mobile operating system has made third-party data much harder to get, mobile ad networks have engaged in a frenzy of consolidation this year: seven billion-dollar acquisitions in the first quarter, and multiple since then, including InMobi buying Appsumer just today. More companies under one roof means more valuable first-party data. Part of this consolidation was Applovin buying Adjust, a leading mobile measurement company, in a billion-dollar deal in February. (Full disclosure, I do some consulting for Singular, which is a competitor to Adjust.)

It’s a data arms race, says Eric Seufert.

“Apple forcing attribution through SKAdNetwork with ATT catalyzed an arms race for data, including SKAdNetwork postbacks,” Seufert says. “Much of the ad tech consolidation we are seeing now results from the immense competitive advantage that data access provides in this new environment, but of course M&A is just one potential pathway to that data.”

The key question in all the consolidation: whose interests are being served?

As is usual in big tech, every party’s incentives seem incredibly tangled.

Apple wants to enable more privacy for its customers, sure, but its changes also hurt big rivals like Facebook (and Google, if the changes eventually force Google into less efficient but more private advertising practices). Ad networks are buying more and more of the mobile advertising/marketing/measurement/monetization/mediation pie to compete with Facebook and Google and to bank more first-party data and hedge against loss of third-party data from Apple’s privacy moves. But does that really serve advertisers? Or, for that matter, mobile customers, the ones without whom there wouldn’t be a market.

They actually may: one-stop shopping is more convenient and faster. The question is, what might be lost in the process?

The answer is unclear.

What is clear is that building in public, as AppLovin has done by releasing source code on GitHub, ensures the industry can hold itself to account. Or at least, doublecheck that what’s happening is completely kosher.

And that, perhaps, is not a bad thing.

Here is AppLovin’s full statement on the matter:

“MAX suite of tools includes analytics tools that help our clients grow their business. We have multiple ways to present data to publishers and let them better operate their business. With iOS 15, Apple has given developers the ability to receive a copy of their network install data (known as NSAdvertisingAttributionReportEndpoint). MAX’s Global SKAdNetwork Reporting was built to allow developers to visualize this data in their dashboard along with their other key data. Currently Apple supports a single endpoint and AppLovin supports forwarding this data to multiple endpoints for convenience (including MMPs, with whom we have already successfully tested forwarding at client request).

While many of our developers manually enable [NSAdvertisingAttributionReportEndpoint] using the instructions in our documentation, our Unity plugin allows developers a way to automate many steps of an integration process, including the feature in question. As is common practice for all similar Unity plugins, it is designed to create an app that is ready to test/submit to the app store. This feature request was documented for all developers using native integration and our Unity plugin.

We have multiple ways to present data to publishers and let them better operate their business. We are responsive to feature requests from our developers. With iOS 15, Apple has allowed/given the ability for developers to receive a copy of their network install data. MAX’s Global SKAdNetwork Reporting was built to allow developers to visualize and see this data in their dashboard along with their other monetization data. While many of our developers manually enable this feature using the instructions in our documentation, our Unity plugin, along with other processes, automates the process for developers. This allows the developers a way to automate many steps of an integration process (in this case, MAX which includes defining the SKA endpoint) and is intended to run at the overall building of the Xcode project. As is common practice for all similar Unity plugins, it is designed to create an app that is ready to test/submit to the app store. This feature request was documented for all developers using native integration and our Unity plugin. The initial version of the plugin was designed to automate the process for developers and per developer request, the latest version was updated to support a new feature that accommodates reporting manually, following the instructions in our documentation.”



READ SOURCE

ALSO READ  iPhone production targets report not accurate, says Foxconn

Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.