Over the past few weeks since Apple’s World Wide Developer Conference (WWDC) keynote (love the 3 am start to watch live), much has been written about the new steps they are taking to protect privacy.
The discourse online over the past few years has been much the same, as digital marketers seek to find a new way to mitigate the impact of Apple’s new initiatives.
From a data and marketing side, the current tap is slowly losing pressure, from a privacy side, Apple is shining a light on the methods that some, including myself, would suggest are unscrupulous. To put this in context, what possible reason do analytics organisations have for sending information like battery, storage, memory and CPU usage, among the metrics that you might expect?1 or TikTok, LinkedIn and others have to keep looking at your phone’s clipboard?2
What has become clear is that some groups are not very happy with the recent changes, with many complaining that Apple is not adhering to the industry standard in enforcing every app to a seek permission to track users. With some saying the new pop-up warning and the limited ability to customise still carries “a high risk of user refusal.”3. Is this to say that some marketers are only interested in tracking the most possible users?
What is Apple doing
In June each year, Apple holds its developer conference, announcing the next iteration of software to run on your Apple device. In this, they revise many of the inbuilt APIs (application programming interfaces) to enable innovation to occur on their platforms. In some cases, they add APIs, in others, they change them, and sometimes they deprecate them.
The biggest change announced last month is that any app that seeks to track a user, either through their application or third party software development kit (SDK) in their application, will need to seek permission displaying a notification like the image. Though it is worth noting the user’s ability to limit ad tracking is not new, this is simply bringing it to the user’s attention.
While many would argue that this change is solely to impact advertisers, I would disagree. From an Apple perspective, these changes are grounded in the culture and organisational values.
Marketers and advertisers are becoming challenged by the principles set down by Apple as an organisation. It is these principle which guide Apple in their relentless pursuit of delivering world-leading consumer experiences. A perspective often overlooked by marketers and advertisers who are oft prioritising user data over consumer centricity.
It is these principles of one of the world’s biggest companies that will continue to cause friction among marketers and advertisers. The next most important change is not going to come from Apple; their pursuit of upholding their own standards is set. The most important change will now come from the industry forced to do so, courtesy of Apple’s benchmark and share of the advertising space.
In making these changes, they are forcing developers to understand what third party libraries such as analytics libraries are doing with the information that they collect. They are forcing developers to correctly declare what information their apps collect, how it is used and shared or risk being kicked off the App Store4.
While this change is the driver behind most of the articles I have seen, it is worth noting that there are a number of other changes being made that may also impact the collecting of adverting data, both from the release of Apples next major software updates, likely September and in the next few years. In the next year, we are likely to see the ability for a user not to provide accurate location information and the further randomisation of device details when connecting to public wifi networks to be the most significant change. While the location changes will impact applications, it will not impact Telco’s from collecting this information using their towers.
Looking beyond this year, Apple has started to provide more support to technologies that make DNS queries private and are working with industry bodies to develop a standard of enabling the privacy of SNI data. Both of which represent opportunities for Telco’s and ISPs to track users.
Now I can hear many asking what DNS and SNI are. DNS or domain name system is like the phone book of the internet; it maps a domain like google.com.au to an IP address like 188.8.131.52. SNI or server name indication? In short, is the technology that allows servers to host multiple websites at a single IP address, without it we would not have been able to have the rate of growth we have seen on the internet5.
Though it is worth noting that Apple is not blind to the needs of advertisers and their own advertising revenue through App Store ads, in this release where they have added increased transparency for users, they have also added a new method to validate app install campaigns6.
The path forward
In my view, I feel that while there is still an opportunity to derive short term advantage in leveraging tracking on Apple devices. The opportunity for almost all organisations to derive sustained competitive advantage, which should be the ultimate goal of all business activities, through tracking on Apple devices is a thing of the past. This is not the first year, nor will it be the last that when one of the worlds largest companies puts the blow torch to advertiser data collecting in defence and promotion of user privacy. For those unsure still not convinced on this, I would encourage you to look at the amount of time Apple spends on this topic in the public presentations. It got just under 5% of their WWDC Keynote, which was arguably their biggest in years.
Looking to the future, there is a need to innovate our use of mobile platforms to foster consumer relationships, ideally in ways that competitors cannot easily replicate. Indeed as Apple and many organisations have said there is an opportunity for brands to build trust through better privacy7. While the easy path out would be to keep adjusting to Apple’s changes, I believe that those that can pivot to a privacy and data minimisation approach will see the return over the long term.
Over the past few years, there has been a significant shift in rhetoric from Apple and Google as it relates to privacy. While Apple seeks to use privacy as a point of differentiation, the reality is Apple is the best of a bad bunch. There is much that needs to be done.
Indeed Apple has taken many steps to improve the privacy and sought to limit the data applications have access. They have not gone far enough.
We’ve all become familiar with their sleek brand positioning best captured in their “Privacy. That’s iPhone” campaign. A step that did wonders for the brand’s perception in market. But unfortunately for consumers, the big Apple is still complicit in enabling many applications to extract significant amounts of data from users phones / tablets for what can only be considered user profiling and tracking. Which prompts the question, why else would numerous apps need to send battery percentage or phone carrier information back to their servers? Further, why should any app be allowed to make calls out to servers before the app has fully launched?
Apps do have a legitimate purpose for accessing these types of information to deliver better user experience, and there are valid reasons for some applications to connect to third parties and the internet upon launch. Its worth noting that any solution posed to limit their access would be complicated. But really the question worth posing is while consumers may accept dialogue boxes for Bluetooth, microphone and location, would they be accepting of the many more dialogues currently unbeknownst to them which occur every time they open an app?
Amidst the array of arguments, the positioning around relevance and user experience, the onus is on the OS creators, app developers and ultimately brands to do more in controlling what applications extract from an individual’s personal device. Since the introduction of GDPR and CCPA, all companies should be seeking to limit what data they collect regardless of where they are in the world. A legal lead approach is not all ways the best approach and developers and brands need to be good global citizens. In marketing circles, the notation that our laws will change sooner or later, means we need to embrace that data minimisation, better consumer engagement and value exchanges for experience are the future.
It is in this context that all organisations should seek to remove, to the greatest extent possible, any data collection that does not directly assist in them delivering value to consumers. Brands need to wake up and realise that they must differentiate to succeed in the long term. Differentiation based on the data they collect on consumers is not a long-term strategy for competitive advantage. The collection of data should seek to improve the user experience - in ways beyond targeted advertising. In my view those organisations that collect data purely for the purpose of targeting ads are in danger of falling victim to the renowned academic Michale Porters famous notationl; being all things to all people is a path for strategic mediocrity1.
So what data are they collecting?
The data connected differs from application to application, tracking library to tracking library. The below has been extracted from a network request2 for Flurry Analytics the “worlds most adopted app analytics” which is owned by Verizon Media. This information was collected upon simply opening a paid business focused application.
- OS Version
- Screen height and width
- Device model
- iOS Advertising ID 3
- Battery Percentage
- Disk Usage
- Phone or iPad Carrier
- Memory available
- CPU Load
- Session ID - Could only be for tracking.
- Session duration in milliseconds
Worth asking, is your data worth the experience?
Introduced in iOS 7 the identifier for advertising is an Apple supported id for advertising. The Android alternative is the Google Play Services identifier. Importantly these identifiers allow users to limit the extent to which they can be tracked by selecting limit ad tracking, though this is all but useless when users login to and app, unless the ads are being served programmatically with no other derived identifier. ↩