Each year around the world over half a trillion dollars1 is spent on advertising, which begs the question, does it work? In a 2 part series award-winning author, journalist and podcaster Stephen Dubner asked this question, engaging with academics and industry to understand the measurement challenges and interrogate the question.
Over the past few weeks since Apple’s World Wide Developer Conference (WWDC) keynote (love the 3 am start to watch live), much has been written about the new steps they are taking to protect privacy.
The discourse online over the past few years has been much the same, as digital marketers seek to find a new way to mitigate the impact of Apple’s new initiatives.
From a data and marketing side, the current tap is slowly losing pressure, from a privacy side, Apple is shining a light on the methods that some, including myself, would suggest are unscrupulous. To put this in context, what possible reason do analytics organisations have for sending information like battery, storage, memory and CPU usage, among the metrics that you might expect?1 or TikTok, LinkedIn and others have to keep looking at your phone’s clipboard?2
What has become clear is that some groups are not very happy with the recent changes, with many complaining that Apple is not adhering to the industry standard in enforcing every app to a seek permission to track users. With some saying the new pop-up warning and the limited ability to customise still carries “a high risk of user refusal.”3. Is this to say that some marketers are only interested in tracking the most possible users?
What is Apple doing
In June each year, Apple holds its developer conference, announcing the next iteration of software to run on your Apple device. In this, they revise many of the inbuilt APIs (application programming interfaces) to enable innovation to occur on their platforms. In some cases, they add APIs, in others, they change them, and sometimes they deprecate them.
The biggest change announced last month is that any app that seeks to track a user, either through their application or third party software development kit (SDK) in their application, will need to seek permission displaying a notification like the image. Though it is worth noting the user’s ability to limit ad tracking is not new, this is simply bringing it to the user’s attention.
While many would argue that this change is solely to impact advertisers, I would disagree. From an Apple perspective, these changes are grounded in the culture and organisational values.
Marketers and advertisers are becoming challenged by the principles set down by Apple as an organisation. It is these principle which guide Apple in their relentless pursuit of delivering world-leading consumer experiences. A perspective often overlooked by marketers and advertisers who are oft prioritising user data over consumer centricity.
It is these principles of one of the world’s biggest companies that will continue to cause friction among marketers and advertisers. The next most important change is not going to come from Apple; their pursuit of upholding their own standards is set. The most important change will now come from the industry forced to do so, courtesy of Apple’s benchmark and share of the advertising space.
In making these changes, they are forcing developers to understand what third party libraries such as analytics libraries are doing with the information that they collect. They are forcing developers to correctly declare what information their apps collect, how it is used and shared or risk being kicked off the App Store4.
While this change is the driver behind most of the articles I have seen, it is worth noting that there are a number of other changes being made that may also impact the collecting of adverting data, both from the release of Apples next major software updates, likely September and in the next few years. In the next year, we are likely to see the ability for a user not to provide accurate location information and the further randomisation of device details when connecting to public wifi networks to be the most significant change. While the location changes will impact applications, it will not impact Telco’s from collecting this information using their towers.
Looking beyond this year, Apple has started to provide more support to technologies that make DNS queries private and are working with industry bodies to develop a standard of enabling the privacy of SNI data. Both of which represent opportunities for Telco’s and ISPs to track users.
Now I can hear many asking what DNS and SNI are. DNS or domain name system is like the phone book of the internet; it maps a domain like google.com.au to an IP address like 188.8.131.52. SNI or server name indication? In short, is the technology that allows servers to host multiple websites at a single IP address, without it we would not have been able to have the rate of growth we have seen on the internet5.
Though it is worth noting that Apple is not blind to the needs of advertisers and their own advertising revenue through App Store ads, in this release where they have added increased transparency for users, they have also added a new method to validate app install campaigns6.
The path forward
In my view, I feel that while there is still an opportunity to derive short term advantage in leveraging tracking on Apple devices. The opportunity for almost all organisations to derive sustained competitive advantage, which should be the ultimate goal of all business activities, through tracking on Apple devices is a thing of the past. This is not the first year, nor will it be the last that when one of the worlds largest companies puts the blow torch to advertiser data collecting in defence and promotion of user privacy. For those unsure still not convinced on this, I would encourage you to look at the amount of time Apple spends on this topic in the public presentations. It got just under 5% of their WWDC Keynote, which was arguably their biggest in years.
Looking to the future, there is a need to innovate our use of mobile platforms to foster consumer relationships, ideally in ways that competitors cannot easily replicate. Indeed as Apple and many organisations have said there is an opportunity for brands to build trust through better privacy7. While the easy path out would be to keep adjusting to Apple’s changes, I believe that those that can pivot to a privacy and data minimisation approach will see the return over the long term.
Over the past few years, there has been a significant shift in rhetoric from Apple and Google as it relates to privacy. While Apple seeks to use privacy as a point of differentiation, the reality is Apple is the best of a bad bunch. There is much that needs to be done.
Indeed Apple has taken many steps to improve the privacy and sought to limit the data applications have access. They have not gone far enough.
We’ve all become familiar with their sleek brand positioning best captured in their “Privacy. That’s iPhone” campaign. A step that did wonders for the brand’s perception in market. But unfortunately for consumers, the big Apple is still complicit in enabling many applications to extract significant amounts of data from users phones / tablets for what can only be considered user profiling and tracking. Which prompts the question, why else would numerous apps need to send battery percentage or phone carrier information back to their servers? Further, why should any app be allowed to make calls out to servers before the app has fully launched?
Apps do have a legitimate purpose for accessing these types of information to deliver better user experience, and there are valid reasons for some applications to connect to third parties and the internet upon launch. Its worth noting that any solution posed to limit their access would be complicated. But really the question worth posing is while consumers may accept dialogue boxes for Bluetooth, microphone and location, would they be accepting of the many more dialogues currently unbeknownst to them which occur every time they open an app?
Amidst the array of arguments, the positioning around relevance and user experience, the onus is on the OS creators, app developers and ultimately brands to do more in controlling what applications extract from an individual’s personal device.
Since the introduction of GDPR and CCPA, all companies should be seeking to limit what data they collect regardless of where they are in the world. A legal lead approach is not all ways the best approach and developers and brands need to be good global citizens. In marketing circles, the notation that our laws will change sooner or later, means we need to embrace that data minimisation, better consumer engagement and value exchanges for experience are the future.
It is in this context that all organisations should seek to remove, to the greatest extent possible, any data collection that does not directly assist in them delivering value to consumers. Brands need to wake up and realise that they must differentiate to succeed in the long term. Differentiation based on the data they collect on consumers is not a long-term strategy for competitive advantage. The collection of data should seek to improve the user experience - in ways beyond targeted advertising. In my view those organisations that collect data purely for the purpose of targeting ads are in danger of falling victim to the renowned academic Michale Porters famous notationl; being all things to all people is a path for strategic mediocrity1.
So what data are they collecting?
The data connected differs from application to application, tracking library to tracking library. The below has been extracted from a network request2 for Flurry Analytics the “worlds most adopted app analytics” which is owned by Verizon Media. This information was collected upon simply opening a paid business focused application.
Information extracted using Charles Proxy. Importantly there are measures that some application developers take to stop Charles and similar tools working. ↩︎
Introduced in iOS 7 the identifier for advertising is an Apple supported id for advertising. The Android alternative is the Google Play Services identifier. Importantly these identifiers allow users to limit the extent to which they can be tracked by selecting limit ad tracking, though this is all but useless when users login to and app, unless the ads are being served programmatically with no other derived identifier. ↩︎
The Australian Governments has recently introduced laws that would force telecommunications companies to store metadata for two years, under the banner of counter-terrorism. Don’t get me wrong I have nothing wrong with the work that the government does in keeping us safe, however, given that number of hacks and breaches that occur these days, there are just too many risks.
Metadata that is collected by telecommunications companies can be used to track your every movement. In the hands of the wrong people, such information can be used to tell someone if you are at home.
Several years ago a German politician, Malte Spitz sued German telecommunications company Deutsche Telekom to get all the metadata that they had on him. He successfully got them to hand over a copy of this data, which he has turned into a visulisation that would scare many people and show just how invasive this data is. The 35830 data points used to make this visualisation have been made available to the public. Malte has gone on to give a speech on at TED titled ‘Your Phone Company is Watching’.
The amount of detail that metadata contains is enough to scare me and make me question just how much information does my phone company have on me?
Recently Telstra Australia’s largest telecommunications company has admitted that it currently has 3000 terabytes worth of metadata. In 3000 terabytes you could store approximately 1,500,000,000 photos!
While we live in an age where either government or private enterprise track most of our activities, we must start to question just how much information do they need?
At the end of the day, we are always going to struggle to stop our telecommunications providers collecting information on us. However, when it comes to the Internet and companies like Facebook, Twitter and Google, we can try to stop trackers or decide which trackers to allow using services like Ghostery.
Note: This article was updated in November 2019 to fix the typos of my younger self.