Optimizing user opt-in on iOS 14: how publishers can prepare for IDFA changes
November 23, 2020
Apple announced in September that as part of the new iOS 14’s privacy features, app developers will be required to ask users for consent before accessing their IDFA (Identifier for Advertisers) for tracking and personalization. And as of December 8, developers will also need to submit privacy info to be displayed in the App Store for consumers to view prior to download.
Facebook has since warned its partners that given Audience Network’s dependence on app advertising, the changes to IDFA would hinder advertisers’ abilities to target campaigns and consequently, impact publisher monetization efforts. While the move towards privacy is welcome, publishers and developers are left scrambling to protect monetization on an important advertising channel. Apple’s subsequent decision to delay implementation until “early 2021” provides a much-needed adjustment period.
We’ll go over a few key considerations for optimizing consent rates, including the importance of communicating value exchange, designing for user experience, and the continued importance of regulatory compliance.
From opt-out to opt-in: changes to IDFA access
Before iOS 14, Apple users could turn on “Limit Ad Tracking” in settings to opt out of IDFA, but not other cross-contextual identifiers.
iOS 14 includes a new setting, “Allow Apps to Request to Track,” which enables apps to surface iOS permission dialogues and collect consent to access the IDFA. If a user wishes to opt out of all tracking, they can toggle “Allow Apps to Request to Track” off in their settings and will no longer receive in-app consent messaging. Until privacy features for iOS 14 go into effect however, the IDFA of a user remains available for tracking purposes by default. When enforcement begins in full force, developers will no longer be able to access the IDFA unless they have obtained opt-in consent.
Apple also plans to remove apps from the App Store if they are found to be using other methods of pseudonymous mobile identification like fingerprinting. While GDPR similarly requires consent for pseudonymous identification, the iOS 14 UX/UI makes it especially difficult for developers to obtain opt-in.
Establishing a transparent value exchange
According to a 2019 study by Harvard researchers, increasingly privacy-conscious consumers are evaluating their interest in personalization against their concern for privacy. Ad platforms can only grow trust among consumers when they are both transparent and deemed to be adhering to acceptable privacy procedures and regulations. It then follows that consumers are not inherently opposed to sharing their data for personalization so long as the publisher or advertiser builds trust through transparent conversations.
Unfortunately, the permissions message in iOS 14 that asks users to allow apps to track them presents little room for publishers to establish trust with their users regarding their use of data for personalization. To bridge this gap, developers should surface primers before the iOS message, explaining how personalized advertising supports the free content or utility the app provides. And even if a user declines tracking, developers may surface reminders and help easily navigate a user to their settings if they change their mind.
Leveraging analytics for optimal user experience
Our research has found that consumers are more likely to opt in to a company’s privacy policies if they have a good user experience. Given that opt-in will be requested via both iOS messaging and CMP messaging, developers will need to be extra careful to streamline the consent experience while ensuring compliance with multiple frameworks.
To optimize consent rates, A/B testing for message flow and timing will be a crucial capability of CMPs on apps. The ability to capture consent rates and analyze where in the user journey consent action is taken can help developers best determine the timing to present opt-in messaging before and/or after the native iOS privacy message.
Regulatory compliance and monetization on iOS 14
One thing that doesn’t change is the need for a CMP to ensure regulatory compliance. Though the consent framework for IDFA (AppTrackingTransparency) relies on explicit consent from the user, the consent given in iOS 14 native messaging for tracking does not meet other GDPR requirements:
The iOS dialogue window does not provide enough information on what a user is consenting to, including the purposes for which their data is collected and which parties access that data.
Ease of withdrawing consent
It’s harder for an iOS user to withdraw consent once they’ve given it, since they would have to navigate to a specific place in settings to do so. This violates the GDPR principle that consent must be as easy to withdraw as it is to give.
Opt-in consent for third-party processing
GDPR requires that publishers inform consumers of which vendors or third parties they have shared data with. Yet iOS 14 provides no visibility into which downstream entities would have access to their IDFA, or for which purposes.
CMPs will continue to be important in ensuring GDPR compliance. And with the ability to transmit standardized yet fine-grained privacy preferences across devices including web, AMP, mobile app, and OTT, CMPs enable monetization with a high degree of functionality, which is lacking in Apple’s native solution.
Digital advertising stakeholders, represented by associations such as the IAB, have voiced their concerns regarding the disproportionate threat to advertising revenues that the update presents. In an open letter to Apple, the IAB highlighted that the unilateral changes from Apple create redundancy in consent experiences while carrying a high risk of user refusal. Urging interoperability, they also emphasized that Apple’s privacy feature does not syndicate consent signals to other vendors, thus leaving a gap in monetization efforts for publishers and developers while strengthening Apple’s competitive advantage.
The value of dialogue
From Google Chrome’s announced limitations to the third-party cookie to Apple’s restrictions on cross-contextual personalization, the past year alone has proven that Big Tech influences privacy standards just as much as regulations. As the ecosystem evolves to strengthen data privacy rights, media sellers must think beyond compliance and towards optimization. More than ever, app developers and publishers need to engage in transparent dialogue and deliver optimal user experiences if they want to maximize opt-in.
To find out how Sourcepoint can help you capture consent for IDFA and ensure GDPR compliance, contact us.
Latest Blog Posts
Apple announced in September that as part of the...
Sourcepoint acquired RedBud to provide deeper privacy compliance insights...
We’ve seen many successful transitions to TCF v2 with...
Latest White Papers
In this paper we will explore why the most...
Keep in touch
Sign up for our newsletter to keep up with the latest privacy and media news.