Since the news around iOS 14 and its upcoming limitations to the use of IDFA on Apple devices, clients have been reaching out to us, on how this will impact Fraud Detection and if we see new types of Fraud resulting from this. We hear very different theories, where some say that fraud will decrease and others say it will increase. We thought it may be a good idea to share our view on it. Up until now, IDFA permission was a smartphone-wide option, deep inside the devices’ settings. While users had the option to opt-out of tracking, a significant percentage of them, might not even have known about it, let alone know that such a system even exists.
The drop-off rate of this change, is expected to be 50% but it does not mean that App-Installs cannot be attributed anymore. Apple has released SKAdnetwork, which is an internal development class, for attributing installs while maintaining user privacy.
SOME THOUGHTS AROUND ATTRIBUTION
Will Apple allow ClickIDs to be passed down?
If they did, install attribution would be no problem for networks, since every Click ID is unique and does not reveal the user’s privacy.
Will SKAdnetwork attribution be as accurate as previously IDFA?
We believe that it will be pretty accurate and MMPs are likely to be using a mixed attribution model. They will use IDFA where possible and then SKAdnetwork, as a fallback, when IDFAs are not available.
Will this have an impact on post attribution events and its tracking?
Yes, most likely this is where it will have the highest impact on. Apple wants to prevent user tracking around this.
Will Apple allow ClickIDs to be passed down?
If they did, install attribution would be no problem for networks, since every Click ID is unique and does not reveal the user’s privacy
Will SKAdnetwork attribution be as accurate as previously IDFA?
Our belief is that, it will be pretty accurate and MMPs are likely to be using a mixed attribution model, to use IDFA where possible and then use SKAdnetwork, as a fallback, when IDFAs are not available.
Will this have an impact on post attribution events and its tracking?
Yes, most likely this is where it will have the highest impact on. Apple wants to prevent user tracking around this.
IMPLICATIONS OF iOS 14 ON FRAUD DETECTION
The opinions on the fraud development range widely. From claiming that there will be less fraud, to claiming the opposite. Also, one of the questions we get asked frequently from our clients, is, if we see new fraud types evolving. Firstly, data points such as IP-address, User Agent, CTIT amongst others, will still be available as before. Only in cases where the user would not opt-in to the IDFA tracking, this data would not be available. Duplication detection is currently done using IDFAs but can already be easily evaded by generating a new IDFA.
ADDITIONAL POINTS
Missing IDFA/ Impact on Fraud
IDFA data will not heavily impact fraud detection purposes. We can see additional requirements to the shared IDFA data. Technically, we could encrypt or generate a non-reversible hash value of the IDFA after the scan. This way, the data remains safe, while checks around IDFA are still performed.
Duplicate Installs
Fraudsters already learned how to do this years ago, so it is unlikely that this will have direct impact on increased fraud rates from duplicate installs. We are still able to help on this with Duplicate IP Detection.
Fraud Database based on IDFAs
This will get impacted most likely. Alternatives such as fingerprints and possibly IPv6 can provide solutions, but these will not be direct replacements and will not work in all cases.
Impact on AdRates / CPI Rates
If the introduction of iOS 14 would lead to a reduced Conversion Rate, it could be compensated by higher pay-outs, which in return would attract more fraudsters.
IDFA data for the purpose of fraud detection, may still be able to receive the full data set including IDFA. We can see additional requirements to the shared IDFA data. A technical solution to this, would be to encrypt or generate a non-reversible hash value of the IDFA after the scan. In this way the data remains safe, while checks around IDFA can still be performed.
Duplicate Installs
Fraudsters already learned how to do this years ago, so it is unlikely that this will have direct impact on increased fraud rates from duplicate installs. We are still able to help on this with Duplicate IP Detection.
Fraud Database based on IDFAs
This will get impacted most likely. Alternatives such as fingerprints and possibly IPv6 can provide solutions, but these will not be direct replacements and will not work in all cases.
If the introduction of iOS 14 would lead to a reduced Conversion Rate, it could be compensated by higher pay-outs, which in return would attract fraudsters.
IN SUMMARY
We don’t believe at this stage that new types of Fraud will evolve solely based on the introduction of iOS 14. On the other hand, post conversion events may become more difficult to track and accuracy of those may go down. The attribution model as it is today, will continue to work, since Apple itself has no interest to damage the iOS ecosystem and possible drop-off could be compensated with higher pay-outs. At this time, nobody is able to tell exactly how these changes will impact our industry. We are keeping a close eye on the development of this and we will release a second update when necessary.