Tracking Methods for Mobile Applications

mobile app tracking hasoﬀers

Tracking methods for mobile applications

Table of Contents

1. Introduction

2. Device Fingerprinting

3. MAC Address

4. ODIN

5. OpenUDID

6. Cookie Tracking

7. UDID (Depricated)

8. TRUSTed Mobile Ads

9. Apple IFA and IFV Tracking Methods for Mobile Applications mobile app tracking Page 3 hasoﬀers

1. Introduction Mobile app conversion tracking presents unique challenges not found in traditional desktop browser advertising. Standard conversion tracking using pixels or postback is cut short when users are directed to a marketplace, like the App Store, where tracking cannot continue. Cookie-based tracking with pixels also fails when a user is directed from a mobile browser to a marketplace for mobile app installs. The mobile app also cannot read cookies set in the mobile browser without a fairly disruptive user experience. Standard cookieless tracking methods, utilizing postback could be an ideal solution. However, passing a transaction ID through an app marketplace to a completed app install doesn’t work for the iOS App Store. When a user is directed to the App Store to download the mobile app, it is impossible to pass a transaction ID to the marketplace and onto the mobile app to verify installation. Because an iPhone or iPad app can't receive a tracking token generated by a click event in the mobile browser, the mobile app can't load a postback URL to record the conversion. Android apps are somewhat different in that Google Play allows a transaction ID to pass through the install_referrer parameter, which means Android doesn’t have the same tracking limitation. A number of device identification technologies and tracking methodologies are available to connect mobile web and mobile app advertising with mobile app installs. MobileAppTracking™ uses a proprietary device fingerprinting technology to allow advertisers to accurately track installs and conversions. There are also a number of device tracking methods available with MobileAppTracking™ for matching a series of events to the same device. Tracking Methods for Mobile Applications mobile app tracking Page 4 hasoffers

2. Device Fingerprinting

Fingerprinting technologies anonymously match a combination of attributes to a device to arrive at a high statistical probability that two events with a similar fingerprint are from the same device. For example, if someone from a specific device profile taps an ad and then a similar device profile registers and app install 90 seconds later, the probability those two events were the same device is extremely high.

A device fingerprint is generated by combining several header data points sent by the device. When a user clicks on an advertisement, a request is sent to the tracking server. The server gathers the header data points from the device and generates a unique ID for the device based on the combined data points. This unique ID is generated by the server, anonymous, and not associated with Apple's UDID or the ANDROID_ID. When an install event happens, the app notifies the tracking server, which generates a fingerprint based on header data points. If the fingerprint generated at install matches a fingerprint previously logged from any other event (such as an ad click) the server determines a match and logs a conversion. The whole process happens in about 300 milliseconds and should be transparent to the user. MobileAppTracking™ device fingerprints are currently 94% unique.

3. MAC Address

Media Access Control (MAC) addresses are unique to a hardware device and have become a common replacement for the recently deprecated UDID on iOS hardware. In some cases, MAC address-based tracking solutions encrypt or hash the MAC address in an attempt to make it anonymous. One key benefit of using MAC addresses for tracking is the similarity to UDID tracking methodologies. A MAC address can be identified across applications and mobile web, allowing for accurate tracking of install events. MAC address tracking also carries similar privacy concerns to UDID, which may cause Apple to change the conditions for access to MAC address usage and alter its availability for tracking purposes. Tracking Methods for Mobile Applications mobile app tracking Page 5 hasoffers

4. ODIN

Open Device Identifier Number (ODIN) is a tracking solution developed by the ODIN Working Group. ODIN is designed for mobile app developers to uniquely identify user devices in an interoperable manner. ODIN is anonymous in that it is unique to the device without revealing data about the originating device make, model, or other data. ODIN provides standarization with an identifier that could be used across iOS, Android, and Windows Mobile. ODIN is generated slightly differntly based on which platform it refers to. For iOS, ODIN uses the 802.11N MAC address as the identifier seed, Android uses the ANDROID_ID, while Windows Phone uses DeviceUniqueID. The identifier seed is passed through a SHA-1 hash function, with the resulting 40 character string being used as the ODIN-1 value. This identifier can then be integrated into app tracking SDKs.

5. OpenUDID

OpenUDID is a SHA-1 hash value calculated in a manner similar to Apple's own UDID value. The goal of OpenUDID is to provide a drop-in replacement for UDID which remains persistent on the device, is accessible and unique accross apps, and is backward and forward compatible with existing UDID. OpenUDID currently utilizes the PasteBin on iOS devices to allow for persistent storage across apps. One key diﬀerence between OpenUDID and UDID is that users can opt out of device tracking via OpenUDID. If OpenUDID is integrated into a tracking SDK, ad click events and app installs can both be logged with an associated OpenUDID to allow for accurate tracking of unique devices.

6. Cookie Tracking

Cookie tracking sets a first party cookie in Mobile Safari on iOS. Cookies on a mobile device are the equivalent of their counterparts in desktop browswers, though they are more limited by default mobile device security settings. A cookie results in accurate attribution of an ad click to the device. Due to the security settings in Mobile Safari, cookies cannot be shared across apps or shared between a mobile app and the mobile web. The workaround to pair an app install to an ad click is a brief redirect to Mobile Safari on application launch, which allows the cookie to be read. Cookie data is lost anytime either the brower cache or HTML5 local cache is cleared. There's also a possibility of duplicate attribution with cookies in a scenario where the user clicked two different ads prior to app install. Tracking Methods for Mobile Applications mobile app tracking Page 6 hasoffers

7. UDID (Depricated)

Apple's Unique Device Identiﬁer (UDID) was the standard mechanism for tracking installs across mobile web and mobile apps. Prior to being depricated, UDID was included as a standard call within the iOS SDK. Due to pressure around privacy concerns, Apple depreciated access to UDID in applications, resulting in apps using UDID being rejected from the App Store.

8. TRUSTed Mobile Ads

In April 2012, TRUSTe announced their TRUSTed Mobile Ads initiative, which is designed to aﬀord users the ability to opt out of tracking. While it's not a tracking mechanism itself, TRUSTed Mobile Ads is an important consideration in the mobile tracking ecosystem. Tracking SDKs which integrate TRUSTed Mobile Ads with applications will allow users control over how much of their data can be tracked.

9. Apple IFA and IFV

With the release of iOS 6, Apple rolled out two new identifiers for advertising. The Advertising Identifier (IFA) is a non-permanent, non-personal, device identifier apps can use for tracking. The Identfier for Vendor (IFV) is an identifier used to associate apps that come from the same vendor on the same device. A different IFV value is returned for apps on the same device that originate from different vendors, and for apps on different devices regardless of vendor.