Is Apple concerned with fraud detection in iOS14 or not? Put in another way, are they aware of significant ad fraud blindspots in the upcoming iOS and planned discouragement of IDFA?

I started to think about the issue because an adtech noob friend asked me an interesting question recently: what is the difference between what Apple said about iOS14 and fraud detection in “User Privacy and Data Use” vs. what Ari Paparo said in an AdExchanger article “IDFA Apocalypse: What We Know (And Don’t)”? I assume others might be curious as well.

In User Privacy and Data Use, Apple states that “You may track users without obtaining user permission through the AppTrackingTransparency framework if… the data broker with whom you share data uses the data solely for fraud detection, fraud prevention, or security purposes, and solely on your behalf.”

But in an AdExchanger article “IDFA Apocalypse: What We Know (And Don’t),” Ari Paparo asks “How can fraud detection work with this little data to track down fake installs?”

Which one is correct, my noob friend asked. Didn’t Apple just say that fraud detection gets an IDFA pass?

Apple does allow the use of a different ID, Identifier for Vendors (IDV) to be used for fraud prevention, and that’s useful if you have someone trying to defraud the app itself or hack the corporate servers for the game manufacturer. But it’s not at all useful for stopping app install fraud, which is still common. It’s common enough to be an open secret in AdTech that many, if not most of the IDFAs coming through the bid-stream are not real; they are single occurrence IDs that we never see again. We also know that there are more downloads than there are devices per region to be real or healthy.

Why might this happen?

Publishers who generate more ad space get more ad revenue, and publishers who get click-throughs drive even more, yet again, publishers that actually drive installs get the most (because demand is higher for their property over time). So some cheat the algorithm and set up iOS emulators with constantly rotating IDFAs to play their games and click every ad to boost their revenue. When that brings the app install page, they download and launch the game, then shut it down and go back to what they were doing. It’s part of the reason that companies like Zynga and Machine Zone use in-app purchase as their key metric, not installation numbers. 

We all know this is happening and try to fight it to an extent, but mostly we just price it into the cost of our bidding. My concern is that without transparency, the industry may see a significant increase in ad fraud precisely because SKAdNetwork is the new de facto standard measurement, and doesn’t allow user level attribution. If we can’t tell the exact user who installed, how can we know if they are a real user? The only way would be if Apple told us in the SKAdNetwork data feed. In theory, they could query their data and verify the install against an internal list of real iOS identifiers, but I’ve not seen anything about that in their public facing documentation.

So, yes, fraud as one might generally think about it gets a pass using IDV, but IDFA will still require consent to acquire, and therefore is not going to be able to be used to prevent ad fraud—a place where IDV is generally valueless.

It’s something for all parties (well, especially Apple) to consider.