For years, affiliate networks have relied on cookies, user IDs, IP addresses, and emails to do their job, but as the international privacy laws started to shift, so did the global marketing landscape. Will the freshly presented iOS 15 obstruct online sales? Here’s Admitad Affiliate’s deep dive into Apple’s security updates.

1.   Less cookies

Most modern browsers (except for Chrome) have already limited access to third-party cookies for known trackers – scripts that their developers marked as tracking user activity. Moreover, WebKit browser engine, used by Safari and iOS SDK, forbade using third-party cookies altogether. The price? Lower quality of data, less accurate targeting and higher online marketing costs. The impact will be the hardest on traffic arbitrage; content creators will hardly feel a thing – unless they use targeting to acquire audiences.

Third-party cookies can be replaced with first-party ones. Currently, there are three types – installed by a known tracker (lasting 24 hours), a website owner (lasting a week) and a server (not limited by the browser). A smaller attribution window means that a small percentage of orders may be lost.

Here at Admitad Affiliate, we use a mix of redirects, first-party cookies and server data to track orders, so this hazard will not hurt our customers. Alternatively, we have the Teleport technology to avoid the need for redirects.

2.   Limited access to IDFA

For their mobile platforms, Google and Apple have already implemented special IDs – Google Advertising ID (GAID) and IDentifier For Advertisers (IDFA). Just like cookies, they collect data on user interests – to target ads properly and to track campaigns efficiency.

However, as the data protection laws started to beef up, access to user data curbed as well. Starting from iOS 13, iPhone owners were free to deny access to IDFA for any app, but this freedom was hidden deep in the settings. With iOS 14.5, developers are obliged to request access to IDFA for their app. Moreover, there are strict guidelines for developers which regulate how the IDFA requests must look.

Sources estimate that the share of users who will allow access to IDFA will range from 10% to 36%. Mobile tracking platforms – for example Appsflyer, Adjust, Branch, Kochava –  are already seeking a roundabout. Fingerprint tracking might be the solution, even though not for long. 

Here at Admitad Affiliate, we are integrated with most mobile tracking platforms, so we are not alone in this fight and eager to cooperate with mobile tracking leaders to overcome the issue.

3.    Delays by SKAdNetwork

SKAdNetwork is a mobile algorithm to track in-app actions without breaking user privacy. Apple has been developing it for a few years, but it has only come to the forefront recently – with iOS 14.5.

What does it do?

1.     Actions are sent over to trackers with a random lag (two+ days) so that the advertiser cannot match the event on their servers with the conversion to mark specific users. Advertisers will also not know which publisher delivered the action – unless the winning ad network discloses the data. Apple promises to fix this in iOS 15, making data available to both the ad network and the advertiser.

2.     Eight-byte data limit. Apple suggests that companies use numbers from 0 to 63 to send over all the possible information about specific action. This seems barely enough, for exactly the same reasons as above.

3.     CPI attribution only. As of yet, SKAdNetwork can only track installations. Moreover, there are no deferred deep links – this means there is no way to launch a specific screen after installing the app.

 All of this means longer payout time, lower campaign efficiency, and an obvious need to change your integration (so that parameters fall within the limit). We cannot stop this, but we can mitigate the effect if we adapt quickly enough – so Admitad Affiliate is already on its way to register with SkadNetwork.

4.   IP masking

There are two features that mask user IPs in iOS 15 – Private Relay and Safari ITP.

Private Relay is the iCloud+ service for more secure browsing. It replaces user IP with another one from the same region to prevent websites from tracking user journeys, targeting ads and creating user profiles. However, it cannot harm your tracking if you collect only country-level data – which here at Admitad Affiliate we most certainly do.

The second feature to mask IPs is the notorious Intelligent Tracking Protection for Safari. It does not allow JS-codes of known trackers to record user IDs at all, so the affiliate networks will lose any control over geo targeting.

Admitad Affiliate has not been marked as a known tracker yet, but we have enough solutions to bypass the ITP: regular redirects with an affiliate link (to and server integration with publishers in Admitad Teleport API.

5.   No more emails

But it’s not just IP addresses that Apple wants to conceal. The corporation has also developed a technology called Hide My Email that replaces your personal email address (say, when you log into Apple services. Other parties can only see a different, automatically generated email (say, Users can still receive emails to their personal inboxes, but targeting services have one less parameter to identify them. 

Theoretically, Hide My Email could hinder cross-device and cross-browser technologies that use email to match users with their actions. However, we believe that only a few people who worry more, and who create accounts anew each time they visit a website, will be able to take full advantage of the tool.

Sure, email is not the only parameter that cross-device tracking relies on. There is other data as well – such as hashed user IDs received from the advertiser or phone numbers. Processing both is still okay under GDPR and ePrivacy laws.

6.   More transparency for users

Finally, there is the App Privacy Report – a new section in settings where users can see all apps that collect data about their activity and what they do with it. Although it offers more freedom, it might build up customer’s anxiety and decrease chances that users grant apps access to IDFA.

This is not critical, but we cannot dodge this one – it will certainly influence most of us. For mobile marketers however, it means increasing the value of SKAdNetwork.

How bad is it?

We still have plenty of options left – both Admitad Affiliate and other marketers. 

First-party cookies will probably never go away, and server-to-server integration with advertisers is still reliable. If you are worried about regular redirects, Admitad Affiliate still has the Teleport feature to provide redirect-free tracking even under the circumstances.

Although we can observe the pressure such limitations exert on the industry, we still believe that proper regulation will lead us to a new, ethical online marketing landscape, so it is in our best interests to cooperate with software developers to work out a balanced solution. After all, it might just be advocating for business transparency that will save us all.