Memo: Trojan Ad Data

It is “moves and counter-moves” as social media platforms continue to find work arounds to improve their advertising products. In the battle of privacy enforcement and consumer data collection, analyst Felix Krause recently wrote on how Meta and TikTok have used in-app browsers to collect key data points that are against the spirit of Apple’s recent iOS privacy practices (ATT).

This past Monday, we detailed Apple’s advertising strategy, which encompasses building a walled garden to benefit its burgeoning advertising business over that of the social media companies that were once the disruptors. This, while framing the narrative surrounding the changes to iOS as privacy-first. Now, in part four of this series, we’ll look at the ways social media platforms are responding to Apple’s crackdowns on data tracking. It’s a development that demonstrates just how little this has to do with consumer privacy. At the center of this back and forth is control, power and who gets to decide what companies get full access to our internet behavior.

A series of reports from August help share a more complete picture of what’s going on in the proxy battle between advertising and privacy. First, Apple’s plans to build its annual ad revenue from $4 billion to the double-digit billions were reported. The company’s ads have a planned expansion into new Apple-owned digital real estate, appearing native apps outside of the app store (whose ad formats will also grow) in places like the Books, Podcasts, News and even the Maps apps.

Yes, Apple is growing its ad business while stifling the performance of competitors including Google and Meta. There is not one without the other. Performance marketers have reported seeing returns on Meta’s network of ads with diminished returns. As for performance insights, ad targeting and tracking are much less informed than they were before iOS 14 and it’s costing Meta dearly: the company said Apple’s privacy initiatives are costing it $10 billion per year. Apple’s App Tracking Transparency (ATT) feature, introduced last year, lets users easily opt out of an app tracing their data from around the internet. And Apple’s expansion of Privacy Relay are due to further impair email and other third-party tracking techniques. Of course, Apple is exempt from this privacy restriction because Apple supplies its advertisers with first-party data, a benefit that Amazon shares. In “A is For Ads,” we explained:

It’s part of a bigger strategic shift for Apple to rely less on hardware sales and see more revenue coming from existing users in the form of ads and other subscriptions and features. It’s also likely to trigger responsive features from companies like Google that are building out their own privacy features. There’s more to come, and this development is only the latest.

As predicted, other companies have been quick to make adjustments. For now, Meta’s most effective workaround has been via a loophole first reported by Krause. Instagram, which has been building up its own shopping capabilities and lets users swipe up on ads to shop from inside the app, can track user data when they’re using the in-app browser by injecting code into URLs that tracks your searches by recording your keyboard inputs, a practice called keylogging. This workaround skirts Apple’s own ATT feature, as well Safari’s third-party cookie security.

Instagram’s ability to track user data when users are on the in-app browser is nothing short of genius. With full control over its in-app browser, Instagram was able to add JavaScript that connects the browser activity to the host app. Technically, Instagram is still tracking within its own walled garden, even as users are browsing other companies’ sites – typically brands and media sites that add links to Instagram Stories or in their bios. It’s a crack in the wall that lets external data back in. It also undermines Apple’s promise to grant user privacy.

It’s not just Instagram. TikTok has found the in-app browser loophole as well, Krause reported in a follow up to his original post. And TikTok, unlike Instagram and Facebook, doesn’t give users the option to divert to a different browser when opening links. TikTok also digs further into consumer data, writes Krause, who lays out the information TikTok’s keylogging can see, or “subscribes to,” here:

TikTok iOS subscribes to every keystroke (text inputs) happening on third party websites rendered inside the TikTok app. This can include passwords, credit card information and other sensitive user data. (keypress and keydown). We can’t know what TikTok uses the subscription for, but from a technical perspective, this is the equivalent of installing a keylogger on third party websites. TikTok iOS subscribes to every tap on any button, link, image or other component on websites rendered inside the TikTok app. TikTok iOS uses a JavaScript function to get details about the element that the user clicked on.

When approached by Forbes magazine, TikTok confirmed that these features exist in the code, but said nothing is being done with them. This workaround appears more critical when you factor in the security issues surrounding TikTok for years. Born from China’s ByteDance, reports have popped up repeatedly claiming that ByteDance employees have mined TikTok for data on US users. The FTC has been called on to investigate the app, and a “cyber advisory” was issued by the House of Representatives in mid-August. It might be hand-wringing. But Apple should be the monitoring force standing between TikTok and its data leaks, and it’s not.

Has Apple’s rally for privacy backfired by submitting users to even riskier data tracking sites that they can’t opt out of and likely don’t know about? In a way, it backs up the argument that Apple’s updates weren’t about privacy to begin with – it is shaping up to seem like a benefit that Apple could sell to users. For it to be a convincing sell, Apple needs to plug security flaws like the in-app keylogging that the social media giants have employed. It’s not just keylogging: a recent WIRED report found that Apple iOS doesn’t fully route traffic through VPNs, opening users who think they’re protected to potential security threats. The report argues that Apple has known about this VPN flaw for years. This privacy issue undermines Apple’s insistence that that’s what all the changes have been about.

It’s unclear now what recourse Apple can take against in-app browsers tracking user data. But for now, brands are still struggling to find the same magic that Meta provided through Facebook and Instagram for over a decade. In May 2021, 2PM explained:

Apple’s intentions appear straightforward at first glance. The company wanted to improve the privacy of its end users. This virtuous effort came with a few additional outcomes. By upgrading its privacy practices, Apple will impair large ad networks that have grown with the help of those end users. This could potentially cripple Facebook’s current model with its new privacy demands.

Whether it’s TikTok, Instagram, or Snapchat housing the data, it leaves brands without the same analytical power that they once required. The most logical assessment is that Apple will continue to subvert its competitors as it grows its advertising business to surpass these platforms and maybe even Amazon. The best possible outcome is that Apple joins Amazon as the new generation of performance marketing platforms. It’s clear that its privacy-first policies do not stand on their own merit. It’s all about the advertising revenue, and Apple is its own Trojan horse.

By Web Smith | Edited by Hilary Milnes with art by Alex Remy and Christina Williams 

Memo: Linear Commerce and Content Fortresses

Apple’s intentions appear straightforward at first glance. The company wanted to improve the privacy of its end users. This virtuous effort came with a few additional outcomes.

By upgrading its privacy practices, Apple will impair large ad networks that have grown with the help of those end users. This could potentially cripple Facebook’s current model with its new privacy demands. Apple has also opened the door to an unintentional adjustment to its privacy mandate. In doing so, the Mark Zuckerberg-led advertising company (and social network) will adopt a new way to accomplish its most critical objectives: revenue growth and user utility. Facebook will become an eCommerce company instead.

The idea for the law of linear commerce was envisioned as a relationship between brands selling physical products and digital media. The first paragraph of the very first member brief read:

Linear commerce is a core tenet of 2PM’s understanding of an evolving commerce ecosystem. It is the prioritization of audience. Product manufacturers often outsource demand generation. Brands that are ahead of the curve emphasize their audience’s growth as much as they do their physical product’s manufacturing. Likewise, digital media publishers that follow these principles will prioritize organic and loyal audience growth over SEO or PPC-driven commodity clicks. [2PM, 1]

If you’ve built a great product, you’ll need a captive audience as a market for the goods. And if you’ve built a captive audience, you’ll need a great product to sell them. This can now be applied to software-driven audiences and the first-party products that monetize them. Mobile apps have, until now, been able to rely on valuable data derived from a tracking system called “Identifiers for Advertisers” or IFDA. As of the recent release of Apple’s iOS 14.5, this data source has been shut off.

Apple forced the advertising industry’s hand with its decision to implement new privacy policies. At the June 2020 WWDC event, Apple announced a new way that the mobile ecosystem’s IFDA would be accessible for advertisers. In the simplest terms, users would need to explicitly opt-in to allow an advertiser access to the IFDA, a $189 billion international industry. The App Tracking Transparency (ATT) framework is a detriment to advertisers who were dependent on this market for iOS customer acquisition.

Flurry Analytics, a Verizon Media company, tracks over 1 million mobile applications, aggregating data and insights from 2 billion mobile devices monthly. According to this data, worldwide opt-in rates are hovering around 11% for iOS 14.5 users. Shockingly, that number degrades further in the United States. It hovers around 4%.

Content Fortresses and “Other”

First-party data is the substance that fills the distillation column of today, retail media networks process that oil-like first-party data into key assets. In this analogy, crude oil is content. As I recently wrote on the reimagining of content’s value, it is now the core of all first-party data strategies. I explained:

First-party data will define the next wave of advertising and sales. American businesses are now in a race: They’ll build, acquire, or market to the audiences that have it. The independent media industry is quick to discuss outcomes but rarely do we dissect the early steps. As more pursue first-party data, audience development will become one of the most coveted skills on the market.

To acquire targeted customers, first-party audiences are replacing third-party collections. An early indicator of things to come: Over the past six months, two major newsletters were acquired by much larger companies. [2PM, 4]

Apple’s decision accelerated the adoption of linear commerce (media meets commerce) by years. Look no further than Facebook’s strategy to rely less on Apple’s ecosystem. With the iOS 14.5 update, Facebook’s ability to track view through conversions has been impaired.

That’s where these eCommerce products come in. If Facebook can sell more products through its own apps, it’s not so dependent on cross-site user tracking. [2]

While Facebook will emerge as an eCommerce company, they aren’t necessarily in it to compete with Amazon. They are likely to make a relatively small margin on the sale of goods. But the advertising of those products will move brand marketers to continue investing in running ads for their goods across Facebook-owned apps, including Instagram and its native shop.

When you make a sale, we deduct a fee from your payout automatically. We call this a selling fee. The selling fee is 5% per shipment, or a flat fee of $0.40 for shipments of $8.00 or less. You keep the rest of your earnings. [3]

When the intended target is reached, Facebook’s efficacy as an advertiser can be tracked no differently than it was before IFDA was impacted by the 14.5 upgrade. Facebook CFO David Wehner shared his optimism with analysts: “The impact on our own business, we think, will be manageable.” Facebook has long held a valuable audience and a recent commitment to native commerce; Apple’s privacy push has steered the Menlo Park company to prioritize its walled garden, a page taken from Amazon’s growth as a walled-garden advertiser.

Ad sales, which the company breaks out as “other,” rose 77% year-over-year to $6.9 billion, Amazon said in its Q1 earnings call on Thursday.

Amazon now encompasses 10.3% of the digital advertising market (up from 7.9%) in the United States with a projected 13% market share by 2023. Amazon’s walled-garden approach ranks them third in an advertising market that is currently dominated by Google and Facebook (one that Apple wants a piece of). Facebook’s walled garden approach is intended to help them climb to the No. 1 position. They are better positioned than Google in this respect.

The phrase “content fortress” was coined by Eric Benjamin Seufert, an analyst at Mobile Dev Memo. The walled-garden approach is indicative of a larger trend to acquire and monetize first-party data.

In early February, Applovin, the mobile ad network, acquired Adjust, a mobile attribution company. Beyond financial engineering (given that Applovin is approaching an IPO), there’s no strategic justification for this acquisition other than that Applovin is building a self-sufficient advertising ecosystem to connect its first-party properties. [5]

First-party data was well on its way to becoming the key asset for advertisers; Apple’s decision further moved advertisers to prioritize its collection, refinement, and monetization. Apple will eventually eliminate data sharing across vendors, a long-time complaint of many of its users. In doing so, walled gardens will take the place of the open web funded by this data practice. Media companies and commerce companies will become indistinguishable, in many ways. The law of linear commerce is no longer just about brands and their content strategies or publishers and their eCommerce development.

Facebook is an advertiser using commerce to sell more first-party ads. Amazon is an eCommerce retailer using first-party advertising to sell more goods. Apple may help the two companies accomplish both, all while bolstering its own privacy practices, which were a solution to an expiring era of advertising.

By Web Smith | Editor: Hilary Milnes

Member Brief: Clubhouse Commerce

The true measure of retail’s direction is the attention focused on the technologies that provide the most serendipity. Physical retail will always have its place and online retail will likely never be the majority of all sales velocity. But consider this question:

If you were starting a brand right now, where would you go for serendipity?

This member brief is designed exclusively for Executive Members, to make membership easy, you can click below and gain access to hundreds of reports, our DTC Power List, and other tools to help you make high level decisions.

Join Here