Mobile Device Ad Tracking

finjanmobileBlog, Mobile Security

Mobile Device Ad Tracking

In a lofty-sounding process known as state management, administrators of web sites and search engines can optimize the online experience on your desktop or laptop computer’s browser through the use of cookies, which are little text files stored in your browser caches recording your user IDs, passwords, personalized themes, and other preferences.

It’s achieved simply enough. But for mobile devices cookies don’t work that well, so content providers, publishers, and advertising networks turn to other means – which is where ad tracking comes in.

What is Mobile Device Ad Tracking?

Retailers and service providers make most of their money through repeat business. That means inducing the same people to buy products or services from the same companies, time and again. One of the best ways of ensuring this is to create an ongoing dialog with the customer, which starts with their first contract or purchase, and is maintained via special offers, loyalty schemes, and the customer’s response to ads pushing goods or services related to what they’ve bought before.

Keeping this promotional stream flowing requires companies to keep tabs on their existing and potential buyers – a process achieved in the digital realm through the placement and monitoring of certain markers that track customer activity and behavior across various web sites, applications, and platforms.

Device-specific Identifiers

It’s not uncommon today for one person to own and operate several devices for browsing the internet and engaging in online commerce – be they cell phones, laptops, or tablets. So how do the sellers know that it’s you, as you move from site to site, and device to device?

Manufacturers and platform providers have solved this problem to some extent by associating client or device-specific identifiers (like serial numbers) to each smartphone or tablet they sell, or to each instance where their client software is installed and run.

This started with Apple’s UDID (unique device identifier), which gave way to that company’s ID For Advertisers (IDFA or IFA) – an evolution on the previous system brought about by demands for a more privacy-aware solution that could provide a device-level identifier for marketers to target ads with, while allowing users an option to not participate in the scheme. Google’s Advertising ID (Google AID or AAID) for Android and the Windows Advertising ID (Windows AID) for Windows Phone are similar arrangements.

Though opting out is a choice presented to mobile users, there remain issues about privacy in all cases, rooted in concerns over any static fingerprinting that can uniquely identify a user’s device.

Mobile Device Ad Tracking – Settings and Installations

An alternative to device identifiers, this method of ad tracking follows user-specific traits revealed in a mobile device owner’s individual settings for time zones, fonts, and other UI (user interface) parameters, together with the apps and plugins installed on their device. The more customizations you set for your device, the easier it is to uniquely identify you.

Privacy is also an issue here, as this kind of tracking can easily identify a user across the apps on a single device. But extending this approach to cover several devices or platforms is not quite so straightforward.

Digital Fingerprint Algorithms

To extend the reach of ad tracking across the divide between operating systems and devices, several companies are now selling digital fingerprinting solutions to advertising networks and marketing enterprises. These systems use mathematical algorithms with accuracies ranging from 60% to over 85% – with improvements on these figures expected imminently.

Each vendor has its own formula, but the algorithms generally combine data streams from device identifiers, the various WiFi and cellular networks you use to reach the internet, language settings, time zones, your frequently visited sites, and numerous other factors. This information is collated to reveal a pattern of usage across different devices and platforms.

The privacy concern here is even greater than that for device IDs and settings-based tracking methods.

Click-generated IDs

As their name suggests, these ad tracking techniques generate a unique identifier (number or code) each time you click on a button or banner to perform a desired action – like installing an app, or making an in-app purchase. Tracking software is then able to associate your action with the specific ad, message, or banner that prompted it – and send a “callback” or “post back” to the publisher of that particular promotion.

First-party Ad-serving

For advertisers, Apple has long presented something of a hitch, as far as tracking is concerned. The elephant in the room is the Safari browser, which places a blanket ban on serving third-party cookies from web sites (Chrome, Firefox and Internet Explorer don’t have this problem). With Safari enjoying around 36% of the global market share for browsers, its exemption from the simplest tracking methods represents a real loss in revenue for the ad networks.

Their way around this is via first-party ad-serving, whereby promotional materials may be served directly from an advertisers own domain – together with their associated cookies or per-click identifiers. There are even proprietary vendors who offer this as a service.

Cross-device Strategies

With the proliferation of users accessing the internet from several touch points (phone, tablet, laptop – all owned by one user), advertisers have intensified their efforts to perfect tracking algorithms that can span multiple device types and operating platforms.

So-called “probabilistic matching” techniques and algorithms can involve the study of millions of web users in a bid to differentiate between who’s who. Other players in this field scour the billions of ad requests and real-time exchanges occurring on the internet for IP addresses, user device IDs, browser settings, and other identifiers.

Opting Out Options

If you’d rather not be tracked, there are some counter-measures that you can employ beyond the official “opt-out” clause which may or may not be featured prominently in the Terms & Conditions of the web site or service you’re using.

Whenever you log in to Facebook or Google (or any third-party app which uses their services to validate its own operations) you leave a trail that can be used to identify your device. So diligently signing out of these accounts each time you finish using them is one option to avoid this.

If you subscribe to a lot of services, using a selection of different email addresses to sign up can help confuse your trail. Alternatively, you can use dedicated masking software, or a VPN (Virtual Private Network)/data management app which can block certain other applications from using your data connection whenever you’re online – which they’ll often do to push advertising to you directly, or to feed information back to an ad network that will serve you with promotions later.

There’s also an industry initiative known as AdChoices which allows users to opt out of internet tracking, altogether.

Share this Post