Opt In, Adoption, and Tracking, Oh My! Making Sense of the Hysteria Around iOS 14.5+

As marketers everywhere continue to carefully watch the numbers around iOS 14.5 adoption and opt-in rates, it’s important to take a look at the current available information to make sense of some of the conflicting reports and general hysteria around the update’s troubled rollout, as well as provide some much-needed guidance on what you can do to face these new challenges head-on.

So let’s take a deep breath, and dive right in.

What’s the current state of the iOS 14.5 rollout and opt-in rates?

Technical issues have already forced the release of iOS 14.5.1 to address a specific issue: ATT prompts were not being shown to some non-opted out users. But it’s difficult to gauge how widespread the issue might be because Apple has not shown itself to be particularly friendly to releasing data around adoption and opt-in rates. 

Right now adoption rate is hovering at about 20%, much lower than our original prediction for a month in, when we expected to see around 50% adoption.

That means marketers are left looking to third parties to try and piece together the full story. If you Google the opt-in rate for iOS 14.5, the results overwhelmingly cite a 96% opt-out number.

That likely comes from initial reporting from Flurry that cited a 4% opt-in rate, but that reporting has been updated to 13%—still low, but nearly 3x higher than the initial rate. We expect that those figures will continue to evolve and most likely ramp up now that Apple has officially announced two new major releases: the iPhone 13 scheduled to launch some time in September and the iOS 14.6 update which rolled out last week.

While we haven’t heard too much buzz just yet on iOS 14.6 (released May 24, 2021), we expect it to play out similarly to when Apple launched its ‘Do Not Track’ feature in Safari to further limit cookies and reduce cross-site tracking. Basically, those who chose to ignore it at the time ended up in a much worse state later down the road—so the best thing to do now is to be proactive and develop strategies to adapt as privacy updates become more common.

What have we observed so far about the iOS 14.5 rollout?

The biggest marketing impact we’ve seen so far with the iOS 14.5 update is more on the performance side than on actual campaign delivery/reporting. Specifically, we’ve seen a dip in conversion rates and ROAS across the board, as well as an uptick in CPAs and CPMs/CPCs.

These performance fluctuations are most likely due to the update’s impact on reducing the size and consistency of retargeting audiences. Going forward, we recommend putting your focus on lookalikes audiences, owned data, and interest-based audiences during the transition.

Apple gets serious about enforcing its new privacy rules for iOS apps

While the full impact of iOS 14.5 is turning out more like a slow bleed than the quick death many anticipated, that doesn’t mean Apple is taking its privacy enforcement measures lightly.

In fact, they’ve already begun to reject update submissions for apps that use third-party tools to collect user data from iOS devices without consent. We believe these rejections signal the start of Apple’s stronger, stricter enforcement of ongoing privacy-protecting policies, along with their continued stance on privacy being at the forefront of the user experience.

Email is not going to take the place of IDFA

Prior to the update, approximately 70% of iPhone users were sharing their IDFA with apps. With the update, some estimates now put that number at as low as 5% for US consumers.

While marketers have been partially pinning their hopes on email as legacy identifiers get knocked off one by one, Apple’s policy remains clear: hashed IDs, including emails and phone numbers, collected elsewhere cannot be used as a replacement for app tracking on iOS devices.

This is true whether or not the hashed identifiers were collected with consent. In its developer notes on user privacy and data use, Apple explicitly states that apps need to receive a user’s permission directly through its proprietary ATT framework for any user tracking.

While it’s not a novel idea that companies need specific permission to use data for multiple purposes (it’s a notion enshrined in GDPR, for example), Apple appears to be saying that even if a company has permission to use a person’s hashed email address (or some other related hashed ID for app tracking), they will not allow it to be used for that purpose on iOS 14 unless permission is given directly through the Apple framework.

This could mean that the user will have to both provide their email to the app and give consent for using that email in a third-party manner, which will certainly reduce the scalability of cookieless solutions that rely on email. It could also leave marketers with limited access to their iPhone audience outside of Apple’s walled gardens. In fact, the ambiguity here will likely lead to a wide variety of interpretations, with some brands even choosing to utilize emails without consent due to the relatively small target on their backs.

Apple has the leg-up on any complex, sneaky workarounds

A number of apps are already attempting to circumvent ATT’s new requirements. But don’t get your hopes up: Apple has been able to successfully shut down some such efforts, including several Chinese technology companies that tried to use a system called CAID developed by the China Advertising Association and a government think tank to bypass the iOS privacy system in order to keep tracking users even when they choose not to be tracked.

Other proposed workarounds rely on a process called fingerprinting, which uses device-specific information such as the IMEI number and location to create a unique identifier, ultimately allowing advertisers to track users without their consent. But marketers beware: we believe Apple is likely to crack down (and crack down hard) if this practice becomes widespread.

In fact, the US tech giant went on record to say it won’t be granting any exceptions: “The App Store terms and guidelines apply equally to all developers around the world, including Apple. We believe strongly that users should be asked for their permission before being tracked. Apps that are found to disregard the user’s choice will be rejected.”

How can brands stay compliant while getting their data house in order?

Going forward, it’s important to look at these ongoing policies not as a threat, but as an opportunity for your brand to make the customer experience richer and more dynamic—and explore how your brand can lead the way by not just upholding data privacy but going beyond just what’s required.

Remember: marketers are no longer in control; the consumer gets to decide how, when, and where their data is used.

If you want to stay at the top of your game, that means getting your data house in order now (not later)—and refocusing your attention from complex, short-term workarounds to more impactful, far-reaching solutions.

We recommend you start by addressing two major privacy hurdles: data collection and how to use that data once you’ve got it. 

1. Be explicit and specific: Get down and dirty about how you’re collecting and sharing customer data

The current privacy landscape is becoming a lot more fragmented: while California’s CCPA is the trailblazer, other states are quickly following its lead. Virginia’s Consumer Data Protection Act was signed into law last month, and 18 states are actively considering their own bills.

However, none of this legislation is exactly the same, in terms of both the rights they grant to consumers or the obligations they place on businesses. This ongoing patchwork of state-level requirements can be tricky to navigate, so brands need to make their stance on privacy loud and clear.

Start with a comprehensive privacy policy that explicitly states how customers’ personal data is being handled. Not only are data privacy policies important for compliance with different privacy legislation, but they also help set expectations with your customers: they’ll know the types of data you’re collecting, why you’re collecting, and how they can contact you with questions or concerns.

While data compliance is not necessarily a template that can be copied and pasted from one business to the next, there are specific policies about data that every business must make very clear to their customers. Here are some key questions you should address:

Target’s privacy policy does a good job of detailing how customers’ information may be collected and used, while also noting both to whom and for what purposes the data is shared:

2. Lean into data collection as a destination, not a pit stop on the way to a transaction

While the majority of consumers today support data transparency and privacy, they also want a rich customer experience that prioritizes personalized interaction and convenience. Capturing first-party data to make that happen requires an intentional strategy that goes far beyond just the point of conversion.

The sooner you approach your customer data strategy as a long-term destination, and not just a pit stop leading to a transaction, the more resilient you’ll be to new changes going forward. Here are some of our quick tips you can lean into right now to optimize for the right audiences:

• Build community and value propositions across the customer journey: Give users a reason to provide their information and incentivize them to come back. While the focus here is on providing value to consumers with engaging content and community, the opportunity it creates is in the form of a persistent login state which will create a much more consistent picture of user journeys as in-browser storage continues to be diminished.
• Boost your presence on Facebook Shops and Instagram Shops: While not tied to data capture, in-platform commerce allows for strong signal resilience—one that will give Facebook a powerful feedback loop to optimize toward the ideal potential customers moving forward. These features make it possible for brands to list their product catalogs directly on Facebook’s most popular apps and sell goods directly to consumers on Facebook and Instagram. It’s likely we will continue to see the evolution of in-platform marketplaces in the future, so keep your eyes open for opportunities.
• Put your email list to work using Custom Audiences: With Custom Audiences, you can import your list of email subscribers into Facebook to find your existing audiences among people who are on Facebook and deliver targeted ads.
• Make privacy a pillar of your brand: From providing greater transparency for consumers to creating a data foundation designed to meet future regulations, it’s time for brands to embrace privacy as a value of their company. Shift the focus from short-term workarounds to building lasting trust and long-term brand value by advocating privacy and transparency as core principles of your brand.

Want to learn more about the wider state of data privacy in 2021? Check out our free whitepaper to explore the entire landscape of upcoming changes to your marketing data.

Disclaimer: This blog post should not be considered legal advice for your company. Instead, it provides background information to help you better understand the privacy shifts we’re seeing today. We recommend that you consult your legal teams if you’d like advice on your interpretation of this information or its accuracy.

Contributing Experts: Josh Yelle, Jason Ford, Jared Smith, Christina Weir, Brad McGuire