SKAN and Android Privacy Sandbox: what are they and why do they exist?

14 September

Meet the challenges of SKAN and Android Privacy Sandbox

First of all, we should start with the simplest thing: what we mean when we say Android Privacy Sandbox and SKAN, also known as SKAdNetwork.

Both Android Privacy Sandbox and SKAN are APIs (Application Programming Interfaces) that help ad networks and advertisers measure the effectiveness of their advertising actions (by counting impressions, clicks, installs, etc.), but whose focus is on user privacy.

These APIs are the way in which iOS and Android allow advertisers to obtain certain information regarding the impact of their communication in digital channels.

For every marketer, measuring the impact of their strategies is critical, and the world of

app advertising

is no stranger to this. The problem is when advertisers begin to have too much information about user behavior, which has led the industry to evolve towards more privacy-oriented solutions without taking away the possibility of measuring and adjudicating the results of these communication strategies.

What does this mean?

That with SKAN or Android Privacy Sandbox advertising service providers cannot access individual user data, resulting in increased privacy.

The big change that these new protocols bring to the marketing ecosystem is that a unique user identifier, also known as IDFA, is no longer used and, in order to track, other methods have been designed.

And what is the difference between SKAN and Sandbox?

The truth is that there are more similarities than differences. Both interfaces seek to provide information to advertisers without exposing the privacy of users, only that one of them does it for iOS and the other for Android.

SKAN was launched in 2018 by Apple to enable iOS advertisers to measure and optimize campaigns, without revealing any specific data about users, or their devices. A couple of years later, in 2020, Android followed in its footsteps and launched Sandbox, with the purpose of creating a secure and isolated environment that this operating system provides for running applications, which limits access to system resources and data and prevents interference with other applications.

Ultimately, both seek to safeguard the security and privacy protection of their users.

How do you track these APIs?

Before explaining how user actions and conversions are measured, it would be necessary to explain which players are involved.

First, there is the user, who is the target of an advertising campaign. Of course, the flip side of the target user is the advertiser application that wants to encourage an action, be it a download, an in-app purchase, etc. In addition to this, there are two other players in the medium, the ad network (or advertising network), which is where the ad is shown, and the MMP (Mobile Measurement Partner), which is responsible for measuring and attributing conversions and views to each ad network.

• An advertiser could be Boomit – Growth Marketing
• An MMP could be Singular or Appsflyer.
• An ad network could be TikTok Ads, for example.

What APIs do is record events, which can be the viewing of an ad for more than three seconds, the complete viewing of an ad (if it is a video) and other interactions such as visiting the app store and downloading an app. This information is sent from the ad network to the MMP and records what is happening between the ads and the users.

SKAN and Sandbox step by step

There are a number of milestones that have to happen for a download to be attributed, which is, in most cases, the goal of an app advertising campaign. Let’s review one by one the actions that lead to achieving this goal.

Both SKAN and Sandbox APIs (in their default settings and to simplify this reading) attribute app downloads made by the audience that was impacted by the ads for a period of 30 days, which is known as the attribution window.

Once the conversion is achieved, the API notifies the ad network of the conversion, known as postback. The point is that, since the emergence of these interfaces focused on protecting user privacy, no personal or device information is provided. This makes it much more complex to track that user over time and, therefore, makes per-user cost calculations more complex ,
LTV
RoAS, among others.

What challenges do these APIs bring to performance marketing

Although user privacy is an extremely important factor to take into account, the truth is that this type of interface hinders, or at least complicates, the work of marketers.

Additionally, privacy can be seen as a benefit for the end user, but it is also important to understand that the marketer’s job is to design relevant communication strategies for users, i.e. that what they see at the advertising level is of interest to them and provides them with value.

These new obstacles will be a major challenge in terms of achieving relevant communication strategies for the target audience.

How do these APIs affect us?

• Difficulty in measuring RoAS and LTV – These APIs are useful for measuring immediate actions, such as an installation, but not so useful for measuring conversion or average ticket values over the long term, due to the time constraints they set.

• Fraud risk – Information can be easily manipulated, which increases the possibility of advertising fraud.
• Difficulty in re-engagement actions – Not having a lot of information about the user, nor his device, the re-engagement task ends up being much more difficult.

What we are doing at Boomit to meet these challenges

To solve these new difficulties that data privacy brings us, at Boomit, we are developing practices that allow us to measure more accurately the impact of the digital strategies we develop.

This work is mainly carried out along three different lines:

• Incrementality analysis

This type of analysis is based on isolating certain variables and generating the changes in the strategies in such a way as to be able to attribute the changes with a high degree of certainty.

Taking this to a simple example, if we had an app that had not been developing a paid media strategy for a year and, when the strategy begins, subscriptions double, then we can have an indication that the growth is due to these new actions.

• Correlation analysis

This type of analysis consists of applying mathematical models of correlation between non-attributable traffic (generally assigned as organic) and attributed traffic to understand the behavioral patterns of both components.

Again, to take this to a simple example, if we see that the organic traffic component behaves exactly the same as the variations in advertising investments over a statistically valid period of time, we can calculate the portion of unattributable traffic that corresponds to the paid media strategy.

• Dynamic cost allocation

This type of calculation consists of designing customized equations for each digital product or project we are working on.

Depending on the behavioral history, the correlation between organic and paid average, and incrementality studies, we can design a behavioral equation that calculates the actual RoAS considering these new challenging scenarios in data privacy brought by SKAN and Android Privacy Sandbox.