Yes, Advertisers Can Track iOS Sales

There has been a great deal of hyperventilation in the industry about tracking performance from the iPad, iPhone, etc. One paid search software provider has given at least one misleading conference talk (SMX West) and written a misinformed blog post on the topic and unfortunately people assume they know whereof they speak. One of the bigger outlets to pick up the story, Techcrunch, ran with the headline Mobile Ad-Tracking Systems Are “Blind” To 80 Percent Of Apple iOS Devices. Let's try to clear up this confusion. The fact is that the default behavior of iOS devices is to block third party tracking cookies. This is a BIG problem for tracking platforms that rely on JavaScript, including some web analytics platforms and many off-the-rack bid management systems. But this company oddly points the finger at redirect based platforms (like RKG's -- though we can do either, actually), claiming that redirectors set third-party cookies which are usually blocked by iOS and Safari. This puzzled us, as the whole point of redirecting traffic through our server is the ability to set a first party cookie in the tenth of a second the browser is there. We've published tons of research on conversion rates by device showing iOS devices convert better than others which suggested to us that the iOS/Safari default setting wasn't an issue. We tested this to see, and we were right. While it's is true our redirector is a third party at the time of check out and confirmation page visit, it is making a "read cookie" request, not a "set cookie" request, and no browser's default security setting blocks read requests. We were surprised that a technology company would make such a glaring mistake so publicly and present data with it, to boot. So we did some more digging. Our VP of IT, John NoLastNameBecauseTheyWillTryToStealHim, remembered that there is one other important detail that may have confused them and muddled their data: the redirecting server must be P3P compliant and include a Compact Privacy Statement with their first party cookie set request. Our server, and probably every other redirect-based system is P3P compliant. We don't know for sure, but we noticed that the main domain for the wrong-headed platform provider does not seem to offer a Compact Privacy Statement, so maybe the domain server for their test redirector didn't either? It is ironic that in trying to cast aspersions on other technology platforms, this company a) got it completely wrong; and b) published white-papers, gave talks and wrote blog posts on the subject! Now, there are other ways to avoid setting a third party cookie besides a smart redirect, like setting flash cookies (of course, iOS doesn't support Flash so that doesn't fix this problem), or requiring the advertiser to use sessions and essentially pass the appropriate tracking info back to the platform. Neither is as simple and tight as a well-designed redirector system. One could also ask the advertiser to carve over a piece of their domain, eg www.trackingplatform.advertisersdomain.com so that the system is setting and reading as the first party, but that gives the tracking platform access to all the cookies set by the advertiser, which strikes us as a lot to ask. There are plenty of issues relating to cross-device tracking, etc that neither we nor anyone else has solved, and it is certainly true that your web analytics system may be missing a big chunk of iOS sales, but if you're using a smart redirector system you're seeing clearly. Hope this helps set the record straight. John WhoseLastNameIWontMention will do a follow up post on the intricacies of tracking cookies tomorrow.
Join the Discussion