On January 4, 2024, Google announced its plan to turn off third-party cookies for 1% of Chrome users, as part of a gradual phase-out aiming for full removal by the end of the year. Google’s Privacy Sandbox project, first introduced in 2019, entails collaboration among industry players to allow advertising without invading user privacy. Let’s explore the measures and guidelines Google has announced so far and how we can prepare for the upcoming challenges.

What’s Changing?

Google Sandbox centers on two pillars across the web and apps on Android The most significant change on the web is the deprecation of third-party cookies. At the same time, Android is limiting tracking through advertising ID (Google Advertising ID, GAID) which was used as a user identifier, to build a safe web/ app environment.

The bottom line, however, is that the changes you’ll see in your business right now aren’t as significant as you might think. Especially, when it comes to attribution performance measurement in Airbridge. Installs via Google Play Install Referrer will still be recorded, and deep link and web UTM parameters will still be available. Based on this, the cross-platform identifier (Airbridge ID) that Airbridge uses for performance measurement is still available. 

Nevertheless, it is important to note what will be affected and how you can specifically prepare for it.

What does the deprecation of third-party cookies mean?

Cookies are small pieces of data that are stored when a user visits a website. Third-party cookies are a collection of data stored by a third-party service other than the owner of the website the user visited. The advertising industry has been able to use this information to track a single user across multiple web browsers and show a customized ad to that user. It was these third-party cookies that allowed products you searched for on the website to later pop up as channel ads on other social networks or platforms. However, privacy concerns emerged due to the collection of user behavior on websites without their consent, leading to the decision to discontinue support by 2024.

GAID deprecation on Android 

Android is also planning to cease support for the Google Advertising ID (GAID), a user identifier. Fortunately, you can still leverage Google Play Install Referrer or identifiers that MMPs like Airbridge use to measure performance. However, considering GAIDs have long been used for user tracking in Android apps and have played an important role in assessing performance, it is now time to begin exploring alternative methods for evaluating ad effectiveness. 

What Google suggests… 

Show relevant content and ads - Topics & Protected Audience API

Google plans to provide the following alternative measures in the form of APIs for the digital advertising industry, which is facing the need for new methods due to significant changes.

While unique identifiers have traditionally been used to understand user behavior and infer their interests, the Topics API helps you acquire new users through ad targeting based on their recent interest-based history within a browser or app. Among approximately 400 officially designated subjects of interest, or ‘topics’, machine learning assigns appropriate topic categories to users based on their search and visit history. If a user frequently visits travel-related websites, travel will be on the user’s list of topics. Topics are only kept for 3 weeks, after which they are deleted. Of course, categories related to personal information such as gender and race are not collected. When the publisher calls the Topics API, three topics are randomly selected and shared. Google ensures user anonymity by only sharing general interests rather than analyzing granular user behavior patterns. Beyond that, the Topics API gives users maximum control. You can see which topics have been assigned to you, delete topics you’re not interested in, or even disable the Topics API feature altogether. These features help safeguard your privacy while allowing publishers and advertisers to continue personalizing digital ads to new users.

Google also offers a Protected Audience API that allows advertisers to serve remarketing using custom audiences. To enhance user privacy, audiences will be generated and stored directly on the device or browser, eliminating the dependence on unique identifiers or third-party cookies currently in use. To delve into how Protected Audience API works, advertisers and publishers (DSPs) will predefine interest groups along with specific behaviors (like add to cart, and purchase) for their campaigns. When a user triggers the action, the Protected Audience API is called, adding that user to the custom audience. When a user visits an advertising site (SSP or the site itself) or a publisher app later, the Protected Audience API is called, and ad bidding is conducted based on the previously created audiences to serve the most relevant ads to the user. This enhances the safety of remarketing since the device or browser, rather than a third party, possesses information about the user's interests. Moreover, ad bidding is executed on the device without any external leakage.

Measure digital ads - Attribution Reporting API

Traditional Advertising IDs and third-party cookies have also played a key role in measuring ad performance. These identifiers allow you to match users who were exposed to your ads with users who generated conversions within your web/app. It gives you a bird's-eye view of the effectiveness of campaigns on various channels and the number of users they brought in. To help you with this aspect, Google offers an alternative way to measure ad performance with the Attribution Reporting API.

Here’s how the Attribution Reporting API works: When a user views or clicks on an ad within a web/app, the Attribution Reporting API stores the corresponding touchpoint event. If a conversion occurs, such as when the user installs an app or makes a purchase on the web, the conversion event is also saved. The Attribution Reporting API then associates the last touchpoints that occurred before that conversion to calculate attribution. This looks similar to the traditional last-touch attribution model, but the difference is that the process of storing touchpoints and attributing them all takes place within the user’s device or browser.

Once attribution is calculated within the device (or browser), the Attribution Reporting API provides two types of reports: Event-level reports and Summary reports. These reports are delayed and are sent with a certain percentage of noise included in the data to protect user privacy. 

1. Event-level Report

The event-level report is a report provided for ad optimization purposes by measuring performance for each conversion event. In this report, you can check ‘which conversion event occurred by which campaign in which app’ through the three pieces of information below.

• Destination - Advertiser app or mobile web address where the conversion event occurred
• Attribution Souce ID - ID with campaign information (channel and campaign information)
• Trigger Type - Types of conversion event, such as app install or purchase

2. Summary Report

Summary reports aggregate the performance of multiple ads, enabling analysis from various perspectives. Aggregation Keys, which are ad campaign and conversion-related criteria, can be defined in advance on the publisher and MMP sides.  Ad performance then can be analyzed based on that information. 

There are two main components of Summary Reports.

• Aggregation Key - Information related to Ad interaction, such as campaigns, ad groups, creatives, targeting regions, etc
• Aggregation Value - Aggregated information corresponding to conversion events, such as the number of purchases and purchase amounts

For instance, by configuring Aggregation Key items on the publisher side, such as campaign, ad group, creative, and targeting region, and on the MMP side, items corresponding to conversions like product category, device information, and app version, you can view results like 'A total of 300 purchases were made by A campaign on B app, and the total purchase amount was 5 million won. Half of the purchases were in the Seoul area.'

However, as you can see from the name of the report, you cannot receive a report for each event; instead, reports are generated after events with the same properties accumulate to a certain level. Therefore, in order to create the largest possible parameter, it is recommended to compose the Aggregation key with general items.

How to prepare for the changes ahead

We have already ceased collecting iOS advertising identifiers through Apple’s App Tracking Transparency (ATT) framework. Adapting to new changes, as we learned from that experience, is never easy but challenges can create new opportunities. In the case of Google’s Privacy Sandbox, alternative suggestions were released beforehand, and industry players are improving the project based on beta test feedback. We anticipate a more stable and smooth transition this time as we have been preparing in advance.

What should advertisers know beforehand?

If GAID support is discontinued on Android, we will see lower installs and conversions compared to before, as the identifier that links ad clicks and in-app conversions will no longer be available. However, as mentioned above, attributions matched through the Play Store Install Referrer will still be recorded. 

If your organization is building internal user data based on the current Advertising ID, the following tasks are recommended.

1. Check the unique identifier of the user data in the internal database
2. If you are identifying users by Advertising ID (GAID), check whether there is an alternative identifier that can be used e (e.g. first-party data such as email address, User ID provided by MMP)
3. Engage in discussions with publishers and MMP to explore potential alternatives.

If Chrome discontinues support for third-party cookies, sharing attribution results for subdomains may not be possible. For example, if you are using multiple subdomains and sharing attribution results from each site, this functionality will no longer be supported. (Attribution results from site a.ab180.co will not be associated with b.ab180.co)

Prepare for Google’s Privacy Sandbox with Airbridge

As an App Attribution Partner (AAP) with Google, Airbridge is currently beta testing the Attribution Reporting API with the Google Ads team. Additionally,  we are internally evaluating various features of the Privacy Sandbox.

Furthermore, we are actively working on implementing new attribution methods supported by major publishers to enhance user privacy, such as Google’s Google Click Identifier (GCLID) and gBraid, as well as Meta’s Aggregated Event Measurement (AEM)). Simultaneously, we are exploring diverse strategies to address the industry’s needs as an MMP.

Airbridge is dedicated to delivering the fastest and most personalized service to the industry in alignment with the impending changes. For any updates on Google’s Privacy Sandbox and advice on your future marketing strategy, our team of marketing experts at Airbridge is ready to assist. We are happy to provide more information on the upcoming changes and insights on how to tackle new challenges.