Setting the Stage: Attribution & Deep Linking | AppsFlyer
37Shares

Chapter 2

Setting the Stage: Attribution & Deep Linking

Let’s set the stage for this playbook by first reminding ourselves of some fundamentals regarding Attribution & Deep Linking.

What is Attribution & Why it Exists

The app stores do not provide a reliable way to pass data about a user from the time they enter the app to the time they install and open. In order to “capture” their channel and other important data about a user’s originating source, link the campaign that prompted them to download the app, you must use 3rd party vendors to attribute users. This is Attribution. The vendors who supply such technology are Attribution Providers.

A vendor SDK is able to attribute a user generally by “fingerprinting” the device on mobile web and then matching the user when they open the app. For example, when you click an AppsFlyer URL, the link is redirecting you briefly to a page that takes a snapshot of your device – IP, phone size, screen size, OS, and OS version are all universally captured by major vendors.

It is then that the vendor points you to the appropriate app store to download the app. There is no data passage through the app store – except on Android, with the Play Store Receiver. So, the vendor’s SDK inside the app is downloaded when the user installs. And when this user opens and launches the app, the SDK takes an analogous snapshot of the user and sends it to their system to “match” the user. Historically, the attribution vendor would also tie this to an IDFA on iOS and GAID on Android to persistently record the user.

Why does this even matter? There’s loads of reasons, but here are a few that should convince anyone that asks!

  1. You cannot trust the paid media channels to accurately report your data. They have an inherent conflict of interest in reporting accurate data to you.
  2. You need a single unbiased vendor to count data across sources and pipe this to the Data Aggregator.
  3. Deep linking users from your paid attribution sources drives a 31% retention to the app.
  4. Users convert at a 2.5x higher rate when they come from a deep link compared to a regular attribution link.
  5. Deep links have higher intent, which means a much higher lift in revenue. In fact, industry reports show that deep linking provides a 148% lift in average revenue per user (ARPU).

Deep Linking is an Extension of Attribution

A common misconception that exists in the market is that Attribution and Deep Linking are somehow separate ideas or technologies. This is just not true.

Deep Linking is the extension or usage of Attribution data.

Let’s go through a basic example of how it works to illuminate the tech. In the explanation previously, we talked about how a user may click a link or an ad. The attribution vendor then points the user to the appropriate app store to download the app.

When this user opens the app either after install or from the click, the attribution SDK takes an analogous snapshot of the user and sends it to their system to “match” the user. They also tie this to an IDFA on iOS and and GAID on Android to persistently record the user. Matching can be done with a variety of methods, one of which is called “Fingerprinting”. Other forms of matching include the ability to receive and match the Google Play Store Referrer, the iOS Safari View Controller Cookie, among other methods. When the user has the app, the match is deterministic in nature because the app opens immediately via deterministic flows, such as URI Schemes (my-app://), Universal Links, Android App Links, and Chrome Intents (activity registered and handled in the manifest). In these latter cases, the app is getting the link the user came from, and so a tool like AppsFlyer could append a deterministic key value pair query parameter set that could be seen in the click and immediately retrieved from the SDK upon app open.

Attribution flow in AppsFlyer: ID matching flow

Attribution flow in AppsFlyer: Fingerprinting

Attribution flow in AppsFlyer: Referrer flow

At this moment in time, then the SDK provides a callback to the app that contains the link and other association attribution metadata. Below is a sample of the AppsFlyer SDK callback provided on iOS.

{

  1. campaign: “CAMPAIGN_NAME”, // “None” if not specified on the link
  2. media_source: “MEDIA_SOURCE”, //”None” if not specified on the link
  3. cost_cents_USD : “0”,
  4. is_first_launch: true,
  5. install_time: “2018-12-30 23:59:39.330”,
  6. orig_cost: “0.0”,
  7. af_click_lookback: “7d”,
  8. click_time: “2018-12-30 23:59:09”,
  9. cost_cents_USD: “0”,
  10. af_status: “Non-organic”

}

Now, when the developer for your app gets this callback data. They can do anything they want – log a custom event, fire a message, log some activity. But most importantly, they can look at the attribution data and take the user to a particular spot in the app. This is deep linking.

Deferred Deep Linking is just the process of using data the first time the app opens after a user installs to retrieve the attribution data, parse the link or defined path and route the user to that page in the app.

Debunking Attribution Myths

In this methodology described, an attribution partner provides attribution data based on fingerprinted devices and deterministic known devices between web and app. They use IDFA and GAID to persistently record users.

First, let’s talk about deterministic and probabilistic matching. Deterministic matching is when a user can be attributed and deep linked with 100% accuracy. This is grounded in technology such as URI scheme launches, Android chrome intents, Android play store receiver callbacks, Android App Links, iOS Universal Links. In all these cases the app opens from a click and a deterministic indicator is supplied with the app open to ensure 100% accuracy. Let’s take an example:

spotify://track/123?click_id=known_user_ABCD123

In this case, when a link is clicked in a browser that supports URI scheme launches, such as Chrome on iOS, and the Android operating platform, the app will be launched from a redirect through an attribution link. What’s happening is that the attribution link redirecting the user from the browser to the app with javascript (think… window.location.href…). This means the app will launch and an identifier for the upstream click can be supplied to the app. The SDK inside the app can parse this value and match the user instantly with 100% accuracy. This same system and methodology works for the technologies above, like Android App Links and Apple Universal Links. This is deterministic matching and it’s 100% accurate.

Probabilistic matching is the type of matching that has been discussed previously where a user’s browser profile is fingerprinted from a click. After the user installs and opens the app the SDK will match an analogous fingerprint and receive a callback from the server indicating the source of attribution. Since fingerprints can sometimes overlap, this is considered probabilistic, because the attribution vendor is matching based on a set of highly predictable but sometimes conflicting parameters such as IP, Phone Size, Screen Size, OS, OS version.

As unlikely as it seems, fingerprinting is probabilistic because you could have a user using an iPhone on the same IP as another user, clicking on similar links. While the chances of an exact probabilistic mismatch are low, it still occurs in the real world and the reason why technical experts leveraging deep linking for UX flows that might contain highly personal information need to be well informed about the differences between attribution methodologies.

Now that we have discussed these two different types of matching, let’s talk about the issue at stake. Sometimes vendors will claim to have a “higher match rate”. Or, some vendors will discuss “people-based attribution methods” that claim they are able to better attribute users across channels. There is some amount of truth to this, but it’s important to unpack the assumptions and understand why and how.

First, higher match rates are a function of how many devices and people have been fingerprinted. This in turn is a proxy of:

#1 The types of companies that use the attribution technology.

#2 How they use that technology.

#3 How anonymous attribution data is shared and leveraged.

For example, AppsFlyer has more than 85,000 apps using the AppsFlyer SDK – the most of any attribution player in the space. More importantly, however, is that AppsFlyer has brands with massive global reach using their SDK to create structured links across a variety of channels. Walmart, Alibaba, eBay, epic games (Fortnite), Microsoft (Minecraft), booking.com, Coca-Cola, Waze, HBO are going to have more reach in terms of people being fingerprinted than smaller brands.

The second criteria for measuring accuracy is by far the most important. Companies misconstrue terms like “people-based attribution is more efficient.” What they really mean is that if you can capture a user from multiple touchpoints – across web and app – then your ability to match and attribute that user will inherently be better. If you use attribution links across paid media, email, smart banner, referral, then you will inherently be recording people better across more touchpoints and therefore your ability to properly attribute them will be better!

And third, how a company chooses to share or not share user data is important. In 2018 we watched as GDPR became the new standard in Europe for controlling user marketing data. In the US, Facebook, Google and others had embarrassing testimonials before Congress as legislators and individuals became outraged at the way in which their private data was being used for nefarious purposes. AppsFlyer, and most trustworthy Attribution providers do not share IDFA and GAIDs to other companies. Instead, they create an anonymous pool of matched Web Cookies and IDFA/GAIDs. They leverage this data set internally to match users across all their apps – without sharing this data explicitly with companies. This sets limitations in how matching works and how efficient it can be. Not all companies follow these implicit rules and respect user privacy laws. That’s why choosing an Attribution provider that is part of OpenGDPR is more important in 2019 than ever before.

AppsFlyer security approach

In conclusion… Don’t believe the hype that some vendors have “cracked the secret sauce”. When folks say that “legacy attributions systems can’t connect the dots”, this is largely sales and marketing jujitsu, and is not grounded in real technology.

All good Attribution providers use deterministic web cookie and device ID pairs (IDFA or GAID) to match users and their touchpoints. What matters more is the reach of the attribution providers pool, as well as how you, as an individual choose to leverage or not leverage deep links.

About the Authors