2015 Edition: A Marketer’s Guide To Cross-Device Identity


As the cookie weakens, brands and agencies are looking for an alternative. Cross-device seems to be the answer – but questions remain. AdExchanger examines the state-of-play around cross-device IDs.

Consumers are media multitaskers – and cookies are not.

As users migrate to mobile at record speeds – according to comScore, apps already account for more than 50% of time spent on digital media – advertisers and publishers are starting to recognize the promise, and the many challenges, associated with cross-device targeting.

Cross-device technology as a subset of the overall ad tech industry only became truly relevant when smartphone and tablet adoption hit their stride around 2010 and 2011. It became clear that the ability to match users across their various devices would provide brands with an unprecedented targeting and data-collection opportunity.

Until relatively recently, cross-device identification primarily meant linking desktop computers, tablets and smartphones. With the advent, still nascent, of connected TVs, wearables and the Internet of Things, the concept of cross-device is expanding to potentially include anything that gives off a signal.

Some vendors paint an encouraging picture, touting the many potential upsides of their cross-device analytics solutions, including the ability to extend desktop segments to mobile, improve measurement and attribution and roll out sequential messaging across multiple screens depending on a user’s particular journey.

But it’s still early days, and there are plenty of barriers.

As former BlueKai CEO Omar Tawakol, now group VP and general manager of Oracle Data Cloud, noted in a recent interview with eMarketer, “Cross-linking everything across screens and devices is the biggest and most important trend this year. Marketers have these first-party data assets: data tied to email, data tied to a physical address, data tied to cookies – and they’re all massively disconnected.”

Can cookies cut it on mobile?

Data is the fuel that makes digital advertising go and cookies are its dominant tracking vehicle. The advertising industry has leaned heavily on cookies ever since they hit the web in the mid-90s.

Basic retargeting is what most consumers think of when they hear the term “cookie,” but ad networks, ad exchanges, demand-side platforms and sell-side platforms continue to depend on cookies to serve the targeted ads that form the cornerstone of their businesses.

Arguably a flawed mechanism on desktop, cookies are positively crippled when it comes to mobile.

Although cookies do exist on mobile – it’s a widely held misconception that they don’t – the fact is that they’re both unreliable in the mobile web browser environment and all but neutered on the app front. The problem with cookies on the mobile web is that they reset every time users close their browser. The problem with in-app cookies is that they can’t be shared between apps, rendering them essentially useless.

That’s why two other tracking methods, probabilistic matching and logged-in user data, have become the cross-device coins of the realm.

probabilisticWhat’s the difference between deterministic and probabilistic matching?

There are two ways to establish user identity across devices, one far more exact – and therefore potentially more problematic from a privacy perspective – than the other.

The deterministic method relies on personally identifiable information (PII) to make device matches when a person uses the same email address to log into an app and a website, thereby creating cross-device linkage. As long as a user is logged in across devices, advertisers and publishers can use this unique identifier to target those users on multiple screens with near-perfect precision.

This tactic requires scale in order to be effective, which means it’s mostly reserved for giants like Facebook, Twitter, Google and Apple, all of which have enormous user bases and maintain mobile and desktop properties that require logins, although somewhat less gargantuan companies like eBay and Verizon could and do also take advantage. [More on Verizon and its controversial attempts at cross-device tracking and targeting below.]

Probabilistic cross-device matching is achieved by algorithmically analyzing thousands of different anonymous data points – device type, operating system, location data associated with bid requests, time of day and a host of others – to create statistical, aka likely, matches between devices. For example, if a phone, a tablet and a laptop connect to the same networks or Wi-Fi hotspots in the same places every weekday, it’s safe to surmise that all three devices belong to a specific commuter.

But it’s not an exact science, although some vendors, such as Drawbridge and Tapad, say they can match devices with 70% to about 91% accuracy.

But there are strong differences even between the probabilistic ID vendors. While Drawbridge doesn’t use deterministic (i.e., login) data in its reckonings, thereby mostly skirting the privacy issue, Tapad leverages a small core of deterministic data that it accesses via direct partnerships with companies that have access to explicitly connected devices. Tapad uses that data to train its probabilistic device graph to model more accurate statistical cross-device matches over time.

Although deterministic matching seems like the “better” solution, users don’t always stay logged in or use the same email address everywhere. And although a player like Facebook has an impressively high percentage of mobile-only users – its mobile monthly active users rose 26% YoY to 1.2 billion in Q4 – overall desktop usage is down on Facebook, as noted by CFO Dave Wehner on the company’s Q4 2014 earnings call, a fact that might diminish its ability to create cross-device matches down the line as future users eschew desktop for mobile. As Wehner observed to investors on the call, “Mobile remains the primary driver of our growth.”

What about privacy?

Deterministic tracking may be the more accurate cross-device tracking process, but with perfect knowledge comes great responsibility.

It’s become accepted practice for companies with access to first-party data to create anonymous hashed identifiers before using that data for cross-device matching purposes.

But privacy advocates are particularly concerned with the issue of opt-outs. While most behavioral tracking for advertising purposes is automatically opt-out – meaning that users are tracked as a matter of course until they actively make a move to opt out – certain players on the privacy scene, including Stanford University researcher Jonathan Mayer, are pushing for opt-in to be the default. In January, Mayer discovered by conducting several experiments that demand-side platform Turn was using Verizon’s unique identifier header ID to ostensibly resurrect opted-out cookies.

cartoon2Who has deterministic mobile identifiers?

As previously noted, logged-in users are the key to cross-device identity. Facebook, Google, Apple and a handful of others have them, which means deterministic dominance belongs to the big boys, at least for now.

As an alternative to the cookie, advertisers can also turn to mobile device IDs to collect data, retarget users and set frequency caps. Whereas Facebook relies on the single sign-on, iOS and Android devices both come complete with identifiers for advertisers. iOS has IDFA (Apple replaced its unique device identifier, UDID, in 2013 with IDFA, which was created specifically for advertising, amid complaints around user privacy). Android devices use the Google Advertising ID.

While Facebook’s cross-device clout is undeniable – although no official numbers are available, Facebook’s cross-device logged-in user base could clock in somewhere between 800 million and 1 billion – Google and Apple both have something Facebook doesn’t have: a mobile operating system. Facebook tried, but its attempt at a phone was a flop.

Although Google and Apple don’t have any cross-device skin in the game just yet, Google is rumored to be on its way. Industry insiders tell AdExchanger that Google has signaled it will begin testing a cross-device ID solution this year.

But Google, Apple and Facebook aren’t the only kids on the cross-device block, even though they dominate the conversation around deterministic tracking. Players like Amazon, Twitter and even Yahoo are also worth paying attention to.

As Prashant Fuloria, Yahoo’s new SVP of advertising products, pointed out at the company’s first mobile developers conference in mid-February, Yahoo’s access to cross-device user behavior data, including search intent, is one of the “best kept secrets in Silicon Valley.” Of Yahoo’s 1 billion monthly users, roughly 575 million access content via mobile.

Do walled gardens have anything to do with this?

Yes, they do. A walled garden refers to the idea that advertisers will slowly be forced to consolidate their spend with a small pool of big deterministic players with large logged-in user bases. At least for the moment, these companies can set the rules because, in theory, they’re the ones with the scale.

While some view this as a potentially positive development that could cut down on fraud and provide access to more high-quality audiences, others see walled gardens, like the one in which Facebook’s revamped Atlas ad server resides, as representative of a disconcerting lack of control for marketers who will have no choice but to work with a small coterie of companies that can deterministically identify users across devices. These same companies, not incidentally, are major sellers of digital media.

It’s a data ownership issue. If advertisers are going to share their first-party data with a third-party platform, they at least want to get some user insights out of it to apply against future campaigns.

Chris O’Hara, VP of strategic accounts at Krux, put it this way:

“This dynamic rapidly makes the big ‘walled gardens’ of the Internet the only place big marketers can go to unlock the customer journey. That might work for Google and Facebook shareholders and employees, but it’s not good for anyone else. In our increasingly data-dependent world, not all marketers are comfortable borrowing the keys to user identity from platforms that sell their customers advertising. Soon, everyone will have to either pay a stiff toll to access such user data, or come up with innovation that enables a different way to unlock people-centric marketing.”

What about attribution?

Multitouch attribution, the process by which advertisers determine the impact of their ad spend across touch points, is still in its infancy, although there are several solutions on the market, including a conversion tracking pixel from Facebook. For their part, Google and AOL acquired, respectively, multitouch attribution vendors Adometry and Convertro on the same day in May 2014.

Offline attribution is a particular concern for advertisers looking to prove ROI and validate their digital spend. Cross-device tracking is a place to start. A recent study from management consulting firm A.T. Kearney found that 90% of shoppers still prefer to make their purchases at a brick-and-mortar location. To that end, advertisers are looking to tap into mobile as a way to get a handle on how digital ad impressions impact the customer journey and what their consumers are doing in-store.

As Rahul Bafna, VP of product management at Drawbridge, recently noted, “Offline attribution solutions have the opportunity to redefine the correlation between advertising and physical shopping in a multidevice world.”

What kind of cross-device solutions are out there?

The ecosystem is brimming with companies that claim to solve for cross-device, and solutions abound. Providers include Acxiom, Adelphic, Adobe, AOL, BlueKai (acquired by Oracle), Conversant (acquired by Epsilon/Alliance Data), Criteo, Crosswise, Iris Mobile, Krux, Lotame, MediaMath, Neustar Aggregate Knowledge, Turn, 4INFO and [x+1] (acquired by Rocket Fuel).

Here’s a breakdown of several of the best-known players in the space.


Tapad creates its cross-device matches through a tool it refers to as its device graph, a mostly probabilistic version of something like Facebook’s social graph. Through partnerships with companies like Datalogix and YP, Tapad feeds a small core of deterministic user data into its system to train its modeling algorithm. From there, it claims to look at billions of non-PII data points in order to isolate strong behavioral signals and relationships across devices.

For example, if someone requests a car quote on his or her computer, then completes a search for an auto dealership via their smartphone and finally books an upcoming flight on a tablet, Tapad examines the intersection between those data points to determine that all three devices belong to the same individual to the probable exclusion of all others.

The company had its data verified by Nielsen in December, certifying Tapad's results at 91.2% accuracy.

In addition to its device graph, Tapad maintains a suite of products aimed at advertisers, including location-based targeting services, a retargeting tool, cross-device analytics, an audience extension product and a DSP, which means the company also sells media, a potential conflict of interest for a data services provider.


Also a probabilistic player, Drawbridge’s matching tech avoids generally accepted forms of PII, such as name, physical address, phone number, email, social handle and the like. The company stitches data together from multiple sources,  triangulating between user behavior in apps and on mobile web and desktop, and tracking anonymous intel like bid request info, OS and device type to make its correlations. Drawbridge claims to have around 3 billion devices in its network.

For example, if a smartphone and a tablet are frequently observed in the same location at the same time, it’s reasonable to conclude that the same individual owns both devices. In order to handle the complexity inherent therein – the number of devices and the amount of mobile content being consumed on those devices every minute defies easy matching – Drawbridge’s algorithm creates clusters of likely matches, refining those clusters in size as they’re observed over time.

Marketers can also turn their desktop retargeting data over to Drawbridge to extend their campaigns to the mobile web and track progress through its analytics platform. In November, the company, which also supports video ads, announced it was adding connected TVs to its network.

Experian Marketing Services/AdTruth

Shortly after acquiring fraud detection company 41st Parameter in 2013, Experian Marketing Services incorporated cross-device recognition technology from 41st Parameter subsidiary AdTruth into its marketing campaigns.

The AdTruth ID acts as a cookie replacement to allow brands and tech players to link consumers across devices. Although the AdTruth ID doesn’t rely on PII, Experian clients can use the identifier to unify it with other tracking mechanisms, including cookies. AdTruth looks at a number of public data sets and anonymous variables to identify a single user.

The company claims that its probabilistic algorithm can make cross-device matches with between 80% and 90% accuracy.

AdTruth also has several other offerings, including campaign performance tracking, frequency capping and cross-device analytics.


With the relaunch of its Atlas ad server, Facebook entered the cross-device scene in a big way with a persistent tracking mechanism that trades on the company’s relationship with users who are logged in across devices. It also recently released cross-device reports and audience extension tools.

Facebook claims to be able to place display, video and mobile ads in nearly any environment currently served by Google’s DoubleClick for Advertisers, a chief competitor to Atlas. Atlas can identify and serve ads to users across devices both on Facebook’s owned and operated properties, including its mobile app, Facebook.com and Instagram, as well as on thousands of other sites and apps via a combination of its Facebook ID, the Facebook SDK and device ad IDs like Apple’s IDFA and Google’s own Advertising ID. That means that as long as users stay logged in on multiple devices, Atlas will be able to target them – even if those users are engaging with apps that don’t use a social login from Facebook.

In addition to a number of direct marketer relationships, Facebook has partnered with several large holding companies, including Omnicom and Havas Media Group, which are making the cross-device ad-serving tech available to clients.

Although privacy advocates haven’t given Atlas the grilling that Verizon received over its unique ID header (see below), potential privacy breaches are always a concern when first-party data is involved.

In March, AdExchanger reported that several mobile ad networks, including Millennial Media, InMobi and AppLovin, had signed up for a beta program, part of Facebook's new Analytics for Apps, to track installs beyond mobile media explicitly controlled by Facebook. Analytics for Apps will be supported by Facebook’s cross-device ID.


Google has been a sleeping giant in terms of the cross-device question. Although the company doubtlessly has a large number of users who are logged in across devices – while sources have hypothesized that “600 million sounds realistic,” no official numbers have been released – it hasn’t made any public moves toward a cross-device solution.

Up until now, the company has focused more on attribution – see its 2013 acquisition of Adometry – than cross-device, but 2015 will likely be the year that Google makes its big move with the launch of a dedicated tool. There are murmurings in the industry that Google could be in the process of testing some kind of cross-device platform with several agencies.

In theory, Google has a logged-in user base to rival that of Facebook’s through its users on YouTube, Gmail and Google Plus. Its DoubleClick Ad Exchange also has massive scale.

But Google will have to tread lightly, whatever it does. Privacy regulators have been hard on Google, especially in Europe, where watchdogs from Germany, Italy, France and the UK have put pressure on the company to stop combining login data gathered from its various web- and app-based services.

Updated 4/21/15: Google does provide cross-device conversion tracking in AdWords for search and display, which the company announced in September 2014.


Verizon has been making a push into the deterministic identity space with Precision Market Insights, its addressable advertising unit. The carrier launched two separate programs as part of its initial efforts – Verizon Selects, through which users can opt in to receive targeted advertising, and its loyalty initiative, Smart Rewards. Participation in Smart Rewards is contingent upon opting into Selects.

When the programs started, although users were given the ability to opt out of seeing targeted advertising, they couldn’t opt out of being tracked, a fact that got the attention of privacy advocates.

Verizon’s answer to the mobile cookie is something it calls Precision ID. When a consumer visits a web page or uses an app, an ad request is sent through Verizon’s network. A unique device identifier, aka Precision ID, is transmitted as part of the request without, Verizon claims, sharing the identity of the user. This process enables Verizon’s partners, including BrightRoll, RUN and Turn, to serve targeted ads across devices.

Verizon came under fire in January when Stanford’s Mayer discovered that Turn was seemingly reviving opted-out cookies via Verizon’s unique identifier header. Bowing to pressure from the privacy community, Capitol Hill and an avalanche of negative press around what the media began referring to as Verizon’s “zombie cookie,” the carrier announced that it would ultimately allow users to completely opt out of all tracking if they choose to.

Click here to read the 2016 edition of A Marketer's Guide to Cross-Device Identity.


  1. Jim Bonfield

    Incredibly well done Allison. Thank you for this piece. It would be interesting to see how mid-market and smaller advertisers will be able to leverage this ecosystem, if at all. Another unaddressed question is how being able to target across many platforms will drive change in creative and Ad formats. Targeting is one thing, crafting compelling messaging is quite another, especially if used for direct response and not just brand impressions.

  2. Great piece, good to see the different sides of the technology story come together. From a deterministic point of view I'm interested in the value exchange. Google have mail, Facebook have pictures but there is a lot that businesses can do themselves to encourage users to 'put their hand up' and authenticate devices. The concepts of data co-ops and privacy management tools will emerge more and more in the coming years. Give the users a reason to authenticate and they will


Add a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>