Home Mobile AppLovin Rubs Some Devs The Wrong Way With SKAdNetwork Postback Data Grab

AppLovin Rubs Some Devs The Wrong Way With SKAdNetwork Postback Data Grab

SHARE:
Developers have been reporting allegedly strange behavior from AppLovin’s MAX Unity SDK.
Cunning cute little girl stealing delicious muffin on table, hungry funny impatient child reaching hand to take homemade cookies from plate, unhealthy food and kids sugar craving addiction concept

Developers have been reporting allegedly strange behavior from AppLovin’s MAX Unity SDK.

At least one developer discovered that MAX, AppLovin’s in-app monetization solution, appears to have been capturing iOS 15 postbacks for installs generated by other ad networks automatically and without permission.

The tip was shared anonymously with the mobile ad industry forum Mobile Dev Memo.

Postback data is like a receipt with general information about an install and the campaign that led to it. It’s valuable because it demonstrates which apps are sources of good traffic and which ad networks are most effective at driving certain outcomes.

To the MAX

It’s important to note that there is no PII in a SKAdNetwork postback.

At issue was the fact that AppLovin could see the attribution postbacks for all of an advertiser’s installs, not just its own, even if the developer had explicitly specified a different endpoint for where to send postbacks.

(An endpoint is a web URL where information, like postbacks, can be sent by an ad network to an advertiser.)

AppLovin wasn’t claiming credit for any of these installs. But gaining visibility into all of an advertiser’s postbacks would reveal which networks were winning bids for any impressions served in apps monetizing with MAX.

And if AppLovin could see that a certain app is a good source of installs, for example, it could theoretically use that information to inform its own automated bids on behalf of that advertiser.

But AppLovin claims it did not actually collect any of the data, although only AppLovin knows if that’s truly the case.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

According to AppLovin, the Unity plugin in question was benign rather than a data grab. (A Unity plugin is a software add-on used by SDKs that gives access to features such as third-party libraries or OS calls.)

In a statement shared with AdExchanger, an AppLovin spokesperson said the plugin was “designed to create an app that is ready to test/submit to the app store” and that “this feature request was documented for all developers using native integration and our Unity plugin.”

AppLovin has since stopped this practice and instituted a code update that gives developers the option to manually set their NSAdvertisingAttributionReportEndpoint. AppLovin’s endpoint is no longer the default.

But here’s a little wrinkle: AppLovin’s Unity plugin doesn’t actually have Unity’s blessing.

“We think it’s important to note that the AppLovin plugin is not verified by Unity,” a Unity spokesperson told AdExchanger. “We maintain a level of openness for developers and balance that with trust and security by offering verification programs, which the referenced feature has not been a part of.”

What exactly happened on the backend

When an install occurs on iOS 14+, Apple’s new SKAdNetwork framework sends a postback from the user’s device directly to the ad network that deserves credit.

Some advertisers were worried that ad networks, including Facebook’s, wouldn’t always share these postbacks with them. And so, starting with iOS 15, Apple began allowing advertisers to receive a copy of these postbacks on their own – a sort of “god mode” view of installs attributed for their app across all ad networks. Developers do this by specifying their own URL (known as the NSAdvertisingAttributionReportEndpoint).

The MAX SDK was accessing iOS 15 postback data automatically by overriding the NSAdvertisingAttributionReportEndpoint a developer had set as the destination for where SKAdNetwork was supposed to send postback info and replacing it with an AppLovin endpoint.

With this setup, AppLovin was in a position to piggyback off its monetization offering and glean information it could use to benefit its ad network – but without the knowledge of its developer partners.

AppLovin said that it enabled this configuration to make life easier for its customers. “While many of our developers manually enable NSAdvertisingAttributionReportEndpoint using the instructions in our documentation, our Unity plugin allows developers a way to automate many steps of an integration process, including the feature in question,” the spokesperson said.

In other AppLovin news, the company just dropped a cool $1.05 billion in cash to acquire MoPub from Twitter last week – resulting in one less independent mediation option available to app developers.

Story updated on 10/15/21 to reflect comments from Unity.

Must Read

Viant Acquires Data Biz IRIS.TV To Expand Its Programmatic CTV Reach

IRIS.TV will remain an independent company, and Viant will push for CTV platforms to adopt its IRIS ID to provide contextual signals beyond what streamers typically share about their ad inventory.

Integral Ad Science Goes Big On Social Media As Retail Ad Spend Softens In Q3

Integral Ad Science shares dropped more than 10% on Wednesday, after the company reported lackluster revenue growth and softened its guidance for the Q4 season.

Comic: Gen AI Pumpkin Carving Contest

Meet Evertune, A Gen-AI Analytics Startup Founded By Trade Desk Vets

Meet Evertune AI, a startup that helps advertisers understand how their brands and products appear in generative AI search responses.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Private Equity Firm Buys Alliant As The Centerpiece To Its Platform Dreams

The deal is a “platform investment,” in which Inverness Graham sees Alliant as a foundation to build on, potentially through further acquisitions.

Even Sony Needed Guidance For Its First In-Game Ad Campaign

In-game advertising is uncharted territory even for brands like Sony Electronics that consumers associate with gaming.

Comic: Always Be Paddling

The Trade Desk Maintains Its High Growth Rate And Touts New Channels

“It’s hard not to be bullish about CTV when it’s both our largest channel and our fastest growing,” said The Trade Desk Founder and CEO Green during the company’s earnings report on Thursday.