Meet The Four Horsemen Of Mobile’s Answer To The Cookiepocalypse

Mike Brooks, SVP of revenue, WeatherBug

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media. 

Today’s column is written by Mike Brooks, SVP of revenue at WeatherBug.

In a few weeks, the first of several monolithic industry dominos is set to fall when Apple begins enforcing its AppTrackingTransparency framework on iOS 14.5.

But although it’s the most immediate priority for media businesses with a mobile app presence, this change is just one chapter in a much longer story about the intersection of privacy and ad tech, including the end of support for third-party cookies in Chrome and eventual changes to Google’s mobile ad ID.

As an omnichannel digital publisher with 12 million monthly app users, these changes will directly impact our business. And so, since there was no CES this year, we organized a series of more than 50 CES-style meetings with other publishers, programmatic leads and data folks across the industry to compare notes on the technologies and strategies being considered to underpin the future of identity.

Here are some of our main takeaways.


The most widely discussed model for digital identity revolves around authentication, which involves a logged-in user base and requires that the publisher and advertiser agree to use some form of hashed email as a primary match key for audience targeting.

LiveRamp’s Authenticated Traffic Solution, Zeotap’s offering and Unified ID 2.0 are all good examples of this approach, and there are others working on their own. Assuming the proper consents are in place this model can thrive in a world without third-party cookies.

But there are challenges. A major one is the fact that publishers generally have a low opt-in rate, so authentication doesn’t solve the monetization shortcomings for non-authenticated (aka, the majority of) traffic. Another challenge is that it doesn’t scale to a publisher’s non-opted-in user base on iOS, which we expect to be more than 80% of our Apple inventory.

Although authentication will clearly provide value for advertisers and publishers alike, its lack of coverage means that it’s incapable of providing up with a complete picture.


During our round robin meetings, we kept hearing folks talk about fingerprinting or probability modeling as potential mechanisms to replace user-level tracking for iOS and on Chrome.

But Apple’s ATT framework explicitly bans tracking without a user’s opted-in consent, and Google quite clearly bans fingerprinting in its proposals for third-party cookie alternatives. There’s no reason to think it won’t also eventually be banned in relation to the Google ad ID.

On top of that, Apple’s ATT framework holds publishers responsible for a partner’s violation even if it occurs outside of their app, so any of our partners who engage in fingerprinting would be putting us at exorbitant risk.

The writing on the wall is clear: do not build your business on fingerprinting.

Decentralization and ‘bunkers’

On the other end of the spectrum, the seemingly most privacy-forward, decentralized data strategies, such as those being proposed by Infosum and Kochava with its Identity Locker, operate by keeping first-party data in encrypted so-called “bunkers” that are matched and then purposely obfuscated in clean room-type environments.

The result is a clever application of differential privacy and sets the stage for more efficient, safe and effective use of first-party data. What stops the ad tech world from going completely into a bunker?

Today, partners on each side of the ecosystem need to sign up, so critical mass in each marketplace becomes very important. As of now, you also still need your users to authenticate via email, which means that this technology doesn’t completely solve for Apple’s ATT, because a pure application of it would require user opt-in.

But keep an eye out for unlikely bedfellow Akamai and other technology players to enter the space and try to help solve for these limitations.

On-device technologies

Finally, on-device technology, although more nascent than authentication, fingerprinting or decentralization, actually holds the most promise.

Not only does on-device tech have an official carveout under Apple’s ATT framework, which means it can scale to 100% of an iOS user base, it also serves as the foundation for Google FLoC proposal. Although it will be implemented differently across different operating systems, on-device tech will likely be the framework of the open web going forward.

In today’s world, hundreds of companies append data to unique identifiers and then send those audiences flying around. But in an on-device world, the understanding of whether a user belongs in a certain targetable audience occurs on the phone, browser or within the SDK.

For example, a data partner can send information into an SDK about what constitutes an audience of auto intenders, and that data will never leave that device. The technology would make the connection to the audience based on what it knows about the user and perhaps surface them into a PMP, but the IDs won’t go anywhere.

It’s important to mention that Google is facilitating the on-device structure with its FLoC proposal, while Apple is leaving everyone to fend for themselves. And although it’s still very early in the innovation cycle, LiveRamp appears to have pulled into an early lead by bringing its on-device ATS solution to market in mid-December.

What next?

At the end of the day, we believe that privacy-focused bunker technology when paired with an on-device rendering system is the future of privacy-safe digital advertising – if it can reach critical mass, of course.

Until then, keep your partners honest and on the right side of the platform enforcement policies, and we’ll see you in the future.

Follow WeatherBug (@WeatherBug) and AdExchanger (@adexchanger) on Twitter.

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!

1 Comment

  1. John Haake

    Mike, Leverage Lab agrees that multiple persistent ID solutions will emerge as the dust settles around 3rd-party cookies. We preach to our publisher customers that the skeleton key for any solution will be tightly managed and organized first-party data sets with authenticated user records. As many/most publishers adopt a wait and see strategy, they had ought to use this time to focus on getting their data in order as the dust settles.