Delivering Transparency and Control in a Mobile-First World

Ashlea Cartee
Ashlea Cartee
Delivering Transparency and Control in a Mobile-First World

When you woke up this morning, what’s one of the first things you did? I imagine you opened at least one mobile application — most likely before you opened your laptop. As the innovation of the mobile app landscape has evolved, so has the growth of this channel.

Consumer spending on mobile apps and app installs has grown significantly. In the first half of the 2020, consumers spent 23.4% more than during the first half of 2019, resulting in $50.1B worldwide. In addition, first-time app installs were up 26.1% year-over-year in the first half of 2020 to reach 71.5 billion downloads.

This creates a big opportunity for publishers expanding into the mobile app world. Compared to navigating the web on a mobile device, native apps are typically easier to access, and provide a faster and more interactive user experience. These benefits also lead to a better in-app advertising experience.

As consumers’ content consumption behaviors change, so do the industries dedicated to building and regulating these applications. As data privacy concerns increase and tech giants prevent tracking and personalization, publishers should pivot and expand their web-based strategies to offer transparency, control, and build trust in mobile applications.

Where regulators stand on mobile apps

From a privacy perspective, regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) shine a spotlight on mobile app technologies and how apps collect and share data with third parties.

According to the GDPR (Recital 30) and e-Privacy Directive Article 5(3):

Individuals can be associated with online/device identifiers. Use or storage of information can only be done with consent.

On the other hand, the CCPA (Section 1798.120) states:

A consumer can direct a business not to sell the consumer’s personal information. A ‘Sale’ is a transfer for monetary or Valuable Consideration.

Companies developing mobile solutions and delivering upon mobile-first strategies are seeking solutions to build intelligent, data-driven applications that respect users’ privacy, build trust, and fuel brand loyalty.

Recent tech changes impacting mobile apps

Apple recently announced that iOS 14 will mask the Identifier for Advertisers (IDFA) by explicit opt-in instead of the current limited ad tracking (LAT) opt-out. At a high level, this means end users will be prompted to grant consent for capturing their data and allowing tracking across devices.

The recent privacy rule has gained much attention from the ad tech industry. Advertisers currently rely on the IDFA for ad monetization because it provides a unique and persistent identifier across apps. Facebook and digital ad companies have warned that the proposed change could roil the mobile app industry. Apple says developers can choose to comply with the rule now that iOS 14 has launched — but that it won’t be enforced until 2021.

The rollout of Apple’s iOS 14 impacts publishers’ ability to accurately target and measure their advertisers’ campaigns, so it’s imperative for mobile app publishers to put a  strategy in place  for this privacy feature to avoid significant ad revenue losses.  

Now that they have a little more time, publishers, advertisers, and agencies should develop an encompassing strategy on how to deal with this more restricted environment. With Apple and other tech platforms creating more restrictive policies on tracking, it’s important to stay on top of the ever-changing environment.

How the mobile app experience impacts usability, trust, and loyalty

Picture this: You’re sitting on your couch and want to catch up on the news while dinner is cooking, so you open your favorite news application. First, you have to log in every time you open the application. Second, you’re served multiple, irrelevant ads that you did not consent to. Eventually, you might forego your favorite application for another because the experience is terrible and not as personalized as you expect.

Now picture this: You open your favorite news app –

  • You don’t have to log in multiple times
  • You don’t have to provide tracking consent repeatedly
  • You’re able to choose which notifications you’d like to receive
  • You know which data is being collected when you have the application open
  • You’re delivered ads for items you’re interested in purchasing

Which app would you continue to use every day?

This is where consent and preferences come into play for mobile applications. Without really understanding your app user, building trust, or delivering a personalized experience, you risk losing your audience.

Best practices for mobile app compliance

How do you implement compliance requirements, technology updates, and a seamless user experience into your mobile application? Here are best practices OneTrust PreferenceChoice recommends for taking a privacy-centric approach to mobile applications.

Audit your application

If you didn’t code your mobile app yourself, it's important to understand what the technology is doing with regards to third-party sharing. The best way to understand this is to scan your application to understand the SDKs, tracking technologies, and third-parties that are collecting data from your application.

From a vendor perspective, you’ll want to:

  • Determine which SDKs are provided by third parties and cross-reference your vendor inventory.
  • Categorize SDKs based on data processing (strictly necessary, performance, advertising, etc.).
  • Audit and understand the data you’re collecting, such as location or photos, and determine that the Identifier for Advertisers (IDFA) be used for iOS devices.
  • A combination of these considerations will give a clear picture of your app privacy health.
Create UX for a CMP

Build pop-up disclosures and preference centers based on relevant jurisdictions.

There are three main considerations for the UX of your CMP:

  1. Tailor your consent banner to match your company’s brand including display, color, content, and language.
  2. Ensure that you are effectively explaining how the app processes data. Also, make sure you’re meeting disclosure obligations by triggering at or before the time of data collections.
  3. Allow the user to opt-in to processing or update their preference and honor their choice via consent signals to appropriate SDKs. The overall experience should be based on geolocation to meet jurisdictional requirements.
Deploy to mobile application

The last step is deploying the SDK into your mobile application. You’ll need to think about what kind of SDK if needed based on the platform your application will run on.

Once the SDK is deployed in the mobile app, you’ll want to consider continuing to leverage CMP capabilities over time. For example, rescan your application every so often to understand if there are any changes to SDKs. Also, to meet compliance standards, generate consent records to automate compliance documentation and record keeping.

Bringing it all together across devices

A mobile application might be just one of the digital properties you own. What about a CMP for web or an over-the-top (OTT) application on a Connected TV (CTV)?

To meet consumers’ expectations of a unified experience across devices, publishers should ensure that cross-device consent capture is available and consistent across platforms and centralize the consent records from browsers, mobile, and OTT apps.

As we continue to navigate the ad tech landscape, three components will likely continue to be at the forefront of every publisher’s digital strategy: privacy, control, and trust.

Ashlea Cartee
Ashlea Cartee

Ashlea Cartee spends her time helping companies across the globe rethink the way marketing and privacy teams work together. As the Product Marketing Manager at OneTrust PreferenceChoice and CookiePro by OneTrust — the most widely used CMP and cookie banner on the web — Ashlea is an expert in helping marketers and publishers build trust as a competitive advantage, not a compliance headache.