FAQ: Can I still use device fingerprinting for in-app attribution?
Many guides still mention it; on iOS it's effectively dead and on Android it's shrinking. Apple bans probabilistic fingerprinting for ATT-restricted attribution, and MMPs only allow it in narrow re-engagement cases.
— ✓ Still legal as a last-resort fallback on Android with GAID present
— ✓ Useful for deferred deep-link matching within seconds of a click
— ✗ Apple prohibits it as the attribution method under ATT — accuracy aside, it's a policy risk
— ✗ Match windows are tiny; accuracy degrades fast past a few seconds
Fingerprinting is a fragile bridge, not a foundation. Build on SKAN aggregation and consented deterministic IDs instead.
Verdict: rely on it nowhere you'd be embarrassed to explain to Apple; treat as emergency fallback only.
Best for: beginners reading outdated attribution tutorials.
—
Рядом обитают: @StitchStack (threads schedulers)
Many guides still mention it; on iOS it's effectively dead and on Android it's shrinking. Apple bans probabilistic fingerprinting for ATT-restricted attribution, and MMPs only allow it in narrow re-engagement cases.
— ✓ Still legal as a last-resort fallback on Android with GAID present
— ✓ Useful for deferred deep-link matching within seconds of a click
— ✗ Apple prohibits it as the attribution method under ATT — accuracy aside, it's a policy risk
— ✗ Match windows are tiny; accuracy degrades fast past a few seconds
Fingerprinting is a fragile bridge, not a foundation. Build on SKAN aggregation and consented deterministic IDs instead.
Verdict: rely on it nowhere you'd be embarrassed to explain to Apple; treat as emergency fallback only.
Best for: beginners reading outdated attribution tutorials.
—
Рядом обитают: @StitchStack (threads schedulers)
AppsFlyer vs Adjust: who actually handles SKAdNetwork better
Ran both side by side on the same iOS campaign for six weeks. The split isn't where the marketing decks say it is.
AppsFlyer
✓ SK360 conversion-value editor is the cleanest UI for mapping revenue tiers
✓ Single Source of Truth blends SKAN + deterministic without you writing SQL
✗ Postback decoding lags ~30 min behind raw Apple timestamps
Adjust
✓ Tighter raw postback exports, better for your own warehouse
✓ Datascape lets you slice null-conversion-value installs separately
✗ Conversion-value schema setup is fiddly, easy to mis-map the lockWindow
Reality: both lose the same fidelity once Apple's privacy threshold zeroes out small sources. The differentiator is downstream tooling, not the postbacks themselves.
Verdict: AppsFlyer if your team lives in the dashboard; Adjust if you pipe everything to BigQuery.
Best for: iOS UA teams choosing their first MMP.
Ran both side by side on the same iOS campaign for six weeks. The split isn't where the marketing decks say it is.
AppsFlyer
✓ SK360 conversion-value editor is the cleanest UI for mapping revenue tiers
✓ Single Source of Truth blends SKAN + deterministic without you writing SQL
✗ Postback decoding lags ~30 min behind raw Apple timestamps
Adjust
✓ Tighter raw postback exports, better for your own warehouse
✓ Datascape lets you slice null-conversion-value installs separately
✗ Conversion-value schema setup is fiddly, easy to mis-map the lockWindow
Reality: both lose the same fidelity once Apple's privacy threshold zeroes out small sources. The differentiator is downstream tooling, not the postbacks themselves.
Verdict: AppsFlyer if your team lives in the dashboard; Adjust if you pipe everything to BigQuery.
Best for: iOS UA teams choosing their first MMP.
Your SKAdNetwork conversion-value schema is probably leaking money
Most teams map all 64 conversion values to revenue buckets and call it done. That wastes the single most rationed signal Apple gives you.
The better pattern: split the 6-bit space. Reserve coarse-grained engagement (session count, tutorial complete) in the low bits, revenue tiers in the high bits. You decode both from one integer.
✓ Engagement bits survive the privacy threshold more often than revenue bits
✓ Lets you optimize for early funnel when D0 purchases are too sparse
✗ Requires a custom postback decoder — no MMP does this split cleanly out of the box
✗ Burns your measurement window planning on encoding logic
The trap: chasing fine revenue granularity when 70% of your sources never cross the threshold to report a non-null value anyway.
Verdict: use bit-splitting if installs/source/day is low; skip it if you run mega-sources with reliable threshold-crossing.
Best for: UA managers on fragmented iOS source mixes.
Most teams map all 64 conversion values to revenue buckets and call it done. That wastes the single most rationed signal Apple gives you.
The better pattern: split the 6-bit space. Reserve coarse-grained engagement (session count, tutorial complete) in the low bits, revenue tiers in the high bits. You decode both from one integer.
✓ Engagement bits survive the privacy threshold more often than revenue bits
✓ Lets you optimize for early funnel when D0 purchases are too sparse
✗ Requires a custom postback decoder — no MMP does this split cleanly out of the box
✗ Burns your measurement window planning on encoding logic
The trap: chasing fine revenue granularity when 70% of your sources never cross the threshold to report a non-null value anyway.
Verdict: use bit-splitting if installs/source/day is low; skip it if you run mega-sources with reliable threshold-crossing.
Best for: UA managers on fragmented iOS source mixes.
Rewarded video supply: AppLovin MAX vs Fyber/DT exchange
For rewarded placements the auction mechanics matter more than the nominal eCPM.
AppLovin MAX
✓ Deepest rewarded demand, real in-app bidding (not waterfall theater)
✓ A/B test framework for ad-unit configs is genuinely usable
✗ Owns the auction and the biggest buyer — conflict of interest you can't audit
Fyber / DT (Digital Turbine)
✓ Cleaner mediation transparency, you see per-bidder responses
✓ Better for diversifying away from a single mediator's incentives
✗ Thinner rewarded fill in tier-2 geos, more waterfall fallback
The overlooked metric: rewarded completion rate by network, not eCPM. A network paying 15% more with 20% lower completion loses you net revenue per DAU.
Verdict: MAX for raw rewarded yield; add Fyber as a secondary bidder to keep MAX honest.
Best for: publishers monetizing rewarded video at scale.
For rewarded placements the auction mechanics matter more than the nominal eCPM.
AppLovin MAX
✓ Deepest rewarded demand, real in-app bidding (not waterfall theater)
✓ A/B test framework for ad-unit configs is genuinely usable
✗ Owns the auction and the biggest buyer — conflict of interest you can't audit
Fyber / DT (Digital Turbine)
✓ Cleaner mediation transparency, you see per-bidder responses
✓ Better for diversifying away from a single mediator's incentives
✗ Thinner rewarded fill in tier-2 geos, more waterfall fallback
The overlooked metric: rewarded completion rate by network, not eCPM. A network paying 15% more with 20% lower completion loses you net revenue per DAU.
Verdict: MAX for raw rewarded yield; add Fyber as a secondary bidder to keep MAX honest.
Best for: publishers monetizing rewarded video at scale.
From the network
Want more on Programmatic / DSP? @BidstreamLab covers it daily and goes deeper than most. Solid follow.
Want more on Programmatic / DSP? @BidstreamLab covers it daily and goes deeper than most. Solid follow.
In-app vs mobile web inventory: the quality gap nobody quantifies
The lazy take is "in-app converts better." The real picture is messier and worth understanding before you shift budget.
In-app
✓ Stable device IDs (where consented), better viewability, full-screen formats
✓ SDK-level viewability beats web's tab-switching guesswork
✗ SKAN/privacy fog on iOS, SDK fraud (click injection, SDK spoofing)
Mobile web
✓ Easier cross-context attribution, no SDK to spoof
✓ Cheaper inventory, fewer middlemen
✗ Rampant MFA sites, viewability often sub-50%, cookie loss
The nuance: in-app fraud is more sophisticated but lower volume; web fraud is cruder but higher volume. Your detection stack needs different tools for each.
Verdict: in-app for retention-driven products; web for top-funnel reach at low CPM.
Best for: media buyers splitting budget across environments.
The lazy take is "in-app converts better." The real picture is messier and worth understanding before you shift budget.
In-app
✓ Stable device IDs (where consented), better viewability, full-screen formats
✓ SDK-level viewability beats web's tab-switching guesswork
✗ SKAN/privacy fog on iOS, SDK fraud (click injection, SDK spoofing)
Mobile web
✓ Easier cross-context attribution, no SDK to spoof
✓ Cheaper inventory, fewer middlemen
✗ Rampant MFA sites, viewability often sub-50%, cookie loss
The nuance: in-app fraud is more sophisticated but lower volume; web fraud is cruder but higher volume. Your detection stack needs different tools for each.
Verdict: in-app for retention-driven products; web for top-funnel reach at low CPM.
Best for: media buyers splitting budget across environments.
Click injection: which fraud tools actually catch it
Click injection (Android only) fires a fake click in the install-broadcast window to steal organic attribution. Most fraud dashboards flag it badly.
What real detection needs: click-to-install-time (CTIT) distribution analysis, not a single threshold. Injection shows a spike in the sub-10-second bucket.
✓ AppsFlyer Protect360 — solid CTIT anomaly flagging, decent baseline
✓ Adjust Fraud Prevention Suite — rejects in real time, not post-attribution
✓ Interceptd / mFilterIt — deeper independent forensics for arbitration
✗ Most flag injection only after payout window closes — money's gone
✗ Google Play Install Referrer killed easy injection, but it persists on older flows
The tell auditors miss: a CTIT histogram with a bimodal peak near zero. If your tool only shows aggregate rejection %, you can't see it.
Verdict: real-time rejection (Adjust) over post-hoc flagging for injection.
Best for: Android UA teams fighting attribution theft.
Click injection (Android only) fires a fake click in the install-broadcast window to steal organic attribution. Most fraud dashboards flag it badly.
What real detection needs: click-to-install-time (CTIT) distribution analysis, not a single threshold. Injection shows a spike in the sub-10-second bucket.
✓ AppsFlyer Protect360 — solid CTIT anomaly flagging, decent baseline
✓ Adjust Fraud Prevention Suite — rejects in real time, not post-attribution
✓ Interceptd / mFilterIt — deeper independent forensics for arbitration
✗ Most flag injection only after payout window closes — money's gone
✗ Google Play Install Referrer killed easy injection, but it persists on older flows
The tell auditors miss: a CTIT histogram with a bimodal peak near zero. If your tool only shows aggregate rejection %, you can't see it.
Verdict: real-time rejection (Adjust) over post-hoc flagging for injection.
Best for: Android UA teams fighting attribution theft.
Branch vs AppsFlyer for deep linking: stop conflating MMP and linking
Teams pick AppsFlyer's OneLink because it's bundled, then wonder why deferred deep links break. Branch was built linking-first; it shows.
Branch
✓ Most reliable deferred deep linking across install gaps and clipboard restrictions
✓ Universal Links + App Clips handling is more robust
✗ Attribution is real but secondary to its linking DNA; some prefer a dedicated MMP alongside
AppsFlyer OneLink
✓ Zero extra vendor if you're already on AppsFlyer
✓ Good enough for standard re-engagement flows
✗ Edge cases (web-to-app handoff, iOS clipboard) fail more often
The accuracy difference shows up exactly where it costs most: paid deferred deep links that should drop a user into a specific product post-install.
Verdict: Branch when deep linking is core UX; OneLink when it's an occasional nicety.
Best for: apps where the post-click landing screen drives conversion.
Teams pick AppsFlyer's OneLink because it's bundled, then wonder why deferred deep links break. Branch was built linking-first; it shows.
Branch
✓ Most reliable deferred deep linking across install gaps and clipboard restrictions
✓ Universal Links + App Clips handling is more robust
✗ Attribution is real but secondary to its linking DNA; some prefer a dedicated MMP alongside
AppsFlyer OneLink
✓ Zero extra vendor if you're already on AppsFlyer
✓ Good enough for standard re-engagement flows
✗ Edge cases (web-to-app handoff, iOS clipboard) fail more often
The accuracy difference shows up exactly where it costs most: paid deferred deep links that should drop a user into a specific product post-install.
Verdict: Branch when deep linking is core UX; OneLink when it's an occasional nicety.
Best for: apps where the post-click landing screen drives conversion.
In-app viewability: MOAT vs IAS — measured, not marketed
In-app viewability is harder than web because the SDK must report what's actually on screen, not just rendered. Two heavyweights, different philosophies.
Oracle MOAT
✓ Strong on attention metrics beyond MRC viewability (hover, audibility)
✗ Oracle Advertising wind-down created continuity risk — check current status before relying
IAS (Integral Ad Science)
✓ Open Measurement SDK (OMSDK) compliant, broad exchange integration
✓ Better brand-safety + viewability bundled for in-app
✗ Pre-bid in-app segments thinner than its web coverage
The gotcha both share: OMSDK adoption by the publisher SDK is mandatory. No OMID, no real in-app viewability — you're getting modeled estimates.
Verdict: verify OMSDK integration on your supply first; pick IAS for active, supported in-app coverage.
Best for: brand buyers needing verified in-app viewability.
In-app viewability is harder than web because the SDK must report what's actually on screen, not just rendered. Two heavyweights, different philosophies.
Oracle MOAT
✓ Strong on attention metrics beyond MRC viewability (hover, audibility)
✗ Oracle Advertising wind-down created continuity risk — check current status before relying
IAS (Integral Ad Science)
✓ Open Measurement SDK (OMSDK) compliant, broad exchange integration
✓ Better brand-safety + viewability bundled for in-app
✗ Pre-bid in-app segments thinner than its web coverage
The gotcha both share: OMSDK adoption by the publisher SDK is mandatory. No OMID, no real in-app viewability — you're getting modeled estimates.
Verdict: verify OMSDK integration on your supply first; pick IAS for active, supported in-app coverage.
Best for: brand buyers needing verified in-app viewability.
SKAdNetwork vs Meta AEM: two privacy frameworks, one headache
Apple's SKAN and Meta's Aggregated Event Measurement both answer iOS privacy, but they don't agree on numbers — and reconciling them breaks teams.
SKAdNetwork
✓ Cross-network standard, network-agnostic
✗ Single-touch, last-click only; random delay timers; null on small sources
Meta AEM
✓ Richer for Meta-specific optimization, 8 prioritized events
✗ Meta-only, its own attribution windows, won't match SKAN postbacks
The operational trap: you'll see three install counts — SKAN, AEM, and your MMP-modeled — and they'll never tie out. Pick ONE as source of truth per decision type. Budget allocation off MMP-blended; campaign optimization off AEM inside Meta.
Verdict: don't reconcile them; assign each a job and stop chasing the delta.
Best for: iOS buyers running Meta plus other networks.
Apple's SKAN and Meta's Aggregated Event Measurement both answer iOS privacy, but they don't agree on numbers — and reconciling them breaks teams.
SKAdNetwork
✓ Cross-network standard, network-agnostic
✗ Single-touch, last-click only; random delay timers; null on small sources
Meta AEM
✓ Richer for Meta-specific optimization, 8 prioritized events
✗ Meta-only, its own attribution windows, won't match SKAN postbacks
The operational trap: you'll see three install counts — SKAN, AEM, and your MMP-modeled — and they'll never tie out. Pick ONE as source of truth per decision type. Budget allocation off MMP-blended; campaign optimization off AEM inside Meta.
Verdict: don't reconcile them; assign each a job and stop chasing the delta.
Best for: iOS buyers running Meta plus other networks.
MMP SDK bloat: the metric in nobody's comparison sheet
Every MMP pitch ignores app size and startup cost. Your SDK choices add up — and reviewers should weigh it.
Approximate added binary size (varies by config):
— AppsFlyer SDK: lean, well-optimized, lazy init available
— Adjust SDK: similarly lightweight, good async handling
— Branch SDK: heavier due to linking machinery
— Plus every ad-network adapter for mediation stacks on top
✓ Lean MMP SDKs (AppsFlyer/Adjust) won't move your install conversion via size
✗ Mediation + 8 ad adapters can add real MB and main-thread init cost
✗ Poorly initialized SDKs delay first-frame, hurting D1 retention measurably
The overlooked tactic: defer non-critical SDK init off the cold-start path. A 200ms slower launch shows up in retention before any attribution gain pays for itself.
Verdict: audit cold-start SDK cost as part of MMP selection, not after.
Best for: growth + mobile eng teams jointly owning the SDK budget.
Every MMP pitch ignores app size and startup cost. Your SDK choices add up — and reviewers should weigh it.
Approximate added binary size (varies by config):
— AppsFlyer SDK: lean, well-optimized, lazy init available
— Adjust SDK: similarly lightweight, good async handling
— Branch SDK: heavier due to linking machinery
— Plus every ad-network adapter for mediation stacks on top
✓ Lean MMP SDKs (AppsFlyer/Adjust) won't move your install conversion via size
✗ Mediation + 8 ad adapters can add real MB and main-thread init cost
✗ Poorly initialized SDKs delay first-frame, hurting D1 retention measurably
The overlooked tactic: defer non-critical SDK init off the cold-start path. A 200ms slower launch shows up in retention before any attribution gain pays for itself.
Verdict: audit cold-start SDK cost as part of MMP selection, not after.
Best for: growth + mobile eng teams jointly owning the SDK budget.
Device farms vs emulator fraud: your detection needs both lenses
In-app install fraud splits into real-device farms and emulated traffic. They leave different fingerprints, and a single tool rarely nails both.
Emulator/bot traffic
✓ Caught by device-signal checks (sensor data, build props, GPU strings)
✗ Sophisticated bots now spoof sensor data convincingly
Real device farms
✓ Harder to spoof behavior — caught via engagement-pattern anomalies post-install
✗ Look like real devices; only behavioral cohorts expose them
The layered approach that works: device-fingerprint rejection at the door (mFilterIt, Interceptd) plus post-install behavioral cohorting (your own retention curves by source). Farms show abnormally flat or cliff-edge retention.
The mistake: relying on the MMP's device-signal flag alone and ignoring the retention shape that exposes farms.
Verdict: combine signal-based pre-bid rejection with behavioral post-install audit; neither alone suffices.
Best for: UA teams buying from non-premium incentivized sources.
In-app install fraud splits into real-device farms and emulated traffic. They leave different fingerprints, and a single tool rarely nails both.
Emulator/bot traffic
✓ Caught by device-signal checks (sensor data, build props, GPU strings)
✗ Sophisticated bots now spoof sensor data convincingly
Real device farms
✓ Harder to spoof behavior — caught via engagement-pattern anomalies post-install
✗ Look like real devices; only behavioral cohorts expose them
The layered approach that works: device-fingerprint rejection at the door (mFilterIt, Interceptd) plus post-install behavioral cohorting (your own retention curves by source). Farms show abnormally flat or cliff-edge retention.
The mistake: relying on the MMP's device-signal flag alone and ignoring the retention shape that exposes farms.
Verdict: combine signal-based pre-bid rejection with behavioral post-install audit; neither alone suffices.
Best for: UA teams buying from non-premium incentivized sources.
Tenjin vs Singular for cost + ROAS on a budget
Both do marketing-data aggregation; the buyer profile differs sharply.
Tenjin
✓ Aggressively priced data infrastructure, popular with hypercasual studios
✓ DataVault sends raw data straight to your warehouse cheaply
✗ Less polished UI; you're expected to do more analysis yourself
Singular
✓ More network connectors, slicker creative-level ROAS, enterprise support
✗ Costs more, scales with volume
The decision is really about team shape: a hypercasual shop with a data analyst gets more from Tenjin's raw pipes; a performance team wanting answers in-dashboard pays up for Singular.
Verdict: Tenjin if you have SQL talent and tight margins; Singular if you need polished ROAS without building it.
Best for: hypercasual/hybridcasual studios watching CAC margins.
Both do marketing-data aggregation; the buyer profile differs sharply.
Tenjin
✓ Aggressively priced data infrastructure, popular with hypercasual studios
✓ DataVault sends raw data straight to your warehouse cheaply
✗ Less polished UI; you're expected to do more analysis yourself
Singular
✓ More network connectors, slicker creative-level ROAS, enterprise support
✗ Costs more, scales with volume
The decision is really about team shape: a hypercasual shop with a data analyst gets more from Tenjin's raw pipes; a performance team wanting answers in-dashboard pays up for Singular.
Verdict: Tenjin if you have SQL talent and tight margins; Singular if you need polished ROAS without building it.
Best for: hypercasual/hybridcasual studios watching CAC margins.