Guidesmobile advertisingprivacy regulations

Apple's Changes to IDFA in iOS 14 and What They Mean for Mobile Advertising

IDFAiOS 14AppTrackingTransparencySKAdNetworkAAIDopt-in consentad targetingcontextual advertisingdevice fingerprintingmobile measurement platformsMMPsAdTechDSPSSPad networks

Apple's iOS 14 introduced a fundamental shift in how mobile advertising works on Apple devices. This overview covers what the IDFA is, how Apple's privacy changes affect access to it, and what those changes mean for ad targeting, measurement, attribution, and the AdTech companies that depend on all three.

What Is the IDFA?

Apple's Identifier for Advertisers (IDFA) is a unique string of random numbers and letters assigned to an iOS device — iPhones and iPads being the most common examples. A typical IDFA looks something like this:

7D902I08D-7846-4CA4-TE6P-83369125YFDC

Unlike cookies in a web browser, which a user can block or delete relatively easily, the IDFA is persistent. It stays associated with a device until the user either switches to a new Apple device or manually resets it. That persistence is precisely what made it so valuable to mobile advertisers.

What the IDFA Is Used For

The IDFA is used for ad targeting, measurement, and attribution in apps running on iOS, iPadOS, and tvOS. When a user opens a mobile app, the IDFA can be passed from the device to AdTech platforms and mobile measurement platforms (MMPs), enabling those platforms to build user profiles, serve targeted ads, and track downstream actions like installs or purchases.

The rough parallel in the web world is the cookie — the key difference being that the IDFA's persistence makes it a more reliable identifier over time.

Apple's IDFA vs. Google's AAID

Google's Android ecosystem has its own equivalent: the Android Advertising ID (AAID). It functions in essentially the same way as Apple's IDFA. At the time iOS 14 was introduced, no equivalent privacy changes had been proposed for Google's AAID — making iOS 14 a unilateral shift in one half of the mobile duopoly.

The Privacy Changes Coming with iOS 14

The most significant change in iOS 14 is that apps can no longer silently access the IDFA. Before any app can read the IDFA and pass it along to AdTech companies or MMPs, the user must actively opt in.

This consent is surfaced through Apple's AppTrackingTransparency framework, which presents users with a standardized permission prompt. App developers are required to implement this framework in order to request access to the IDFA at all.

What Happens If an App Doesn't Implement the Framework?

Apps that do not integrate the AppTrackingTransparency API will not have access to the IDFA — it will be returned as a string of zeroes rather than the actual identifier. These apps also lose the ability to ask users to opt in, since the permission prompt itself is part of the framework. Any app running on iOS 14 without this integration effectively operates without IDFA access.

Will Ads Still Be Shown?

Yes. iOS 14 does not prevent ads from being displayed to users. What it prevents — absent an opt-in — is the use of IDFA-based targeting and retargeting. Ads can still run; they just can't be personalized based on a user's IDFA unless that user has explicitly granted permission.

How Ad Measurement and Attribution Work in iOS 14

With IDFA access restricted to opted-in users, Apple's SKAdNetwork becomes the primary mechanism for ad measurement and attribution. A few key points about how SKAdNetwork operates:

  1. App install attribution data passes through SKAdNetwork and is then forwarded to ad networks — but the data flow is deliberately limited.
  2. No user-level or device-level data is passed to AdTech platforms or MMPs. Attribution is aggregated and anonymized by design.
  3. Campaign IDs are capped at 100 per ad network, which significantly constrains the granularity of campaign measurement.

This represents a significant architectural departure from the previous model, where MMPs could receive device-level attribution data directly.

Source: Apple — User Privacy and Data Use

Frequently Asked Questions

When did iOS 14 roll out?

iOS 14 was expected to release in September or October 2020, with a large proportion of iOS users anticipated to have upgraded by the start of 2021 — meaning widespread impact was expected relatively quickly after launch.

When do users see the opt-in prompt, and how often?

Users see the AppTrackingTransparency permission prompt only once per app, unless they delete and reinstall the application. App developers have some flexibility in choosing when the prompt appears within the user experience, but the IDFA remains inaccessible until the user explicitly opts in.

Can the opt-in message be customized?

Partially. The bold system-level text — which is set by Apple and cannot be modified — is always present. However, the descriptive explanation text can be customized by the developer using the NSUserTrackingUsageDescription key in the app's configuration. This gives developers a chance to explain to users why tracking permission is being requested, which can influence opt-in rates.

How many users are expected to opt in?

There is no way to know with certainty before broad adoption, but most estimates at the time placed the opt-in rate somewhere between 1% and 20%. That wide range reflects genuine uncertainty — actual rates depend heavily on how developers frame their permission requests and the context in which the prompt appears.

Possible Workarounds

There is no direct replacement for the IDFA, but several approaches have been discussed as partial workarounds for identification, targeting, and attribution:

  • Device fingerprinting: Not recommended. It raises significant privacy concerns and Apple has signalled it will crack down on fingerprinting techniques that attempt to circumvent its privacy framework.
  • Contextual ad targeting: Viable, but generally considered less effective than IDFA-based targeting, since it relies on the content environment rather than user behaviour history.
  • Email addresses or phone numbers as identifiers: Limited in scale. These only work when users are logged in and have shared that information, which narrows the applicable audience considerably.

A general principle applies: any workaround that attempts to re-identify users without their consent is likely to conflict with Apple's privacy guidelines and may be eliminated through policy enforcement or OS-level changes.

What This Means for MMPs and AdTech Companies

The four core processes that underpin mobile advertising — identification, targeting, measurement, and attribution — are all materially affected by these changes. With IDFA access gated behind an opt-in that many users are expected to decline, independent AdTech companies (ad networks, DSPs, SSPs) and MMPs will face real operational challenges in maintaining the capabilities they have built around device-level data.

The short-term response from most platforms will involve workarounds and adaptations to SKAdNetwork's constraints. The longer-term picture requires more fundamental innovation — building systems that can operate effectively within a privacy-first model rather than around it.

<Related />