Server-to-server (S2S) attribution and session measurement requires a custom in-app solution that replicates the Adjust SDK’s basic functionality. This S2S attribution checklist provides a rundown of the requirements for your in-app solution. Meeting these requirements guarantees the security of the information Adjust receives and the accuracy of reports.
Before you begin
Explore the Adjust SDK’s minimal extent of code required for attribution and session measurement. Integrating this code into your app is Adjust’s preferred method of attribution and session measurement. The code is easy to integrate and provides the functionality that your custom solution will have to replicate.
Follow the guides linked below to see the basic integration steps.
📖 Android / iOS / Windows / Adobe Air / Unity / Cordova / Marmalade / Xamarin / Cocos2d-x / React Native / Titanium / Corona
Checklist overview
Adjust’s server-to-server attribution checklist covers 5 requirements under 3 key areas (data integrity and security, advertising and device IDs, and third-party integrations). Every item is fundamental to accurate attribution and session measurement. Your in-app solution will have to reproduce the Adjust SDK’s basic functionality, which meets these requirements by default.
1. Maintain security and integrity
You must guarantee the security and integrity of the information your app creates, collects, and sends to your server by securing your requests and buffering information locally.
Secure app-to-server requests
Mobile app install fraud is prevalent within the mobile industry and has cost marketers billions of dollars. The first essential step to defending against mobile app install fraud is to secure your app-to-server requests. If you can’t guarantee your data’s security, Adjust can’t know whether the information it receives from your server is legitimate or not. This leaves you vulnerable to fraudulent data within your reporting.
If you don’t meet this requirement, you are susceptible to spoofed installs in your reporting and expenditure, which can negatively impact your ad budget. If you can’t guarantee the security of your requests, an s2s integration is discouraged.
How Adjust secures installs
Adjust secures every install through the Adjust SDK Signature. This signature is a cryptographic hash secured with an App Secret, which is implemented into the Adjust SDK and sent with every reported install. Adjust verifies this hash on every install and denies attribution to any traffic that can’t be verified.
Buffer information locally
Users might open your app for the first time (counted as an install) or trigger sessions while their device is offline. Accurate attribution is impossible if offline activity never reaches Adjust’s servers.
If you don’t meet this requirement any short outages such as 4G handovers, or longer periods without network or WiFi coverage will result in data loss. In total, 10–20% of installs don’t reach Adjust upon first attempt. If Adjust doesn’t receive this data, attribution is performed based on the current data, rather than what actually occurred.
How Adjust buffers information
The Adjust SDK places all in-app activity in a queue, so it can send the data to Adjust’s servers when a connection is available.
2. Collect and create advertising and device IDs
Android’s Google Play Store advertising ID (GPS_ADID) and iOS’s ID for advertisers (IDFA) are both advertising IDs. The device user can reset - or disable access to - both of these IDs. Therefore, Adjust also relies on device IDs and Universally unique identifiers (UUIDs) (iOS only) for attribution and session measurement. Both of these IDs can’t be reset by the end user without resetting their device.
Gather every possible advertising and device ID
Advertising IDs are resettable. Deliberate, repeated resetting of advertising IDs is common (for example: to cheat in-app reward systems). Also, around 15% of users on iOS have Limit Ad Tracking (LAT) enabled, thereby disabling access to their IDFA. For these reasons, Adjust relies on additional IDs to accurately attribute and continuously record in-app sessions.
If you don’t meet this requirement every session recorded without a previously recorded advertising ID or without an advertising ID (all LAT-enabled users on iOS) will be attributed as a new install.
How Adjust collects IDs
The Adjust SDK collects every legally available advertising and device ID by default. Adjust maps these IDs, so, if one is reset, the new ID can be mapped to other IDs already held the system for that user.
Generate a universally unique identifier and persist it to the device keychain (iOS)
When users reset their advertising ID, uninstall and reinstall your app, or enable LAT, Adjust won’t be able to retrieve their IDFA and/or IDFV. To continuously record users’ in-app sessions, Adjust relies on a permanent, locally generated UUID persisted to the device keychain. Adjust maps the UUID to other device information. This allows Adjust to seamlessly measure the user’s in-app activity when:
- A user enables LAT
- A user resets their advertising ID
- Adjust doesn’t receive the original advertising ID and/or ID for vendors (IDFV) on iOS
If you don’t meet this requirement any reporting is likely to include installs originating from device farms, where advertising IDs are continuously reset to simulate fresh installs. Any user who enables LAT will be attributed as a new install upon each session.
How Adjust manages UUIDs
Adjust generates a UUID upon install. This is mapped to other device information in Adjust’s systems.
3. Third-party integrations and additional data
Critical information required for attribution to Apple Search Ads, the Google Play Store and third-party app stores (for example: Amazon Appstore) can only be collected within your app through third-party integrations.
You must support the following:
Android
- Google Play Store referrer API.
- Collection of the instruction set for Dalvik VM detected through inflection.
- Deep link reattribution.
iOS
This information, collected within your app, must also be forwarded to Adjust immediately upon receipt to be considered for attribution.
Collect the necessary data for attribution across all sources
Adjust relies on the information sent through these integrations for accurate and comprehensive attribution and deeplink reattribution.
Without the Google Play Store referrer, Adjust will be unable to attribute:
- Over 50% of Android installs
- All Google organic search installs
- Any third-party app store installs
Additionally, click injection filtering won’t work. This will leave you vulnerable to a major source of mobile ad fraud on Android. Furthermore, without the instruction set for Dalvik VM, Adjust won’t know if installs originate from virtual devices.
Without the Apple Search Ads attribution API, Adjust will be unable to attribute:
- Apple Search Ads installs
How Adjust collects the necessary attribution data
The code required for these integrations is available in the Adjust SDK guides for Android and iOS. You can also enable deep link reattribution with the Adjust SDK by following the steps in the deep linking guides for Android and iOS.
Collection of the instruction set for Dalvik VM occurs automatically when the Adjust Android SDK is added to your app.