Skadnetwork

What is Skadnetwork?

SKAdNetwork is Apple’s privacy-focused framework for attributing mobile app installations to advertising campaigns. It provides ad networks and advertisers with aggregated, anonymized data on ad activity like clicks and installs, without revealing user-level or device-specific information, thus preventing certain types of click fraud.

How Skadnetwork Works

User Clicks Ad → App Store → App Install & Launch → 24-48hr Timer Starts → [User Activity] → Conversion Value Updated → Timer Resets → (Timer Ends) → Anonymized Postback Sent → Ad Network Receives Data

SKAdNetwork functions as a privacy-preserving attribution system operated by Apple. It verifies and attributes app installs to ad campaigns without revealing any personally identifiable user data. The process involves several key players: the publishing app (where the ad is shown), the ad network, the advertised app, and Apple’s App Store, which acts as the verifying intermediary. The core idea is to confirm that an install happened as a result of a specific campaign, but to delay and aggregate this data to prevent linking the install to an individual user.

Ad Interaction and Signature

When an ad is displayed and clicked in a source app, the ad network provides a cryptographic signature. This signature contains information about the campaign, like the ad network ID and campaign ID. This initial step ensures that the ad impression is legitimate and registered by the ad network before the user is redirected to the App Store. Apple’s system is the ultimate source of truth, directly vouching for the install.

Install Validation and Timers

After a user installs and launches the advertised app, the device communicates with Apple’s servers, not the ad network. Apple validates the installation and starts a 24-48 hour timer. This delay is a critical privacy feature; it disassociates the time of the install from the time the data is sent, making it difficult to link the activity back to a specific user. Any subsequent user activity that an advertiser wants to measure (via a “conversion value”) will reset this timer.

Anonymized Postback

Once the timer expires without any further updates to the conversion value, the device sends a single, anonymized “postback” notification to the ad network. This postback is signed by Apple, confirming its authenticity. It contains the campaign ID and, if privacy thresholds are met, a conversion value and the source app ID. It intentionally excludes any device-level identifiers or precise timestamps, preventing click fraud methods that rely on user-level data.

Diagram Element Breakdown

User Clicks Ad → App Store → App Install & Launch

This represents the initial user journey. An ad is clicked in a source app, which directs the user to the App Store, where they download and open the advertised app. This flow is the prerequisite for attribution.

24-48hr Timer Starts → [User Activity] → Conversion Value Updated → Timer Resets

This shows the on-device logic. Upon first launch, a timer begins. If the user performs an action mapped to a conversion value (e.g., completes a level), the app updates this value and the timer restarts. This allows a brief window to measure initial engagement.

(Timer Ends) → Anonymized Postback Sent → Ad Network Receives Data

This is the final attribution step. When the timer expires, the device sends the data to the ad network. The information is aggregated and anonymous, confirming a successful conversion for the campaign without revealing who the user was, thereby protecting their privacy.

🧠 Core Detection Logic

Example 1: Analyzing Conversion Value Patterns

This logic helps detect fraud by identifying non-human or anomalous patterns in post-install engagement. Since SKAdNetwork allows advertisers to receive a “conversion value” representing early user actions, sudden spikes in high-value conversions from a specific source app ID without corresponding lower-value events can indicate manipulation.

FUNCTION analyze_conversion_values(postbacks):
  LET source_app_patterns = {}

  FOR postback IN postbacks:
    source_app_id = postback.source_app_id
    conversion_value = postback.conversion_value

    IF source_app_id NOT IN source_app_patterns:
      source_app_patterns[source_app_id] = empty_list

    APPEND conversion_value to source_app_patterns[source_app_id]

  FOR app_id, values IN source_app_patterns:
    LET value_distribution = calculate_distribution(values)
    IF is_anomalous(value_distribution):
      FLAG app_id AS "Suspicious Conversion Pattern"
    
  RETURN flagged_apps

Example 2: Validating Postback Timestamps

While SKAdNetwork postbacks are intentionally delayed, analyzing the distribution of when they are received by the ad network can still be useful. A fraudulent actor attempting to replay or spoof postbacks might send them in unnatural batches. This logic detects unusual clustering of postback arrivals.

FUNCTION check_postback_timing(postbacks, time_window):
  LET postback_counts = initialize_time_buckets(time_window)

  FOR postback IN postbacks:
    reception_time = postback.received_timestamp
    bucket = get_time_bucket(reception_time)
    postback_counts[bucket] += 1

  LET average_count = calculate_average(postback_counts)
  LET standard_deviation = calculate_std_dev(postback_counts)

  FOR bucket_count IN postback_counts:
    IF bucket_count > (average_count + 3 * standard_deviation):
      TRIGGER_ALERT("Anomalous Postback Volume Detected")

  RETURN

Example 3: Hierarchical Source ID Anomaly Detection

SKAdNetwork 4.0 introduced hierarchical source identifiers (up to 4 digits), which advertisers use to encode data like campaign, ad placement, and creative. This logic checks if the reported source IDs from a publisher make sense. For example, receiving installs for a high-numbered creative ID without any corresponding installs for lower-numbered ones in the same campaign could indicate a problem.

FUNCTION validate_source_id_hierarchy(postbacks):
  LET campaigns = {}

  FOR postback IN postbacks:
    source_id = postback.hierarchical_source_id
    campaign_id = extract_campaign_from_source(source_id)
    creative_id = extract_creative_from_source(source_id)
    
    IF campaign_id NOT IN campaigns:
      campaigns[campaign_id] = empty_set

    ADD creative_id to campaigns[campaign_id]

  FOR campaign_id, creatives IN campaigns:
    IF has_missing_hierarchy(creatives): // e.g., creative '10' exists but '1-9' do not
      FLAG campaign_id AS "Source ID Hierarchy Anomaly"

  RETURN flagged_campaigns

📈 Practical Use Cases for Businesses

  • Campaign Measurement: Businesses use SKAdNetwork to measure the effectiveness of their iOS ad campaigns in a privacy-compliant way, understanding which ad networks and campaigns are driving installs.
  • Fraud Mitigation: The framework’s cryptographic signatures and Apple-validated postbacks inherently protect against common fraud types like install hijacking and replay attacks, ensuring advertising budgets are spent on real installs.
  • Early ROI Estimation: By mapping conversion values to key user actions (like registrations or first purchases), businesses can get an early, aggregated signal of user quality and estimate return on ad spend (ROAS) to optimize campaigns.
  • Publisher Quality Analysis: Advertisers can analyze the volume and quality (via conversion values) of installs coming from different publisher apps (source apps) to identify high-performing and potentially fraudulent partners.

Example 1: Source App ID Filtering Rule

A business can create rules to automatically flag or block publishers (source apps) that send a high volume of installs but consistently have null or low conversion values, which may indicate low-quality or fraudulent traffic.

// Logic to score and flag suspicious source applications
FUNCTION evaluate_source_app_quality(postbacks):
  LET sources = {} // Stores stats for each source_app_id

  FOR postback IN postbacks:
    source_id = postback.source_app_id
    conversion = postback.conversion_value

    IF source_id NOT IN sources:
      sources[source_id] = {installs: 0, non_null_conversions: 0}
    
    sources[source_id].installs += 1
    IF conversion IS NOT NULL AND conversion > 0:
      sources[source_id].non_null_conversions += 1

  FOR source_id, data IN sources:
    quality_ratio = data.non_null_conversions / data.installs
    IF data.installs > 100 AND quality_ratio < 0.05:
      FLAG source_id AS "Low Quality Source"

  RETURN flagged_sources

Example 2: Conversion Value Sequence Validation

For a gaming app, a legitimate user journey might be: Tutorial Complete (CV=1) -> Level 5 Reached (CV=2) -> First Purchase (CV=5). A rule can be set to identify postbacks with high conversion values (e.g., 5) that are not preceded by a corresponding volume of lower, introductory values from that same campaign, indicating bots that skip early steps.

// Logic to check for logical conversion funnels per campaign
FUNCTION validate_conversion_funnel(postbacks_by_campaign):
  LET flagged_campaigns = []

  FOR campaign_id, postbacks IN postbacks_by_campaign:
    LET cv_counts = count_conversion_values(postbacks)
    
    // Example: Expect at least 3 tutorial completions for every 1 purchase
    tutorial_completes = cv_counts.get(1, 0)
    first_purchases = cv_counts.get(5, 0)

    IF first_purchases > 0 AND (tutorial_completes / first_purchases) < 3:
      FLAG campaign_id AS "Unnatural Funnel Progression"
      APPEND campaign_id to flagged_campaigns
      
  RETURN flagged_campaigns

🐍 Python Code Examples

This Python code simulates validating SKAdNetwork postbacks. It checks if a postback has already been processed by looking up its unique transaction ID, which is a core technique to prevent duplicate attributions or replay fraud.

processed_transactions = set()

def is_postback_valid(postback):
  """
  Checks if the transaction ID is unique to prevent replay attacks.
  """
  transaction_id = postback.get("transaction-id")
  if transaction_id in processed_transactions:
    print(f"Fraud Warning: Duplicate transaction ID {transaction_id} detected.")
    return False
  
  processed_transactions.add(transaction_id)
  return True

# Example Postback
postback_1 = {"transaction-id": "a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6", "conversion-value": 10}
print(f"Postback 1 Valid: {is_postback_valid(postback_1)}")
print(f"Postback 1 Valid (Re-run): {is_postback_valid(postback_1)}")

This script analyzes a list of postbacks to detect abnormal click-to-install time patterns. While SKAN delays postbacks, significant deviations from expected, albeit anonymized, timing distributions for a given campaign could signal manipulation by a fraudulent publisher.

import statistics

def detect_timing_anomalies(postbacks, campaign_id):
  """
  Analyzes install-to-postback timestamps for a campaign to find outliers.
  """
  timestamps = [p.get("timestamp") for p in postbacks if p.get("campaign-id") == campaign_id]
  
  if len(timestamps) < 20: # Need enough data
    return

  mean_time = statistics.mean(timestamps)
  stdev_time = statistics.stdev(timestamps)

  for ts in timestamps:
    if abs(ts - mean_time) > 2 * stdev_time:
      print(f"Alert: Anomalous timestamp {ts} detected for campaign {campaign_id}.")

# Example Postbacks
campaign_postbacks = [
  {"campaign-id": 101, "timestamp": 86400},
  {"campaign-id": 101, "timestamp": 90000},
  {"campaign-id": 101, "timestamp": 150000} # Outlier
]
detect_timing_anomalies(campaign_postbacks, 101)

Types of Skadnetwork

  • SKAdNetwork 2.0: Introduced the core privacy-centric attribution model. It supported view-through attribution and provided a 6-bit conversion value (0-63) to measure post-install activity within a 24-hour window. This version established the foundation of delayed, anonymous postbacks.
  • SKAdNetwork 3.0: A minor but important update that added support for "loser" postbacks. Besides the winning postback sent to the ad network that won the attribution, up to five other networks that showed an impression could receive a notification that they did not win, providing more signals to the ecosystem.
  • SKAdNetwork 4.0: A major evolution that introduced several key features. It replaced the campaign ID with a four-digit "hierarchical source identifier" for more campaign granularity and introduced "coarse-grained" conversion values (low, medium, high) for when privacy thresholds aren't met.
  • Multiple Postbacks (SKAN 4.0): This version allows for up to three separate postbacks over different time windows (0-2 days, 3-7 days, and 8-35 days). This gives advertisers a longer, albeit still limited, view into user lifecycle value and engagement beyond the initial install activity.
  • Web-to-App Attribution (SKAN 4.0): Extended SKAdNetwork support to attribute app installs that originate from ads clicked on websites in Safari. This closed a significant gap, allowing for privacy-safe attribution from web-based mobile advertising campaigns.

🛡️ Common Detection Techniques

  • Cryptographic Signatures: Every ad interaction registered by SKAdNetwork is cryptographically signed by Apple. This ensures that postbacks are authentic and have not been altered or fabricated by malicious actors, which is fundamental to preventing attribution fraud.
  • Anonymous Aggregated Reporting: The framework intentionally delays and aggregates install data, sending back a single postback after a timer expires. This prevents fraudsters from using device-level data to perform click injection or generate fake installs tied to specific users.
  • Conversion Value Analysis: Advertisers analyze patterns in the 6-bit conversion value. If a publisher sends a high volume of installs with no conversion value, or if the distribution of values seems illogical (e.g., many high-value events without preceding low-value ones), it can indicate bot activity.
  • Hierarchical Source ID Validation: With SKAN 4.0, advertisers can analyze the four-digit source identifier. Anomalies, such as receiving data for creative ID 40 without any data for creatives 1-39 in the same campaign, can point to reporting manipulation or fraud.
  • IP Address Verification: While the postback is anonymous, the initial recipient (the ad network) can check the sender's IP address. If a large number of postbacks originate from a small set of server IP addresses instead of residential IPs, it can be a strong indicator of fraudulent activity.

🧰 Popular Tools & Services

Tool Description Pros Cons
Mobile Measurement Partner (MMP) Platforms These platforms aggregate SKAdNetwork data from all ad networks, manage conversion value mapping, and provide unified dashboards for analysis. They enrich SKAN data with other metrics like ad spend for ROI analysis. Centralized reporting, simplifies conversion value setup, provides tools for data decoding and validation. Adds cost, reliant on ad networks forwarding postbacks correctly, can't overcome inherent SKAN data limitations.
Ad Network SKAN Solutions Major ad networks (like Google, Meta) provide their own tools to manage and report on SKAdNetwork campaigns running on their platform. They handle ad signing and postback reception directly. Direct integration, no extra cost, may offer platform-specific optimization features. Creates data silos (no cross-network view), reporting is not standardized, less transparency into postback data.
SKAN Data Analytics Dashboards These are business intelligence (BI) tools or specialized services that focus on visualizing and analyzing raw SKAdNetwork data. They help identify trends, anomalies, and performance insights from the limited dataset. High degree of customization, powerful visualization, can merge SKAN data with other business metrics. Requires technical expertise to set up, does not collect the data itself, can be expensive.
Conversion Value Management Systems Specialized tools, often part of an MMP, that help advertisers strategically map the 6-bit conversion value (0-63) to different user events and revenue buckets to maximize insights from the limited data. Optimizes use of limited conversion values, offers flexible mapping models, helps in early LTV prediction. Complexity in setup, effectiveness depends heavily on the chosen mapping strategy.

📊 KPI & Metrics

When deploying SKAdNetwork, it's crucial to track metrics that reflect both the technical success of attribution and the ultimate business impact. These KPIs help advertisers understand campaign performance within the constraints of Apple's privacy framework and optimize their ad spend effectively, even with aggregated and delayed data.

Metric Name Description Business Relevance
SKAN Installs The total number of app installs attributed by Apple's SKAdNetwork framework. Provides a baseline, fraud-resistant measure of campaign reach and conversion volume.
Cost Per Install (CPI) Calculated by dividing the total ad spend by the number of SKAN Installs. Measures the cost-efficiency of user acquisition campaigns under the SKAN framework.
Conversion Value (CV) Distribution The breakdown of how many users achieved each of the 64 possible conversion values. Indicates the quality of acquired users by showing engagement with post-install events.
Return on Ad Spend (ROAS) An estimation of revenue generated from users, calculated based on conversion values mapped to revenue buckets. Helps measure profitability and make budget allocation decisions across different campaigns.
Null Conversion Value Rate The percentage of installs that came with a "null" conversion value, often due to Apple's privacy thresholds. Can indicate issues with low campaign volume or highlight publishers that fail to drive engaged users.

These metrics are typically monitored through dashboards provided by Mobile Measurement Partners (MMPs) or ad networks. Real-time monitoring is not possible due to SKAN's intentional delays. Feedback from these metrics is used to adjust campaign bids, reallocate budgets, and refine the conversion value models to better capture user quality.

🆚 Comparison with Other Detection Methods

Accuracy and Granularity

Compared to traditional attribution using device identifiers (like IDFA), SKAdNetwork is less granular by design. It does not provide user-level data, making it impossible to build detailed user journey funnels. However, its attribution is deterministic and vouched for by Apple, which makes it highly accurate in confirming an install occurred and preventing fraud like click injection, where IDFA-based methods could be spoofed.

Data Availability and Speed

SKAdNetwork operates on a delay, with postbacks sent at least 24-48 hours after the event. This contrasts sharply with identifier-based attribution or fingerprinting, which provide data in near real-time. This delay makes rapid, real-time campaign optimization impossible with SKAdNetwork. The data is also limited to a few data points, whereas other methods provide rich data including precise timestamps, clicks, and impressions.

Fraud Prevention

SKAdNetwork's core architecture offers robust protection against many common forms of ad fraud. The cryptographic signatures prevent data manipulation, and Apple's role as the central validator stops fake install claims. Signature-based filters can be bypassed, and behavioral analytics may require large datasets to be effective. SKAdNetwork's prevention is built into the attribution logic itself, making it more secure against attribution-level fraud.

⚠️ Limitations & Drawbacks

While SKAdNetwork provides a privacy-safe attribution solution, its design introduces several significant limitations for advertisers. These drawbacks stem primarily from the intentional restrictions on data granularity and timing, which can make campaign optimization and measurement challenging compared to traditional methods.

  • Delayed Data: Postbacks are sent with a minimum 24-48 hour delay, which prevents real-time campaign optimization and decision-making.
  • Limited Data Granularity: The framework provides very limited data, with no user-level insights and a maximum of 100 campaign IDs (though SKAN 4.0 improves this), making it hard to measure creative or ad placement performance.
  • No LTV Measurement: The short, limited window for conversion values makes it nearly impossible to measure the long-term lifetime value (LTV) of users, a critical metric for many businesses.
  • Complex Conversion Value Logic: Mapping valuable user actions to a single 6-bit number (0-63) is complex and requires careful strategic planning to extra meaningful insights.
  • No Retargeting Support: The framework is designed for install attribution and does not support retargeting or re-engagement campaigns, as it cannot identify existing users.
  • Privacy Thresholds: If a campaign does not generate enough installs, Apple will not return a conversion value or source app ID to protect "crowd anonymity," leaving data gaps.

Due to these limitations, businesses often need to rely on predictive analytics and aggregated data modeling to fill in the gaps left by SKAdNetwork.

❓ Frequently Asked Questions

How does SKAdNetwork actually prevent ad fraud?

SKAdNetwork prevents fraud primarily through cryptographic verification. Apple signs every valid install postback, ensuring it's authentic and not fabricated. The anonymized and delayed nature of the data also makes it extremely difficult for fraudsters to execute common schemes like click injection or device farming tied to specific user profiles.

Can I track individual users with SKAdNetwork?

No, you cannot. The entire framework is designed to prevent user-level tracking. All data is aggregated and anonymized, and device identifiers are never shared. Its purpose is to measure campaign effectiveness without compromising individual user privacy.

What is a conversion value and why is it limited?

A conversion value is a number between 0 and 63 (a 6-bit value) that advertisers can use to track a limited set of post-install user actions, like "registration" or "level complete". It is limited to prevent it from being used as a unique identifier, ensuring that not too much information about a user's behavior can be passed back.

Why are my SKAdNetwork install numbers lower than what my tracker shows?

This can happen for several reasons. SKAdNetwork has strict attribution windows and does not support all attribution methods, like web-to-app on older versions or certain types of re-engagement. Additionally, there is no deduplication between SKAN-reported installs and those measured by other methods, which can cause discrepancies.

Do I need user consent (ATT) to use SKAdNetwork?

No. SKAdNetwork is Apple's solution for attribution that works independently of the App Tracking Transparency (ATT) framework. Because it does not collect user-level data or track users across apps, it does not require the user to opt-in via the ATT prompt.

🧾 Summary

SKAdNetwork is Apple's privacy-preserving framework for mobile ad attribution on iOS. It allows advertisers to measure app install campaign success by providing aggregated, anonymous data directly from Apple, without revealing user-specific information. Its core function is to prevent fraud through cryptographic signatures and eliminate user-level tracking, forcing a shift towards privacy-centric, aggregate performance analysis in the mobile advertising ecosystem.