The adtech industry has underlying issues with accountability despite striving to accommodate increasing expectations around transparency. There is a need for standardizing accreditations and third-party verification to boost market confidence around safe solutions, says Jeff Sue, general manager of Americas, Mintegral.Â
There is a growing need for adtech companies to evolve their practices to increase market confidence around safe solutions. While numerous companies push to accommodate heightened expectations around trust and transparency, underlying issues with accountability remain, specifically regarding user security, privacy, and industry self-regulation.
These issues need to be dealt with, especially for those companies looking to survive the constant waves of regulation and platform changes. The truth is, there is an increasing need for third-party certification partners to prove compliance with standards the industry has come to expect and that users deserve. Additionally, there must be a shift in mindset as third-party verification is only granted to companies that ‘opt-in’. No longer can deferring decision-making to a respective partner be a concrete solution. We advocate for the mobile ad industry to standardize accreditations, which is a safer and more transparent path forward.
Learn More: Better Together: How To Pair Programmatic and Paid Search
How To Standardize Accreditations
So, this begs the question, “how can the industry come together to create a set of standards and validation that customers and consumers expect?†As it exists now, developers are shipping out SDKs with inadequate review of core requirements. Put simply, if a partner platform claims an SDK is fine and has it as an option, developers often just assume it is safe to use.
Open-sourcing an SDK is an obvious fix to many issues that may plague it. Extensive audits of open-source SDKs are offered by cybersecurity firms such as WhiteSource, which give a security risk analysis and help expose any potential vulnerabilities. However, it is logical that some companies do not want to divulge their intellectual property, and those companies should have the onus put on them for extra transparency amongst their partners and users.Â
“By open sourcing the SDK, the data collection behaviors are more readily observable, and therefore it is harder to surreptitiously collect data from apps. In our work auditing apps for privacy issues, one common problem is that app developers are simply unaware of the data that the third-party SDKs embedded in their apps are collecting.†said Serge Egelman, director, Usable Security & Privacy Group, International Computer Science Institute (ICSI).
Whether a company looks to open source or not, a third-party test and review of the SDK by a digital advisory partner is a step in the right direction of reinforcing privacy procedures. With the much talked about release of iOS 14, it would seem like a good time for the industry to consider this avenue. Successful reviews typically assess an SDK’s data privacy standards, a source code review focused on potential vulnerabilities, and identifying any potential methods of either storing or transmitting Personally Identifiable Information (PII).
Beyond open-source SDK security, there are a few organizations offering additional certifications geared towards viewability. The Trustworthy Accountability Group (TAG), for instance, offers intensive compliance programs to combat invalid traffic in the digital advertising supply chain. Companies that abide by the Certified Against Fraud Guidelines receive the Certified Against Fraud Seal and use the seal to publicly communicate their commitment to combating fraud.
Learn More: The Evolution of Advertising and What It Means for 2021
The IAB Tech Lab goes a step further, offering certifications that provide third-party viewability and complete verification of ad traffic. This certification pays dividends, as compliance with this standard eliminates time-consuming and costly custom integrations of measurement vendors’ SDKs. The open-measurement certification is ensured by the implementation of technical requirements, such as sellers.json and SupplyChain Object. By adding support for these two new standards, certified partners provide a more transparent supply chain, particularly around the supply side of real-time bidding and programmatic buying. Also, because more inventory can be measured, publishers can provide better inventory that attracts advertisers — ultimately securing stronger offers at higher eCPMs and increasing their revenue.
Without swift and efficient third-party verification — especially tied to security, monetization metrics, and privacy — both developers and networks suffer financially from their ad campaigns being paused due to irregularities that were later deemed benign. Although it might be difficult to mandate that all SDKs receive third-party verification, it makes those who do get it stand out as a more transparent and safe option.