AttributionCross-ChannelCross-PlatformFingerprintingPersona Graph

Mobile Attribution 102: Building Attribution 2.0

By May 1, 2019 No Comments

This is part 2 in a 3-part series on why the era of the “mobile attribution provider” is coming to an end – and what we can expect from Attribution 2.0. For chapter 1 & 2, read part 1 here. The full article was originally published by Hacker Noon.

We’re exploring Branch’s perspective on an ideal Attribution 2.0 solution in five chapters. Today, we’ll cover chapter 3 and 4:

  1. What does “attribution” even mean? A brief history of marketing attribution, including offline, digital, and mobile.
  2. How mobile attribution providers became blind. The reason why these platforms are rapidly losing the ability to do their job.
  3. The future of attribution. How a “persona graph” provides reliable and accurate measurement everywhere.
  4. Reviewing traditional attribution techniques. A deep dive into how measurement worked in the single-platform worlds of websites and apps.
  5. The next generation: a persona graph. Why a persona graph works, and how we built one at Branch.

Chapter 3: The future of attribution

This chapter explores the new industry trend toward “people-based attribution” before introducing a truly comprehensive solution: a persona graph.

The digital ecosystem is quickly approaching a breaking point. For example, want to run an email campaign to drive in-app purchases? You’re out of luck with traditional mobile attribution providers; they’re from an older generation that can’t measure email. How about a QR-code campaign in an airport where everyone is sharing public wifi? The ambiguity of fingerprint matching — the only legacy methodology they can use to attribute a user journey like this — will undermine your campaign performance.

The future of mobile attribution isn’t just about apps and ad-driven installs; in fact, it isn’t even just about measurement.Click to Tweet

The people-based attribution trend

A number of mobile attribution providers have recently begun jumping on the bandwagon of “people-based attribution.” In plain English, this means expanding scope to consolidate all the interactions and conversions of each user, regardless of where those activities occur.

This is a significant improvement — at least it shows the industry is beginning to acknowledge the problem! — but the devil is in the details: these “people-based” solutions aren’t all created equal, and most of them share the same critical flaws: they still rely on inaccurate matching methods, and they’re only built to provide passive measurement.

In other words, these systems may call themselves “people-based,” but they’re really just smoke and mirrors. The future of mobile attribution isn’t just about apps and ad-driven installs; in fact, it isn’t even just about measurement. Any system built on top of these two assumptions is fundamentally unsuited to the realities of the modern digital world.

The foundation of Attribution 2.0: a persona graph

Fragmentation isn’t a new problem for attribution. Even in the good old days of desktop web, a user might have two different web browsers installed. Or multiple computers. Or they might be using a shared computer at the public library. But this sort of fragmentation was a minor thing that could be filed away with all the other small, discrepancy-causing unmentionables (like incognito browsing mode) that are rarely worth the effort for marketers to address.

Things are different now. Like the frog that doesn’t realize it’s in a pot heating on the stove until it’s too late, fragmentation across channels, platforms, and devices is about to reach the boiling point. This is a data-sucking monster that costs customer loyalty and real money. No serious company can afford to ignore it.

The problem is that traditional attribution methodologies (things like device IDs and web cookies) are siloed inside individual ecosystem fragments. Existing attribution systems see each of these channel/platform/device fragments in isolation, as disconnected and meaningless points.

To fix this problem, what we need now is to zoom way, waaay out. We need a system that lives on top of all this fragmentation, stitching the splintered identity of each actual human customer back together into a cohesive whole, across channels and platforms and devices.

What we need is a Persona Graph. A shared, privacy-focused, public utility that serves the identity needs of everyone in the ecosystem.

This sort of collaboration is hardly a new idea (just think of any service that provides salary comparisons by aggregating the data submitted by individual users), but it has never before been applied as a solution to the challenge of accurate attribution.

Building Attribution 2.0

The world of attribution is full of gnarly problems with no single correct solution: things like attribution windows (e.g., “is my ad really responsible for purchases that happened six weeks later?”) and attribution models (e.g., “how do I decide which interactions deserve credit when there are more than one?”) and incrementality (e.g., “did my ad campaign cause the customer to purchase, or would they have done it anyway?”). These lead to difficult questions for any system.

However, before we can even begin to discuss more sophisticated topics like these, the three basics have to be solid: capturing user <> brand interactions, counting user conversions, and linking interactions back to the conversions that drove them. In today’s fragmented digital ecosystem, it’s no longer safe to take that for granted.

In many cases, mobile attribution providers still rely on matching techniques that are essentially semi-educated guessing.Click to Tweet

Here’s why traditional mobile attribution solutions fall short in all three areas:

They miss a lot of interactions. Attribution 2.0 needs to catch activity for every kind of campaign (whether owned, earned, or paid), which means reliably covering every inbound channel. Unfortunately, mobile attribution providers are still living in a world where ads are the only channel in town.

They also miss a lot of conversions. Attribution 2.0 needs to catch conversions everywhere businesses have a presence. Users download mobile apps, but they also convert on websites, inside desktop apps, on smart TVs, in stores, and more. Mobile attribution providers still treat all of these other platforms as second-class citizens…if they’re even covered at all.

They’re not very good at linking interactions and conversions.Attribution 2.0 needs to understand the connection between activity (cause) and conversion (effect), otherwise, the only result is a mess of isolated event data. In many cases, mobile attribution providers still rely on matching techniques that are essentially semi-educated guessing.

Attribution 2.0 needs to understand the connection between activity (cause) and conversion (effect), otherwise, the only result is a mess of isolated event data. In many cases, mobile attribution providers still rely on matching techniques that are essentially semi-educated guessing.

Chapter 4: A review of traditional attribution techniques

This chapter describes the methods used to provide single-channel attribution for websites and apps — the same methods that are now falling short in a multi-platform world.

The ultimate solution to these problems is a persona graph. But before we get into the details of how it works, let’s revisit the world as it exists today; many of these techniques are still important pieces of the persona graph solution, even if they are no longer enough when used alone.

Traditional attribution techniques for the web

On the web, a variety of techniques make attribution possible, including URL decoration, the HTTP referer (yes, it really is spelled that way in the official specification), and cookies.

URL decoration

Everyone who has ever clicked a shortened URL (e.g., or wondered why the address of the blog post they’re reading has an alphabet soup of nonsense words at the end (utm_channel, mkt_tok, etc.) is already familiar with this technique. URL decoration is simplistic and often requires manual effort, but it has survived because it just works: encoding attribution data directly into a link the visitor will click anyway is a robust and surefire way to make sure it gets passed along. This is why you’ll often encounter URL decoration in mission-critical attribution situations where durability is key, such as search ads or links in an email campaign.

The HTTP referer

When you click a link, your browser often tells the server where you were right before you clicked. This technique has a number of limitations that make it less robust than URL decoration (notably that it can be faked or manipulated by users, and the origin website can intentionally block it), but the biggest advantage for attribution is that it’s automatic. This makes the HTTP referer a popular choice for “nice-to-have” measurement, like tracking which social media sites send you the most traffic.

Cookies for basic identification

Techniques like URL decoration and the HTTP referer let you determine how a visitor arrived on your website, but they disappear after that initial pageview. This makes it impossible to rely on either of them alone for attributing conversions back to campaign interactions. Fortunately, there is a solution for this: cookies.

Today, even casual internet users know what cookies are: little pieces of data that browsers remember on behalf of websites. They have many uses, but one of the most common (and the most important for attribution) is storing a unique, anonymized ID. These IDs don’t contain any sensitive info, but the effect is much like sticking a name tag on each visitor: they make it possible to recognize every request by a given browser — including down-funnel conversions like purchases — and attribute them back to the original marketing campaign.

Advanced cookies

Pretty much every web-based measurement or analytics tool on the market today uses cookies to some degree, and basic identification was just the beginning — cookies have long been used for other, more sophisticated purposes. One of the most common is cross-site attribution, which works like this:

For obvious security and privacy reasons, browsers restrict how cookies can be set and retrieved. After all, no one would be happy if Coca-Cola had the power to mess with Pepsi’s cookies. To prevent this, cookies are scoped to individual domains, and web browsers only give cookie permissions to domains that are involved in serving the website. This means that unless tries to load a file from, Pepsi’s cookies are secured against anything devious taking place [attempts to defeat these protections are part of a large infosec topic known as “cross-site scripting attacks,” or XSS for short].

Cookie security is a necessary and good thing, so the web ecosystem has figured out a number of creative ways to perform cross-site attribution within these limitations. For example, if Pepsi wants to run ads on both and, then everyone agrees to allow a neutral third-party domain (in the world of web-only attribution, often owned by an ad network) to place a cookie that is accessible across all three of these websites. The end result is that the third-party ad network can recognize the same user across every site involved, and leverage that data to provide attribution for their ads. To help increase coverage, it’s even become standard industry practice for these third-parties to share their tracking cookies with each other (a process called “cookie syncing”).

However, the tide is starting to turn against cookie-based attribution networks. Due in part to end-user outrage triggered by “creepy ads,” major web browsers have implemented restrictions on cookies: ITP on Safari, ETP on Firefox, and even Chrome is reported to be working on something similar. Third-party ad blockers and privacy extensions pick up where the built-in functionality stops, and new privacy-focused legislation around the world (such as GDPR) continues to restrict what companies can implement.

Traditional attribution techniques for apps

Mobile attribution providers rely on two techniques for matching installs back to ad touchpoints: device IDs, and fingerprinting.

Device IDs

Every mobile device has a unique, permanent hardware ID. In the early days, it was common practice for app developers (including, by extension, attribution providers and ad networks) to access these hardware IDs directly, and one of the common use cases was ad attribution.

However, while “unique” is a good thing for attribution accuracy, “permanent” leads to obvious privacy concerns. Apple recognized this in 2012, and closed off developer access to these root-level hardware IDs. As a replacement, app developers got the IDFA (ID For Advertisers) on iOS. Google quickly followed with the GAID (Google Advertising ID) on Android. The IDFA and GAID are still unique to each device, making them a good solution for attribution, but give additional privacy controls to the end-user, such as the ability to limit access to the ID (“Limit Ad Tracking”) or reset the ID at any time, much like clearing cookies on the web.

Device IDs are a “deterministic” matching method. This means there is no chance of incorrect matching, because the device ID on the install either matches the device ID on the ad touchpoint…or it doesn’t. No ambiguity. Because of this guaranteed accuracy, device IDs remain the attribution matching technique of choice, whenever they are available.

Unfortunately, device IDs are not always available. This issue crops up in many situations, but here’s the big one: device IDs are off-limits to websites. This makes them a single-platform matching technique — they only work for attribution when the user is coming from an ad that was shown inside another native app.

This left the mobile ecosystem with a problem: since device IDs are siloed inside apps, and cookies are equally limited to just the web, how to bridge the gap and perform attribution when a touchpoint happens on one platform and a conversion happens on the other?


To solve this problem, the mobile attribution industry turned to a technique known as “fingerprinting”. While fingerprinting had long existed as a niche solution on the web (often used to help fight fraud), app attribution took it mainstream.

By now, most marketers — and even many savvy consumers — are familiar with how fingerprinting works: various pieces of data about the device (model number, OS version, screen resolution, IP address, etc.) are combined into a distinctive digital signature, or “fingerprint.” By collecting the same data on both web (when the ad or link is clicked) and app (after install), the attribution provider is theoretically able to identify an individual user in both places.

While this solves the immediate challenge of tracking a user from one platform to another, there are two important catches:

Fingerprinting is a “probabilistic” matching method. No matter how confident you may be that two fingerprints are from the same user, there’s always a chance that you’re wrong. There’s always an element of guesswork involved.

Fingerprints go stale. Much of the data used to generate fingerprints can change without warning, which means they begin going stale as soon as they’re created. This degradation is exponential, and most mobile attribution providers consider a fingerprint-based match to be worthless after 24 hours.

In the early days of app attribution, most marketers saw the ambiguity inherent in fingerprinting as a manageable risk (and it was certainly better than the alternative, which was no attribution at all). However, this ambiguity has become harder and harder to ignore over time: today, there are simply too many people with the latest iPhone and the most recent version of iOS, all downloading apps via the same AT&T cell phone tower in San Francisco.

For part 3, read Mobile Attribution 103: The Rise of Persona Graph.

Branch is a mobile linking platform providing unified mobile experiences and measurement for more than 50,000 mobile apps, including Airbnb, Pinterest, BuzzFeed, Tinder, Foursquare, Yelp, and Sephora. Branch’s linking platform can help you grow your mobile app through features like deep linking, sharing, referrals, mobile banners and interstitials, custom app onboarding, and unified attribution across platforms and channels. Learn more about Branch or contact sales today.
Request Demo Create Links