Fingerprinting (Probabilistic Attribution)

Fingerprinting (also called probabilistic attributionGlossaryProbabilistic AttributionAttribution that statistically estimates which ad click drove an install using non-unique signals (IP address, user agent, timestamp) when a deterministic device ID... or statistical attribution) is the practice of identifying devices probabilistically based on combined signals — IP address, device model, OS version, screen size, language settings, time zone, sometimes installed-app list — rather than via deterministic identifiers like IDFAGlossaryIdentifier for Advertisers (IDFA)Apple's per-device advertising identifier — historically used for deterministic ad attribution, now only available when the user explicitly opts in via App Tracking... or GAIDGlossaryGAID (Google Advertising ID)Google's per-device advertising identifier on Android — the equivalent of Apple's IDFA. Still broadly available in 2026, but Privacy Sandbox for Android will eventua.... The technique was widely used as an iOS attribution workaround in 2021-2023, after ATTGlossaryApp Tracking Transparency (ATT)Apple's iOS 14.5+ framework requiring apps to display a system prompt and obtain user consent before accessing the IDFA or tracking the user across other apps and we... made the IDFA opt-in.

How fingerprinting worked

• Ad networkGlossaryAd NetworkA platform that aggregates ad demand from many advertisers and matches it to publisher inventory through real-time auctions. captures device signals at ad click (IP, device model, OS, screen, etc.).
• MMPGlossaryMobile Measurement Partner (MMP)A third-party attribution provider (AppsFlyer, Adjust, Singular, Branch, Kochava) that adjudicates which ads drove which installs across multiple ad networks, with i... captures the same signals when a new install happens.
• A probabilistic matching algorithm scores: "is this install likely the same device that clicked the ad earlier?"
• High-probability matches get attributed; low-probability matches don't.

Effectiveness depended on signal richness — more device signals → more accurate matching. Pre-ATT, fingerprinting was a useful fallback when IDFA was unavailable; post-ATT, it briefly became the primary iOS attribution alternative for 60-80% of users who opted out.

Why Apple restricted fingerprinting

• ATT's goal was to make users opt in to tracking. Fingerprinting circumvented that goal — tracking continued without user consent.
• Apple's App Store Review Guideline 5.1.2 explicitly prohibits using device signals to track users for advertising purposes when the user has opted out of ATT.
• Apple progressively enforced this between 2021-2024 — first warning developers, then rejecting app updates that included fingerprinting SDKs.
• Major MMPs (AppsFlyer, Adjust, Singular, Branch) all rolled back fingerprinting-based attribution features.
• By 2024, fingerprinting was effectively non-viable for any app distributed through the App Store. Apps that continued faced removal.

What replaced fingerprinting

• SKANGlossarySKAdNetwork (SKAN)Apple's privacy-preserving attribution framework for iOS — returns install credit to ad networks with a deliberate delay and aggregation, without exposing any device... (SKAdNetwork) — Apple's privacy-preserving attribution. Aggregated, delayed, conversion-value-encoded. The legitimate iOS attribution path.
• First-party signal — CRM, email, login-based identifiers that carry across web → app or paid-channel → install with user consent.
• Apple Search AdsGlossaryApple Search Ads (ASA)Apple's ad platform for promoting apps in App Store search results and other App Store placements. The highest-intent paid acquisition channel on iOS. Attribution API — first-party attribution for ASA campaigns.
• Probabilistic modeling at the aggregate level — for measurement (not attribution), modeling channel-level contribution from aggregated data (MMMGlossaryMarketing Mix Modeling (MMM)A statistical method that estimates how each marketing channel contributes to overall installs / revenue, using aggregated data — no user-level identifiers required.-style) is allowed.

The Android picture — fingerprinting is less restricted on Android, but Privacy SandboxGlossaryPrivacy Sandbox (Android)Google's multi-year initiative to introduce privacy-preserving alternatives to GAID-based ad tracking on Android — the platform's eventual SKAN equivalent. for Android (full rollout ~2027) will introduce similar restrictions. Most reputable MMPs are de-emphasizing fingerprinting on Android too in anticipation. Apps that build their attribution stack around fingerprinting are building on sand.