Let’s talk surveillance marketing and mobile apps for a moment. We are all familiar with the odd sensation of having shopped online only to have the item we looked at suddenly appear in our social feed or “follow” us around the web. Ads then appear on Facebook or Instagram, on the side of your email account and just about any other site you visit.
As data privacy remains at at the forefront of concern among consumers, marketers need to be aware of what information their apps are collecting and how that information is being shared while making sure customer perceptions about the app's privacy policies match the reality.
To shed some light on the topic, we did some research about the domain connections popular health and fitness apps are making which could signal data sharing and the results are troubling. Health related marketers should consider the results, understand how their apps compare and take steps to mitigate data breach risk.
Health and Fitness Apps are Connecting to Mysterious Third-party Domains
While marketing teams at health and fitness companies need stay a step ahead of privacy challenges and prevent data leaks and public relations disasters, they also need to be able to promote and measure app installs and app reengagement. Some first-party domain connections are required for the app to function but it's those mysterious third-party connections that cause concern.
The apps we analyzed included popular brands like Fitbit, Nike Run Club, Aetna Health, Kaiser Permanente and 23andme. For each test, the app was downloaded and and opened only once without registering in order to understand the starting set of network connections. The phone also had the setting 'Allow Apps to Request to Track' set to the off position.
Surprisingly, we found on average 13 network connections are still being made when permission to track is not granted and 80% are to third-party domains while only 20% are to the brand's domain (first-party).
In our sample of apps, Yoga - Daily made the highest number of connections at 22 with 73% being third-party connections while NYC COVID SAFE made the fewest number of connections (2), with both being third-party.
Consumers can now easily see these domain connections. If your app's third-party connections are not easily identified or understood or even worse only reveal a mysterious IP address, consumers may decide to uninstall your app in fear that their data is being compromised in some way and wondering:
- Why is the app connecting to these domains?
- Who owns these third-party domains my app is connecting to?
- Is my app data being shared with other companies without my permission?
Moving Forward: Make Sure Perceptions Match Reality
Trust is fundamental to building long-term relationships with users. If your app lacks clear transparency into its third-party connections inlcuding which are collecting and sharing data and why, your customers may not view your app as worth the risk.
Apple’s efforts to increase transparency for end users will likely continue and may ultimately help you and your marketing team answer these questions. For now, look at the network connections your app is making just as your customer would and consider the data privacy perception you're creating.
Simply open your iPhone’s settings and select ->Privacy ->App Privacy Report and if you and your marketing team do not understand why the connections are being made, have a meeting on the topic with your app development team and discuss the following questions:
- Are these third-party connections reflecting poorly on our brand?
- In light of privacy changes do I need all the SDKs currently installed in my app which are likely making these connections?
- Could these SDKs be collecting and sharing data with brokers without our knowledge?
- Are third-party companies using my app’s data to create device-level profiles which circumvents Apple’s privacy policies?
- Can any of these SDKs be replaced with privacy-first, codeless solutions?
Use the information to turn privacy into a competitive advantage and avoid data breaches by minimizing network connections. If a third-party marketing solution requires an SDK, the company typically needs your app data to feed their business model but these solutions are proving less valuable today as Apple and Google tighten privacy policies. Create a privacy-first data strategy and use privacy-first marketing tools that help you increase installs and engagement without sacrificing consumer trust.
Cloud-based, privacy focused solutions like URLgenius don't need to make domain connections that will raise suspicions among your customers. Regardless of the channel or use case, your links and QR codes will increase app installs and engagement without ever tracking your customers around the internet or sharing your app data.
Check out the research report across app categories and contact us for a free evaluation of the domain connections your app is making compared to other apps in your category. We can guide your team on how to minimize these connections while finding ways to help you exceed your app install and app reengagement targets.