iOS 17 Link Tracking Updates

iOS 17 Link Tracking Updates: What Marketers Need to Know

10-24-2023

Apple’s Worldwide Developers Conference unveils the latest tech every year, but there’s always something extra for marketers to look for. This year, the buzz was all about the new feature in the iOS17 update: Link Tracking Protection. It automatically detects user-identifiable tracking parameters in URLs. It removes them when you’re in Safari’s Private Browsing, Apple Messages or Mail while allowing the links to remain functional for consumers.

An Apple statement read: “Some websites add extra information to their URLs in order to track users across other websites. Now this information will be removed from the links users share in Messages and Mail, and the links will still work as expected. This information will also be removed from links in Safari Private Browsing.”

The first developer beta of iOS 17 was released in June 2023, the first public beta was released in July 2023, and it was officially released to all users on September 18, 2023 — though not all users update their phones immediately.

To understand the magnitude of this update, consider this: As of June 2023, Apple dominates the U.S. smartphone scene, capturing 56.9% of the market. That translates to around 124.7 million users. Given the massive popularity of iPhones, it’s no surprise that Safari is the preferred mobile browser in the U.S., with usage rates over 55.85%.

What Does This Mean for Marketers?

Marketers often work with UTMs (Urchin Tracking Modules) as platforms like Facebook, Google and various affiliate networks use them in links to trace a user’s path during their buying process. But with the new update typical UTMs — which cover details like source, medium and campaign — won’t be touched.

These UTM parameters don’t function like unique personal identifiers. They give a broad view of how a user gets to a website. However, specifics like Facebook click IDs, Google Click Identifiers (GLICDs), Mailchimp email IDs and similar identifiers will be removed from the links. This transition directly impacts marketing efforts and attribution strategies in several key areas:

Targeting capabilities: Several ad platforms lean on unique user identifiers for audience building, such as lookalike modeling and retargeting. With the introduction of Link Tracking Protection, these identifiers will be removed, complicating these targeting efforts.
Reporting: When users click on an ad and then visit a site through Safari Private Browsing, tracking parameters used by ad networks, such as Google Ads and Facebook Ads, will be removed from link URLs. This shift will challenge the platform’s capacity to collect precise reporting data on user activity, like click-through rates, engagement rates and conversion rates, especially for those who depend on built-in reporting features.
Campaign attribution: Marketers typically depend on tracking parameters to analyze link clicks and measure their campaigns’ successes. Removing these parameters means identifying and attributing conversions and website visits to specific campaigns will be more challenging.

Apple has integrated its Private Click Measurement (PCM) tool into Safari’s Private Browsing to help advertisers adjust to these shifts. PCM values user privacy, aiming to track click-through conversions without revealing personal user data.

Initially, it was only accessible in Safari’s non-private browser and iOS/iPadOS apps for devices using iOS 14.5 or later, supporting both web-to-web and app-to-web attributions. But with the debut of iOS 17, PCM’s reach now includes Safari Private Browsing.

What Channels Does This Impact?

Apple’s Link Tracking Protection feature is set to have consequences for a range of marketing channels. Understanding the changes and their impact will allow marketers to make changes to their approach to the following channels:

Email Marketing & SMS

The introduction of Link Tracking Protection means that user-specific tracking parameters in links opened through Messages and Mail will automatically be eliminated. This presents a challenge for email and SMS channels. Carla Donahue, the Lifecycle Director at WITHIN, offers these key insights for email and SMS marketers to protect their tracking and attribution:

Engage with your ESP/SMS provider to understand which user-centric parameters they attach to URLs and which are impacted by the iOS17 rollout.
UTMs won’t be affected by the update. Continue to use well-defined “standard” UTMs, including campaign, source, medium and content for every link. Ensure your platform is part of your UTM.
- Example: utm_medium=email_SFMC or utm_medium=sms_KLVY
Initiate tests on your live links to anticipate their look after a user updates to iOS17. Consider partnering with specialists like Litmus for this phase.
Try swapping “?” with “#” in your URLs to sidestep multiple redirects.
- Example: Transition from https://within.co/?utm_medium=email_SFMC to https://within.co/#utm_medium=email_SFMC
Understand the number of customers who browse in Safari who are Apple users to proactively manage expectations regarding user behavior, potential reach and the impact of any updates related to Apple products.

Need assistance in fine-tuning your email and SMS marketing approach? Connect with WITHIN for expert advice and optimization.

Affiliate Marketing Campaigns

Many advertisers and social media affiliates depend on URL tracking data for accurate attribution and commission calculations. With the implementation of Link Tracking Protection, affiliate link tracking will become more challenging. In response, WITHIN’s Affiliate Account Manager, Angela Liu, has put together some valuable tips:

Reach out to your affiliate network to ask about the availability of cookie-less tracking solutions. Think about using these as an alternative backup method.
- Example: Awin offers Mastertag, Impact Radius offers Universal Tracking Tag.
Use clear and specific “standard” UTMs (e.g., campaign, source, medium, content) with each link to attribute referrals to specific affiliates based on the provided source and other relevant details.
- Example: utm_source=AffiliateA.
Use tracking pixels or cookies on your landing pages to collect data on user interactions, conversions and referrals.
Explore different attribution models to measure the effectiveness of your affiliate campaigns. Assist clients in adopting these new tracking and attribution methods to comply with Link Tracking Protection.

At WITHIN, we are dedicated to helping our clients adapt to changes in the affiliate industry and maintain their success. Contact us today to learn more.

Paid Media

Link Tracking Protection is designed to remove tracking parameters like Google click IDs and Facebook click IDs. This means Google Analytics might face challenges tracking your Google Ads and Meta could have issues tracking Facebook Ads.

However, it’s crucial to understand that this change will only affect users on Safari Private Browsing. Those using the Facebook app or seeing Google Ads outside Safari’s private mode won’t experience any difference.

While this update might not drastically alter these channels, it serves as a reminder for marketers to reevaluate their current methods and gauge their reliance on third-party data across different platforms. Marketers should double down on collecting and using first-party data. This can be done by engaging with customers who willingly share their information. Valuable insights like website visits, mobile app interactions, browsing patterns, and purchase behaviors remain unaffected by the iOS17 update and can offer a goldmine of information.

Navigating These Changes

Apple’s latest update emphasizes the need for marketers to pivot toward collecting and using data with user permission. This strategy gives consumers the reins, letting them choose how and when brands interact with them, building a foundation of trust. Marketers who rely on third-party tracking will be more vulnerable to updates like iOS17 and evolving consumer privacy trends.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
checkForPermission	10 minutes	This cookie is set by Beeswax to determine whether the user has accepted the cookie consent box.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_uetsid	1 day	Bing Ads sets this cookie to engage with a user that has previously visited the website.
_uetvid	1 year 24 days	Bing Ads sets this cookie to engage with a user that has previously visited the website.

Cookie	Duration	Description
__hstc	1 year 24 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
__lotl	5 months 27 days	This cookie is set by Lucky Orange to identify the traffic source URL of the visitor's orginal referrer, if any.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gd_session	4 hours	This cookie is used for collecting information on users visit to the website. It collects data such as total number of visits, average time spent on the website and the pages loaded.
_gd_svisitor	2 years	This cookie is set by the Google Analytics. This cookie is used for tracking the signup commissions via affiliate program.
_gd_visitor	2 years	This cookie is used for collecting information on the users visit such as number of visits, average time spent on the website and the pages loaded for displaying targeted ads.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_lo_uid	2 years	This cookie is set by Lucky Orange as a unique identifier for the visitor.
_lo_v	1 year	This cookie is set by Lucky Orange to show the total number of visitor's visits.
_lorid	10 minutes	This cookie is set by Lucky Orange to identify the ID of the visitors current recording.
hubspotutk	1 year 24 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
IR_gbd	session	Impact Radius sets this cookie to store a unique ID which is used to identify the user's device, when they return to the websites that used the same network.

Cookie	Duration	Description
__qca	1 year 26 days	The __qca cookie is associated with Quantcast. This anonymous data helps us to better understand users' needs and customize the website accordingly.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_mkto_trk	2 years	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.
B	1 year	This Cookie is used by Yahoo to anonymously store data related to user's visits, such as the number of visits, average time spent on the website and what pages have been loaded. This data helps to customize website content to enhance user experience.
bito	1 year 1 month	This cookie is set by Beeswax for advertisement purposes.
bitoIsSecure	1 year 1 month	Beeswax sets this cookie for targeting and advertising. The cookie is used to serve the user with relevant advertisements based on real time bidding.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
mc	1 year 1 month	Quantserve sets the mc cookie to anonymously track user behaviour on the website.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
tuuid	2 years	The tuuid cookie, set by BidSwitch, stores an unique ID to determine what adverts the users have seen if they have visited any of the advertiser's websites. The information is used to decide when and how often users will see a certain banner.
tuuid_lu	2 years	This cookie, set by BidSwitch, stores a unique ID to determine what adverts the users have seen while visiting an advertiser's website. This information is then used to understand when and how often users will see a certain banner.

Marketing Pulse Blog