Audiences user identifier policy

For:

Marketers

Last update: January 14, 2025 07:51

At a glance: Configure your user identifier policy to exercise account-level control over the data Audiences shares with partners.

About

Once you have defined an audience, AppsFlyer Audiences sends identifiers for the members of that audience to your selected advertising partners. This enables them to serve your ads only to these users.

In order to enable compliance with the privacy requirements of iOS 14.5 and other user privacy considerations, Audiences allows you full control to determine which identifiers are shared with partners:

at the account level
at the partner-connection level

This article explains the process for managing your user identifier policy at the account level. For more information about managing the identifiers shared at the partner-connection level, see the Manage connections section of the Audiences guide.

User identifiers

This section describes the identifiers that can be shared with partners.

Shared identifiers

By default, Audiences shares the following identifiers with partners:

iOS: IDFA (on iOS 14.5 and above, available only if a user permits sharing this identifier)
Android: GAID

Some advertising partners also support the following identifiers:

Email (hashed)
Phone number (hashed)
OAID and IMEI (both relevant only for non-Google Play Android stores)

Certain other additional identifiers can be useful for your internal processes (such as CRM or analytics):

CUID
IDFV (relevant only for iOS)

For additional information (including requirements for using specific identifiers in AppsFlyer), see the identifiers table below.

Identifiers table

Identifier	OS	Shared by default?	Requirements for use/ Notes
IDFA	iOS	See note (right)	By default, only shared for users with ATT status: authorized or not determined
GAID	Android	Y	None
OAID	Android (non-Google Play)	N	Must be configured in the AppsFlyer SDK
IMEI	Android (non-Google Play)	N	Must be configured in the AppsFlyer SDK
CUID	iOS Android	N	Generated by the advertiser and reported to AppsFlyer using AppsFlyer APIs or SDKs Not shared with advertising partners, but can be useful for your internal purposes Subject to the Additional Identifiers Terms of Use
IDFV	iOS	N	Not shared with advertising partners, but can be useful for your internal purposes Subject to the Additional Identifiers Terms of Use
Email (hashed)	iOS Android	N	Must be configured through the AppsFlyer SDK or S2S-mobile API Must be encrypted with SHA256 hashing Subject to the Additional Identifiers Terms of Use
Phone number (hashed)	iOS Android	N

Setting account-level user identifier policy

User identifier policy can only be set by an admin user.

To set or modify your policy, follow these steps:

In AppsFlyer, from the side menu, select Engage > Audiences.
Click the settings (gear) icon in the top right corner.
In the User identifier policy window, select the settings that comply with your organization's privacy policies.
- If you elect to allow sharing of identifiers other than IDFA, GAID, OAID, and IMEI, you must first review and accept the Additional Identifiers Terms of Use.
- If you elect to disallow identifier(s) that are uploaded by existing partner connections, you will be asked to confirm that you wish to stop uploading these identifiers.
Click Save.

Changes to your IDFA policy will take effect starting with Apple's release of iOS 14.5. All other changes to your user identifier policy will take effect starting with the next upload to partners.

Privacy regulations

This section describes privacy regulations that affect how user identifiers can be shared.

iOS

Starting with version 14.5, iOS requires that every app offer the user an option to allow/disallow sharing of their IDFA device identifier for advertising purposes (App Tracking Transparency). Whether or not a user has seen and responded to this option (the "ATT consent dialog") determines a user's ATT status.

Audiences policy options for sharing identifiers in iOS are based on a user's most recent ATT status. Your sharing options are as follows:

User policy option	Corresponding ATT status
Never upload	This identifier is not uploaded to partners
ATT status: authorized only	The identifier is uploaded if the most recent ATT status is authorized or af_authorized
ATT status: authorized or not determined	The identifier is uploaded if the most recent ATT status is authorized, af_authorized, not_determined, or af_unavailable Default option for IDFA, starting with Apple's release of iOS 14.5
Always upload	The identifier is uploaded independent of ATT status. Ensure compliance with your app’s terms of use. Option unavailable for IDFA

Note: Audiences treats a new user's ATT status as not determined until they have seen and responded to the ATT consent dialog.

For detailed ATT status definitions, see:

Apple ATT status definitions
AppsFlyer ATT status definitions (af_authorized, af_unavailable)

Additionally, all users from the European Economic Area (EEA) are subject to Google's enforcement of the Digital Markets Act (DMA).

Android

Android users from the European Economic Area (EEA) are subject to Google's enforcement of the Digital Markets Act (DMA).

EU Digital Markets Act

As part of Google’s enforcement of the Digital Markets Act (DMA) on March 6, 2024, Google is updating its EU user consent policy. As a Google App Attribution Partner, AppsFlyer is making the necessary changes to support their policy requirements, while ensuring that advertisers maximize the value from their Google Ads marketing channels. Learn more

This is how the changes will affect Audiences:

New AppsFlyer SDK
The latest AppsFlyer SDK will collect user consent from app owners for the European Economic Area (EEA) so their data can be shared with Google. For audiences created in AppsFlyer (such as Custom and Suggested audiences) consent information collected from the SDK will automatically be shared with Audiences, and then with Google. Once you’ve updated to the latest SDK, this process will happen automatically.
Audiences connected to Google
- Consent granted - AppsFlyer will send the devices of EEA users who have granted consent to share their information with Google.
- Consent denied - AppsFlyer will not send the devices of EEA users who have denied consent to share their information with Google.
- Consent unknown - AppsFlyer will send the devices of EEA users who have neither granted nor denied consent as “Unspecified”. Google will not likely accept them for inclusion in the audience on their side.
  
  For more details, see Google’s FAQ.
Existing Audiences
All devices that were already part of an audience within Google before March 6, 2024 will not be impacted and will continue to be part of the audience. Only new Audiences or new EEA devices added to an existing audience will be uploaded to Google with consent.
Audience upload size
The audience estimated and actual upload sizes may be affected depending on the number of users granting or denying consent.
Importing audiences
- Import standard audience - AppsFlyer will add the consent data it collects from the AppsFlyer SDK, and will remove unconsented or unspecified devices from the audience before sending it to Google.
- Import “as is” audience - When importing an “as is” audience via CSV or API, two additional consent fields will need to be added. These fields are:

AppsFlyer field (1)	Google field (2)	Values	Field explained
ad_personalization_enabled	ad_personalization	true/false	Did the user give Google consent to use their data for personalized advertising?
ad_user_data_enabled	ad_user_data	true/false	Did the user give consent to send their user data to Google?

If the consent fields are not filled in with values, they will be sent to Google as “Unspecified”.

Note

Google’s enforcement of the Digital Markets Act (DMA) applies to both Android and iOS platforms.

Additional Identifiers Terms of Use.pdf
(50 KB)