How to track user behavior data of mobile devices in post-PC era

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

Objective】

I've been busy doing some new projects recently, so I haven't updated them for a while. A lot of friends are complaining, this is a kind of urge, I will do my best. This article was originally prepared to go on, the result of playing basketball sprained feet, delayed for a week. Now, all of them, readers friends.

It seems easy to know how mobile devices monitor the behavior of users. The easy way to do this is to use mobile devices as desktop PCs, so you can use the current PC approach to both the app and the Web: Page tagging and event tracking. But the problem is that mobile devices have more flexibility, people are not just using one device, people are switching between mobile devices and desktop devices, and people are switching between the web and apps. In this way, there are too many cross-border and cross-border acts by one person, and if these "cross" actions are not monitored, our monitoring cannot be accurate. In post-PC era, internet users ' monitoring also faces new challenges and problems.

At this year's Sempo meeting, I have 30 minutes to talk about this topic. But the time was too short to unfold, but it was clear that the audience was very interested. So I think there's an article about this area, and in this article and in the next article, I'll look at the methods I've learned.

This article, from the U.S. peer expert Kevin Trilli an article, the original topic is "Mobile tracking:how it works and why it's different", I asked my friend Ptmind classmate to help me to do the full text of the translation. Thanks a lot for her help! This article is not easy, but the translation is very standard! The part of the text that does not have quotes is my annotation.

Body】

"Essentially, the data monitoring of mobile services and our common Web site monitoring are basically common in principle." For example, we all want to be able to cross-station monitoring across domains, but the identification information survival cycle for this kind of cross station monitoring is too short, so we have to use a single domain identifier that can survive longer to monitor. However, in the world of mobile monitoring, there are some small waves that make these things more difficult.

"The techniques used in mobile monitoring are described below, and the differences between these technologies and our traditional online monitoring are highlighted." In fact, there are already a lot of mobile advertising operators in the user identification and monitoring. For simplicity's sake, let's say that we distribute ads through ad networks (ad receptacle) and follow up on the relevant monitoring. This does not mean that these technologies are used only in ad networks, and there are, of course, other users in the supply chain. It is also stated that, although there are concerns that the user information collected in the mobile ad operations chain may involve threats to user privacy, however, the advertisers mentioned in this article and the content of this article will never involve any personally identifiable information for behavioral analysis, in addition, in the promotion of frequency and the calculation of the number of independent users, The use of user information also made maximum protection and the most limited degree of use.

"One of the challenges facing mobile ad networks is that mobile ad audiences use both mobile web sites and apps (mobile creator, moving applications, the same below)." On mobile devices, apps and Web sites are separate domains, separated by different sandbox, and use different identity information. For ad networks, this means that the same user may be split into multiple statistical images, and the ad network needs to find another way to integrate these different identifying information. For these methods, the latter text will be detailed.

"Let's talk about mobile apps first." For apps, developers invoke an operating system based identifier to mark independent users. Looking at the two big platforms for Android and iOS, two of them used android_id and udid to do it. Android also supports more system identification information, including device identification codes (such as Imei,meid or ESN, depending on the network), a user identification code (a IMSI code on a SIM card) for telephony devices, and a WLAN MAC address if the device supports WiFi ( This information is also available on iOS). These operating-system-based identifiers are a joy to everyone in the ad network, because no matter who the app developer is, the identifier doesn't change. This makes it possible to track independent users across applications.

Copyright to the website analysis in China and the translator, the original copyright for Kevin Trilli, if you want to reprint please contact the website analysis in China

"However, in this case the user basically has little autonomy to flee the monitoring, so this phenomenon prompted Apple after the iOS5 began to discard the udid." However, the so-called abandonment does not mean that developers and ad networks have no way to use it (they do), but Apple insists that developers are not advised to use Udid, and it also means that in future versions it is possible to abolish udid (outright farewell). At present, the Udid has been abolished, and in 2013, the newly submitted app involving the use of Udid has been unable to pass the audit, only the previous submissions can still be used. )

The loss of Udid,apple instead encouraged developers to establish independent user identity information themselves. But of course, it can't save the advertising network that needs to go through the information. In order to achieve cross application testing, we think of a lot of curves to save the nation, but also face to and Apple abandoned with Udid the same privacy concerns.

"Let's take a look at the mobile web, like the traditional online Web site, where we use a third-party cookie for cross-domain monitoring: for monitoring user behavior on your site, you use a first-party cookie, the principle of which is the client The side tracking method is exactly the same. But unlike traditional online sites, ad networks can write to Third-party cookies because of the lack of security software on mobile devices. Third-party cookies are valid on Android devices. Regular Android users are accustomed to just using a preinstalled browser or setting a specific browser to default instead of replacing other browsers. And as Apple's pre-installed browser, Safari's Third-party cookies are turned off by default, which means that ad networks cannot cross-domain monitoring on Apple devices. However, ad networks also use other methods to monitor access sessions for iphone and ipad users.

"One approach is to exploit a security vulnerability in Safari, where advertisers can embed cookies if they have a transparent iframe embedded in the Web page." The discovery by Jonathan Mayer, a graduate of Stanford University, has been a cause of widespread concern. Another method is to capture the information disclosed by the browser itself and create a "fingerprint file" for the device. Depending on the degree of use of the browser, whether or not to support JavaScript, the most optimistic can achieve 94% accuracy.

Copyright to the website analysis in China and the translator, the original copyright for Kevin Trilli, if you want to reprint please contact the website analysis in China

"There is also a way to combine the long duration of a single domain identification information (long-term identity), and use a temporary cross-domain identifier to help the ad network achieve the desired purpose." This long-term identity is associated with the first party cookie (one-to-one mapping) and is passed to the ad network as a UID message when the advertisement is requested. During an access cycle, we can use information that remains unchanged during user access as a temporary pedal, such as an IP address, or an identifier passed through a mobile operator's WAP Gateway (all browser sessions are transmitted through a WAP gateway). Such multiple sites can be associated within a visit cycle and are recorded as the site visited by the visitor. And in the next access cycle, the visitor's IP address or WAP gateway may not be the same as the first visit, how do we associate the next visit to this visitor (not two visitors)? In order to be able to discern that this is still one of the previous visitors, We observed that the first cookie that was recorded in all the new sites visited was matched to the previous visit site Records. In the example in the following illustration, this is exactly the case. The visitor visited Publisher 1, 2, and 3 for the first visit, while publisher 1, 5, and 19 were accessed in the second visit. Because each site has a first-party cookie, and two accesses are exactly the same as Publisher 1, you can know from Publisher 1 's first-party cookie that two visits are the same visitor back. And we also know that Publisher 1, 2, 3, 5, and 9 are all viewed by this visitor. Depending on the operator and the relationship between the operator and The Advertiser, the gateway identifier survives for a long and short period, and ideally it may never change. But obviously, the technology is only valid for sites that users often visit, and ad networks are basically not able to use this information in real time. This method can be combined with digital fingerprint to improve the accuracy of fingerprints or reduce the number of calculations needed to produce fingerprints. The following illustration demonstrates the above methods:

"But how can you identify the same person if you have a visitor who is playing the app and later on the Web (through a mobile browser)?"

As mentioned above, mobile Web sites and apps belong to different domains and each use different identifiers. From The Advertiser's point of view, this means that the same person with the same device is separated into two. From the user's point of view, this is not true to the user's chosen reject tracking settings (including monitoring and behavioral analysis), clearly under one domain tracking settings (for example, in the browser to disable cookies or set up a prohibited tracking), in another domain is not recognized, Because the ad network can not tell this is the person who previously set the refusal to track. And it's hard to understand why apps and Web pages often jump around.

"The most common way to associate apps with mobile sites is usually when a user clicks on an ad in an app." When the user clicks on the ad, the URL to the destination is unique to the user, with a parameter that maps to the URL of the user identifier in the app domain, and that URL and parameter is the same as The advertiser's ad when browsing the Web page on the same device. That is, whether you advertise on the app or advertise on the Web, the parameters behind the URL of the advertisement must be the same, and the URL is used to identify the user. When the user jumps to The advertiser's website, the ad network can associate the identifier in the app domain with the Web site through the identifier in the URL's end-argument. Ad networks can also be reversed by a variety of technologies (an important use scenario: When a user sees an ad on a new app on the site, such as the latest and coolest games, the ad network wants to know if the user is finally tempted to click on the ad and actually completes the download.) However, the application of these technologies is based on the premise that the ad network can access the two different domains of common storage information, the threshold for each operating system is also different. ”

Copyright to the website analysis in China and the translator, the original copyright for Kevin Trilli, if you want to reprint please contact the website analysis in China

My commentary:

This article describes the current mobile marketing data monitoring in miniature. A mobile terminal is inherently better than a PC in that it has a permanent identity like udid or IMEI to lock a device, which allows us to have unique class data (such as the unique Impression,unique Click,unique visitor) Tracking seems easier. However, these permanent signs have a larger privacy dispute, which results in a shrinking range of applications. But without these permanent identities, tracking unique class data is more cumbersome than a PC. In this case we still have to resort to cookies, the first and third parties (in fact, the mobile cookie and Web cookie implementations are different, but they are almost the same, so the developer follows the name of the cookie), even in the app, We also use the curve to save the way to load cookies.

But cookies also run into problems, with the exception of still-distracting privacy issues, and the other trouble is that, in the user experience, the iOS system may cause users to suddenly be kicked out of the app when they click into the app, open a browser, and then be kicked back to the app experience. Apple is also beginning to ban developers from using cookies to track technology.

All of the above principles are focused on how to identify and cross domains (and across boundaries, i.e., across the web and app), so how do you identify the specific behavior of users on the Web or on the app?

From a mobile web perspective, the user behavior tracking principle of the Web on the PC is not much different, and it also needs to rely on cookies, or at least pixel tracking (about what is pixel tracking, which I'm writing in the middle of the book). The most common way to track user behavior in app is to place the header file of the monitor program in the app via the SDK (software Development Kit). Libraries and other modules, as well as tracking the user interaction behavior that you are interested in separately, like the event tracking ( Event tracking. Specific Add method I do not intend to elaborate (it is actually a technical implementation manual), if you have friends interested, you can directly refer to the Google Analytics SDK installation instructions, see here: https://developers.google.com/ analytics/devguides/collection/.