Back to overview
Lesson 2 of 6

Mobile Attribution Methods

8 min read

Deterministic Attribution with Device IDs

The most reliable mobile attribution method matches a click-level device identifier to the same identifier captured at install. On Android, this is the Google Advertising ID (GAID). On iOS, it was the Identifier for Advertisers (IDFA) -- though Apple's App Tracking Transparency framework now requires user consent before accessing it.

The flow works like this: an affiliate places a tracking link on their site or social channel. When a user clicks that link, the tracking system captures the device's advertising ID along with the click timestamp and affiliate ID. When the user installs the app and opens it for the first time, the app's SDK sends the same device ID to the attribution provider. If the click-level device ID matches the install-level device ID within the attribution window, the install is credited to that affiliate.

Set your deterministic attribution window to 7-14 days for app install campaigns. Shorter windows (24-48 hours) miss legitimate installs where users delay the download. Longer windows (30+ days) risk misattribution as users encounter multiple affiliate touchpoints.

Probabilistic Attribution

When device IDs are unavailable -- which is now the majority case on iOS -- attribution falls back to probabilistic methods. These use a combination of IP address, device model, OS version, screen resolution, and click timing to create a "fingerprint" that matches a click to an install with high (but not perfect) confidence.

Probabilistic matching typically achieves 85-92% accuracy when the install happens within a few hours of the click. Accuracy drops sharply after 24 hours because IP addresses change, especially on mobile networks. For affiliate programs, this means probabilistic attribution works well for high-intent campaigns (user clicks and installs within the same session) but struggles with longer consideration journeys.

Attribution Method Comparison

MethodAccuracyAvailabilityAttribution WindowUse Case
Device ID (GAID/IDFA)99%+Android: high; iOS: 15-30% opt-in7-14 daysPrimary method when available
Probabilistic fingerprinting85-92%Universal24-48 hoursFallback when device IDs are unavailable
Click-to-install referrer (Android)99%+Android only (Play Install Referrer)Session-basedSupplements device ID on Android
SKAdNetwork (iOS)Aggregated onlyiOS 14.5+24-48 hoursPrivacy-compliant iOS attribution with limited data
Self-attributing networksVariesMeta, Google, TikTokNetwork-definedPaid media campaigns on walled-garden platforms

S2S Postbacks for Mobile Attribution

Server-to-server postbacks are the backbone of mobile affiliate attribution. Instead of relying on browser redirects (which break across app environments), S2S postbacks send attribution data directly between servers. Your MMP fires a postback to your affiliate platform when an install or in-app event is attributed, passing the click ID, affiliate ID, and event details.

  • Install postback: Fired when the app is installed and opened for the first time -- confirms the affiliate-driven install
  • Event postback: Fired when the user completes a qualifying action (registration, first deposit, first trade) -- triggers commission
  • Revenue postback: Includes the transaction value so your affiliate platform can calculate RevShare or lot-based commissions
  • Rejection postback: Fired when an install or event fails validation (fraud, duplicate, outside geo) -- prevents false payouts

S2S postback URLs must include all parameters your affiliate platform needs for attribution: click ID, affiliate ID, event type, and revenue value. Missing a single parameter means the conversion cannot be matched -- and the affiliate does not get paid. Test your postback URLs with real installs before launching to partners.

Choosing an MMP vs. Building In-House

Mobile Measurement Partners (MMPs) like AppsFlyer, Adjust, Branch, and Singular handle device-level attribution, fraud filtering, deep linking, and postback management. For most operators, an MMP is the practical choice -- building equivalent mobile attribution in-house requires maintaining integrations with Apple and Google's evolving privacy APIs, which is a full engineering team's work.

The decision to build in-house makes sense only if you have extreme data privacy requirements (some regulated Forex brokers prefer not to share user data with third-party MMPs) or if you already have a mobile engineering team maintaining a custom SDK. In all other cases, an MMP layered on top of your affiliate management platform is the standard architecture.

Key Takeaways

  • Deterministic attribution using device IDs (GAID/IDFA) is 99%+ accurate but iOS opt-in rates are only 15-30%
  • Probabilistic fingerprinting achieves 85-92% accuracy within 24 hours but degrades quickly after that
  • S2S postbacks replace browser redirects for mobile -- they fire directly between servers when installs and events occur
  • Test every postback URL with real installs before launch -- a missing parameter means unattributed conversions
  • MMPs handle the complexity of mobile attribution for most operators -- in-house builds only make sense with extreme privacy requirements