Mobile Attribution Methods
Deterministic Attribution with Device IDs
The most reliable mobile attribution method matches a click-level device identifier to the same identifier captured at install. On Android, this is the Google Advertising ID (GAID). On iOS, it was the Identifier for Advertisers (IDFA) -- though Apple's App Tracking Transparency framework now requires user consent before accessing it.
The flow works like this: an affiliate places a tracking link on their site or social channel. When a user clicks that link, the tracking system captures the device's advertising ID along with the click timestamp and affiliate ID. When the user installs the app and opens it for the first time, the app's SDK sends the same device ID to the attribution provider. If the click-level device ID matches the install-level device ID within the attribution window, the install is credited to that affiliate.
Set your deterministic attribution window to 7-14 days for app install campaigns. Shorter windows (24-48 hours) miss legitimate installs where users delay the download. Longer windows (30+ days) risk misattribution as users encounter multiple affiliate touchpoints.
Probabilistic Attribution
When device IDs are unavailable -- which is now the majority case on iOS -- attribution falls back to probabilistic methods. These use a combination of IP address, device model, OS version, screen resolution, and click timing to create a "fingerprint" that matches a click to an install with high (but not perfect) confidence.
Probabilistic matching typically achieves 85-92% accuracy when the install happens within a few hours of the click. Accuracy drops sharply after 24 hours because IP addresses change, especially on mobile networks. For affiliate programs, this means probabilistic attribution works well for high-intent campaigns (user clicks and installs within the same session) but struggles with longer consideration journeys.
Attribution Method Comparison
| Method | Accuracy | Availability | Attribution Window | Use Case |
|---|---|---|---|---|
| Device ID (GAID/IDFA) | 99%+ | Android: high; iOS: 15-30% opt-in | 7-14 days | Primary method when available |
| Probabilistic fingerprinting | 85-92% | Universal | 24-48 hours | Fallback when device IDs are unavailable |
| Click-to-install referrer (Android) | 99%+ | Android only (Play Install Referrer) | Session-based | Supplements device ID on Android |
| SKAdNetwork (iOS) | Aggregated only | iOS 14.5+ | 24-48 hours | Privacy-compliant iOS attribution with limited data |
| Self-attributing networks | Varies | Meta, Google, TikTok | Network-defined | Paid media campaigns on walled-garden platforms |
S2S Postbacks for Mobile Attribution
Server-to-server postbacks are the backbone of mobile affiliate attribution. Instead of relying on browser redirects (which break across app environments), S2S postbacks send attribution data directly between servers. Your MMP fires a postback to your affiliate platform when an install or in-app event is attributed, passing the click ID, affiliate ID, and event details.
- Install postback: Fired when the app is installed and opened for the first time -- confirms the affiliate-driven install
- Event postback: Fired when the user completes a qualifying action (registration, first deposit, first trade) -- triggers commission
- Revenue postback: Includes the transaction value so your affiliate platform can calculate RevShare or lot-based commissions
- Rejection postback: Fired when an install or event fails validation (fraud, duplicate, outside geo) -- prevents false payouts
S2S postback URLs must include all parameters your affiliate platform needs for attribution: click ID, affiliate ID, event type, and revenue value. Missing a single parameter means the conversion cannot be matched -- and the affiliate does not get paid. Test your postback URLs with real installs before launching to partners.
Choosing an MMP vs. Building In-House
Mobile Measurement Partners (MMPs) like AppsFlyer, Adjust, Branch, and Singular handle device-level attribution, fraud filtering, deep linking, and postback management. For most operators, an MMP is the practical choice -- building equivalent mobile attribution in-house requires maintaining integrations with Apple and Google's evolving privacy APIs, which is a full engineering team's work.
The decision to build in-house makes sense only if you have extreme data privacy requirements (some regulated Forex brokers prefer not to share user data with third-party MMPs) or if you already have a mobile engineering team maintaining a custom SDK. In all other cases, an MMP layered on top of your affiliate management platform is the standard architecture.
Key Takeaways
- Deterministic attribution using device IDs (GAID/IDFA) is 99%+ accurate but iOS opt-in rates are only 15-30%
- Probabilistic fingerprinting achieves 85-92% accuracy within 24 hours but degrades quickly after that
- S2S postbacks replace browser redirects for mobile -- they fire directly between servers when installs and events occur
- Test every postback URL with real installs before launch -- a missing parameter means unattributed conversions
- MMPs handle the complexity of mobile attribution for most operators -- in-house builds only make sense with extreme privacy requirements
Explore Further
Key terms and tools related to this lesson. Deepen your understanding and see how Track360 supports these concepts.
Postback
A postback is a server-to-server HTTP callback confirming a conversion event like a registration, FTD, or purchase. Unaffected by ad blockers or cookies.
Mobile Tracking
Mobile tracking is the process of attributing affiliate-driven conversions that occur on mobile devices or within native apps, using methods adapted for mobile environments.
Affiliate Tracking
The end-to-end measurement of affiliate-driven activity from initial click through registration, deposit, and ongoing user revenue, supporting attribution, commission calculation, and fraud detection.
S2S Tracking (Server-to-Server)
S2S tracking records affiliate conversions server-to-server, bypassing the browser. Unaffected by ad blockers or cookie restrictions.