Mobile App Analytics
‘Tis season for growing mobile commerce. Black Friday and Cyber Monday reports from retailers are showing massive growth in purchases from cell phones. To improve performance, internet retailers can never get enough information about customer behavior. So in the post-holiday season, many etailers will choose to revisit mobile analytics to improve their data capture and quality. Dozens of mobile analytics companies will tell you why they are the best. It’s confusing to judge. That said, there are some simple questions which can quickly screen out the analytics companies that you probably don’t want to do business with. Here are five things to ask the sales rep.
1) What is your business model? And what are your potential conflicts of interest?
A number of mobile app analytics companies are actually subsidiaries or business lines of mobile advertising providers that sell ad or retargeting inventory. This is a clear conflict of interest. Insights taken from analytics will drive key marketing and advertising spend decisions. If the same company that sells you the analytics tools also wants to sell you advertisements or marketing services, how can you trust their analytics data? Even if the analytics data remains pristine, just dealing with constant upsells is a hassle.
The Best Answer: “We only sell analytics capabilities. Our only revenue stream is selling analytics tools.”
2) Can I see the source code of your SDK and can I compile it myself?
Every mobile app analytics company needs to install a Software Development Kit in your application. Engineers hate this. So to improve your chances of convincing your engineers to install new analytics (or to argue with them to remove your existing system) ask this simple question: “Can I see the source code of your SDK?” If you can’t see the SDK source code, then you don’t really know what the analytics company is doing with your customer data. You also can’t see how the SDK is interacting with your app. A black box SDK could be accessing key customer data (geolocations, purchase patterns etc.) without telling you about it. Or that SDK may be forcing all functions in your app to wait while it completes calls to the server, leading to slower app response times. If you never saw the code, you would have no way of knowing that the SDK was doing these things. Also, a poorly written SDK may crash your app or conflict with other third-party SDKs. For app developers and publishers, the best case is if your analytics company has an open source SDK. Your engineers can not only see the code, but also request modifications if the code is published in GitHub or Bitbucket. If the analytics company allows you to review the SDK source code and compile it on your own, that’s also good and might be an acceptable alternative. But then you will need to see the code every time the analytics company makes modifications in order to be completely sure that the SDK is not going to cause problems.
The Best Answer: “You can actually download our SDK source code or even modify it. Our SDK is open source. Here’s the link.”
3) Is all tracked information transmitted over an encrypted connection?
This is one of the dirty little secrets of mobile analytics. The majority of the tracked information transmitted from the user’s smartphone back to the analytics provider is sent as clear text. As a result, geolocation data and most other personal information is often sent out unencrypted. Most publishers have no idea that this is happening. Unfortunately, not encrypting all traffic between the handset and the tracking server presents an enormous potential risk for an app developer. It might also be a privacy law violation in many European countries that could get you fined. Don’t take my word for it. Read what the Privacy Rights Clearinghouse has to say on the topic of privacy and encryption for mobile app analytics.
Why would mobile app analytics providers put their customers at risk? Money. Maintaining robust, end-to-end encryption is expensive. The process is far more compute intensive and sucks up more bandwidth than just sending most tracking data in clear text. To encrypt all analytics traffic coming off the app, the analytics providers would need to purchase an appliance designed for encrypted connectivity. Or they would need to reserve a dedicated cloud server that specializes in what’s called SSL termination (SSL is the most common form of encryption on the Internet). Either can cost well into the six figures per year. Encryption also means sending more bits over the wire. That means more bandwidth is used. Using more bandwidth, particularly for cloud-based mobile analytics SaaS companies, can significantly increase costs because cloud providers nail you on bandwidth costs. So to save money, analytics companies cut that corner. But don’t settle on this one. Ask for end-to-end encryption.
The Best Answer: “100% of mobile app analytics tracking information from your customers to our services is encrypted.”
4) Where do you store the tracking data? Do you have physical control of the servers?
Sound paranoid? Maybe. But for any sort of true compliance with privacy standards, an app publisher will need to know the physical location of user data. In cloud computing, it is impossible to designate a specific physical location unless the data resides in a specific piece of hardware. If your user data is stored in a giant cloud data center, you may know the street address. But that data may be scattered across a handful of servers and may be moved from one server to another at random. Knowing exactly where your data resides will make your life much easier if you are sued, need to pass a privacy audit, or even want to ensure that all your user data is deleted at regular intervals.
Note: This is a particularly hot topic in Europe. Many European companies, in particular those in Germany, flat out refuse to allow the tracking data gathered from their users to be stored outside of the European Union. Recently, many European companies have started to insist that their data reside in an infrastructure that is not owned by a U.S. cloud provider, such as Amazon Web Services (sorry, AWS Dublin). These European companies fear that the U.S. National Security Agency has full access to their data if a data center is operated by a U.S. cloud provider. So if you are a U.S. publisher planning to distribute and monetize an application in the E.U., you should strongly consider nailing down the physical location of analytics data stored by third-party analytics providers.
The Best Answer: “We control all the servers and hardware we use for data storage. We can even tell you a specific cage location.”
5) Can I easily share my aggregated historical data with marketing partners?
Basically, this question tests the technical capabilities and data export features of your analytics provider. You, as the customer, should be able to easily slice, dice and export your user analytics data into whatever marketing optimization, revenue augmentation, retargeting, or attribution management system. And you should be able to do this, at a minimum, as aggregated data grouped as a time-series so that you can maintain historical continuity even if you switch analytics providers. At the core of this capability must lie a well-structured API offered by your marketing analytics provider. This API should allow you to export specifically selected types of information, using accepted formats such as JSON, XML or CSV, to any destination. If your mobile analytics provider really loves you, they will set your data free when you want to take it back. If not, then you know that there is a serious lock-in problem caused either by their technology or their business model.
The Best Answer: “You can definitely share your aggregated historical data with marketing partners. Just read our API documentation to learn how. If you have specific questions, we’ll you connect with our database engineers.”