Device IDs Decoded

Understanding how device identifiers work 

---

Device ID - What's That?

A device ID (often called an IDFA, or Identifier for Advertisers) is a unique string assigned to a user’s mobile device.

1. On Android, it’s typically the GAID (Google Advertising ID)
2. On iOS, it’s the IDFA (Identifier for Advertisers)
   
   

These IDs are used across the app ecosystem to identify devices in an advertising context, allowing advertisers to:

1. Track engagement and conversions
2. Enforce user-level frequency capping
3. Build retargeting and lookalike audiences
4. Attribute installs or other in-app actions accurately
   
   

Targeting Options

In GSM360's platform, you’ll see an option to target devices based on whether a device identifier is:

• Present (device ID is available),
• Missing (device ID is not available), or
• Both (no restriction)
  
  

Present

Targeting Devices with IDs:

1. Better Tracking & Attribution
   
1. You can tie impressions → clicks → installs → conversions at the user level.
   
2. Essential for performance or app install campaigns where ROAS or CPI matter.
   
   
2. Cleaner Frequency Capping
   
1. With unique IDs, you're able to enforce caps per user/device instead of per session or cookie.
   
   
3. Stronger Retargeting
   
1. You can retarget specific devices who engaged before.
   
   
4. Quality Control
   
1. Devices with IDs are often associated with legitimate app traffic, so there is lesser risk of fraud.
   

Missing

Targeting Devices without IDs:

1. To Maximise Reach
   
1. iOS (especially post-iOS 14.5) and some Android versions limit IDFA/GAID sharing.
   
2. If you only target 'Present', you’re excluding huge chunks of inventory, especially on iPhones.
   

1. Brand Awareness Campaigns
1. If the goal is pure reach (not attribution), tracking accuracy matters less - so "no ID" traffic is acceptable.
   
   
2. Privacy Compliance / Policy Choice
1. Some advertisers avoid ID targeting intentionally for GDPR or privacy-sensitive verticals such as finance or healthcare
   
   
3. Inventory Testing
   
1. To see how much extra traffic the selection brings and whether it affects cost or quality.
   

In a nutshell,

No IDs = broader reach but weaker measurement.

With IDs = narrower reach but stronger precision.

Whitelisting / Blacklisting

You can create Audience Lists and use them as a whitelist or blacklist on our platform. Refer to the guide here.

Tracking and Frequency Capping Without Device IDs

When device identifiers are not available - an increasingly common trend on iOS and privacy-conscious apps - DSPs still need a way to manage reach and frequency. Without a unique device ID, the system shifts from deterministic to probabilistic tracking.

Here’s how it works:

1. Relying on Temporary Identifiers
   
1. DSPs use session-level signals such as cookies, IP address, user agent, timestamp, and app bundle. While these are short-lived and cannot tie back to a persistent user, they do help the system make educated guesses that a user is likely the same across impressions within a short window.
   
   
1. Using IP + Timestamp Patterns
   
1. When multiple requests come from the same IP and device specs within a given time frame, the DSP probabilistically assumes it is the same user and enforces frequency accordingly.
   
   
2. Contextual Frequency Control
   
1. Some platforms implement contextual f-cap, where the limit applies per placement or publisher rather than per individual user.
   
2. This limits overexposure in a specific environment, even when user-level tracking is not possible.
   
   
3. Aggregate Reporting Instead of User Logs
   
1. Since there is no persistent user trail, reporting aggregates by impression source — meaning reach and frequency metrics become modeled estimates, not exact counts.
   
   • 
     

While these methods are not as precise as true device-level tracking, they allow advertisers to maintain a degree of pacing and exposure control - essential for brand safety and user experience, especially on privacy-first inventory.

When IDs disappear, the DSP doesn’t stop tracking - it just gets smarter at guessing.

How GSM360 Does It

Even when device identifiers (like IDFA or GAID) are not available - for example, on Safari browsers or devices with tracking restrictions, GSM360 ensures frequency control remains consistent through probabilistic matching.

Our platform uses a combination of IP address and User Agent (UA) data to generate a temporary, privacy-safe fingerprint.

1. IP address identifies the network the user is on
   
2. User Agent provides device and browser details (e.g. iPhone 14, iOS 17, Chrome)
   

By securely hashing and combining these signals, the platform can recognise repeat interactions within a short time window. This allows us to apply frequency caps and avoid ad overserving, even in environments where deterministic IDs are not available.

We also design this fingerprinting process to respect user privacy:

1. The data is session-based, refreshed regularly, and not stored long-term
   
2. The approach is compliant with privacy frameworks like GDPR and Apple ATT
   

While this method is not as precise as device-based tracking, it provides a balanced way to maintain campaign performance and brand safety across ID-restricted inventory.

Troubleshooting

Why Older Device ID Lists May Stop Delivering

If a campaign uses whitelisted device IDs (or IPs) and suddenly stops delivering, several factors might be at play:

1. Devices have reset or rotated their IDs (common after OS updates or privacy resets)
2. The lists are years old and many of those devices are inactive
3. App publishers may have removed the ID field entirely post-privacy updates
4. Targeting logic or inventory sources changed, making those IDs less relevant

Refresh audience data - cloning the campaign and replacing old lists with newly sourced IDs can restore scale and accuracy.

Best Practices

1. Keep Device Lists Fresh – refresh every 30–60 days for active campaigns
2. Open 'Both' – to maximise delivery and reach.
3. Don’t Overlap ID Whitelists – ensure there’s no redundancy or conflict with targeting rules

Final Thoughts

Device IDs sit at the intersection of precision and privacy in programmatic. When used correctly, they unlock deep user insights, strong retargeting, and efficient spend control. When mishandled or outdated, they can throttle delivery or distort campaign results entirely.

As privacy regulations evolve, advertisers will increasingly rely on probabilistic models and contextual signals - but for now, device identifiers remain one of the most reliable levers for campaign optimisation and measurement.

• Related Articles

• Guide to Create an Audience List

  Maximizing your First-Party Data Having an Audience List is useful for granular targeting or exclusion of Device IDs collected. For retargeting in Audience Lists, use {DEVICE_PLATFORM_ID} as your primary macro. This macro provides the unique ...

• Guide to Create an Inventory List

  Precision Targeting for your Campaign Having an Inventory List is useful to ensure ads run only on designated supply sources by targeting or excluding App Bundle IDs and Placement IDs (for app) as well as URLs (for web). Getting the Inventory You can ...

• Guide to Manual Blacklisting

  Block Unwanted Sources Step By Step Creating Manual Blacklists allow more granular control when optimizing a campaign. It works the same way as an Inventory List (which can be used as a Blacklist), in that it ensures ads run only on designated supply ...

• Guide to Create a Campaign

  Setting up your campaign on GSM360 The Dashboard is the first page you see upon logging in. On the page, click the + Create New Campaign button on the right. This button is also available in the Campaigns page. Once you click on the + Create New ...

• Guide to Report Creation

  From Raw Data To Insights Reports provide you with granular data for analysis of your campaigns. This guide shows you how to create one: Go to the Reports tab of your account. In the Reports list page, click on the + Create New Report button. You ...