Responsible data usage for effective advertising

AI of Things    19 May, 2017

Written by Liao Yin Tung 

Recently The Economist stated that “The world’s most valuable resource is no longer oil, but data”. With the rise of mobile technology, traditional advertising has unsurprisingly evolved into digital, therefore holding aspects of consumer behaviour. Mobile advertising converts customer’s impulsive buying into rational, informed purchases, changing how brands appeal to users while extending publisher reach by including new channels.

From the end users perspective, there remain three big questions on Mobile Ads: Data Collection; DataValue; and Data protection.

Figure 1: “Datavase” by mmrtnt from

1. Data Collection- how data is captured?

Firstly, sensors in the mobile device are valuable sources of data. They are able to provide data informing if the device is being held, if it has fallen, or if the owner is looking at the screen or not. A lot of data can be captured from the device to enhance user experience, assuming opt-in obtained from the user.

Secondly, data such as the Android advertising ID and signaling network MNC/MCC IDs are captured via specialised java SDK programs which can be embedded into mobile apps on the device.

Thirdly, a tracking pixel is activated whenever a display ad is served on a website or within an app:

Figure 2: Tracking pixel

When an end user is served with this pixel, a flow of campaign data goes from the mobile device to Data Management Platform servers. These serve as save warehouses for data. This data is then filtered, cleansed, and processed to meet the business rules, where raw data becomes segmented, anonymised, and without any Personal Identifiable Information (PII). A huge amount of care is put into this process so the data becomes meaningful while total anonymised to the source of data: the mobile phone users.

In summary, all data captured- be it device sensors, Advertising Ids, Tracking pixel, or any other user data can be easily managed by the user, Specific mechanisms give them full control of what is being collected, allowing easy opt in or out of what the user thinks is fair to be shared.

2. Value of Data- how is data being used?

Nowadays, the end user controls how their data will be used. It’s an exchange model.

Brands can access high quality anonymised 1st party data to offer better ads, publishers add a layer of data intelligence to their properties, so customer have access to more relevant advertising for products/solutions that suit their needs.

This is only possible because subscriber’s data in the operator is anonymously correlated with their digital ad fingerprint such as web cookies, creating useful use cases that benefit all in the exchange. Obviously, web cookies can be disabled within the user’s web browser whenever they choose. 

Gender, age and location are used to create aggregated metadata that can be used to target specific group of consumers. Metadata describes the real data, just like a library catalogue cards for its book. Historial location can be used to create more precise user content and offer services really needed as it provides context. 

3. Data protection- how are you handling data?

Nowadays Mobile Advertising solutions need to be “secure by design”. The current “mobile lifestyle” demands layered security architecture with multiple lines of defense against malicious attacks.

Figure 3: Elliot Alderson, a cybersecurity engineer from TV series Mr Robot, showing off his skills in lock picking. 

Full anonymization of PII such as MSSIDN (phone number itself) if the first layer, by salting and one-way hashing algorithms. Example for MSSIDN= +34 1 555 4359

Figure 4: You simply can’t reverse the right side data back to the original data in the left!

This one-way hashing ensures no reverse engineering is possible to reveal original source information.

The second layer means Fort Knox for user data. Metadata derived from the original PII such as anonymised hashes and communication toked can be stored at provider level, where it is impossible to pinpoint a single user. Bulk data is first encrypted using split passphrases where two different passphrases are sent to two different channels, or persons, the dined to reveal said metadata.

And finally, the third layer, where in-transit data is protected by SSL certificates using latest TLS 1.2 protocol, commonly known as HTTPS. Certificated presented by the servers employed at least RSA 2048 bit encryption, with SHA256 as signature algorithm. Network endpoints requires strong credentials, such as use of public keys for authentication as standard.

As you’d expected, Ad services are always made compliant from the design phase with the regulatory needs for each territory. In the case of telcos, additionally they have a Security department and Chief Data Officer to ensure the best practice in data usage is always adhered too. Additionally, there is a mandate to comply with the GDPR for any EU data exchange.

Finally, data is generated while the end user interacts with their mobile device. It travels from their mobile to protected servers to be aggregated. Think of the ad ecosystem as an airport, where many different people with varying degrees of access and authority come in and out of the airport every day. There are multiple checkpoints to screen the traveler and their belongings to then send them on the right track.

Digital ads can be entertaining and informative, and if used unobtrusively and with the right timing, even promote end user confidence with the brands, publishers and the mobile operators that deliver the experience.

Leave a Reply

Your email address will not be published.