About a week ago I received a question from a friend and I thought the answer could be useful for a few others as well. As a media buyer in one of the leading mobile game publishers he is working with different DSPs and from time to time he is using lists of IDs and publishers – both whitelists and blacklists. “How can I be sure that other mobile game publishers don’t get access to my lists once I give them to the DSP provider?” he asked.
His concern is very easy to understand. Often whitelists are used in retargeting campaigns and contain a list of the most valuable users that ever played the app. Blacklists on the other hand often contain a list of all the users who have the app installed so you can exclude them from your campaign. Either way, these are very sensitive lists – the damage of having them fall into the wrong hands could add up to millions of dollars.
The answer has 4 parts:
1 – Legal – contract with real teeth
The standard agreements obviously have some sections that say “vendor will use his best efforts to protect….” or something similar. This is pretty loose and might not do the trick for you. As a game publisher I would suggest a clear language that places blame on the DSP in case of leakage and names severe penalties. In combination with the other tips below this change will go a long way towards ensuring your data is pretected. Another aspect of this is to verify that the provider has assets you can sue against. The threat of a penalty will be less effective against a provider with nothing to lose.
2 – Prefer DSP platforms with no conflict of interest
Some DSPs are hybrid DSP companies that play a dual role. With some companies, they are simply a platform provider that don’t have a stake in the game but with others they are providing agency service on top of their platform and are measured by the success of their campaigns. When acting as an agency for your competitor, they are actually creating a conflict of interest with your company if you are only using their platform. I would recommend sticking to the pure platforms that don’t engage in agency services.
3 – Programatic data handling creates consitency
Some DSP providers have tools built into their platform to manage lists. These tools allow you to create a list, delete it or modify it. Other providers manage lists manually. There are 2 main differences:
- Software tools are more consistent than manual handling – this means that leakage either never happens or happens all the time
- When using software tools only a handful of people in the company has the access or knowledge to extract the data and they are usually not the same people who might have their incentives aligned with your competitors
4 – Set traps or at least pretend you did
You can easily add a few known IDs into your lists. If these device IDs will start showing irregular activity from competitor campaigns you would know that the list leaked. All you have to do is monitor these IDs in one of two ways:
- By having the actual device and checking what ads you receive in a test app
- By requesting bids from different exchanges for these device IDs
If you are also following the advice in #1, it might be enough to pretend you have such a system to make the DSP provider think twice before sharing any of your lists.
Combine these methods for maximal impact
Having the teeth in tip #1 is very effective if the provider know you will be monitoring as explained in #4. If the provider is handling lists manually as explained in #3 he will be hesitent to sign up for penalties explained in #1. These methods work much better if you use all of them and there is no reason why not doing so. Combine multiple layers of defense that re-enforce each other.