Skip to navigation Skip to main content

Privacy Sandbox: Remerge & Verve Group pioneer on-device bidding

The mobile industry is moving ever-closer toward a privacy-centric future, so the mechanics of programmatic in-app advertising are rapidly changing with it. Google’s solution for Android is their Privacy Sandbox initiative – a set of APIs designed to facilitate the on-device selling, buying and targeting of in-app ad placements, without sharing user data among third parties.

This means that the Supply Side Platforms (SSPs) who sell ad inventory for publisher apps, and the Demand Side Platforms (DSPs) who buy the inventory for advertisers, must now rework their tech stacks to ensure that all parties experience a smooth transition to the privacy-first era. Leading the charge on Android is Remerge and Verve Group – one of the first mobile DSP-SSP partnerships to work with Google on building and testing the Privacy Sandbox.

To learn more about their progress with on-device bidding, and get industry perspectives from both the sell side and buy side, we spoke to Verve Group’s Head of Mobile Product, Gaylord Zach and Remerge’s Staff Product Manager, Luckey Harpley, who is responsible for their Android privacy solutions.

As the first mobile DSP/SSP partnership to test the Privacy Sandbox, how has the process and testing been so far for Remerge and Verve Group?

Gaylord: The objective was to explore the integration of the Privacy Sandbox technologies into real-world use cases, specifically utilizing Remerge's demand-side platform (DSP) capabilities and Verve Group's on-device SDK. Traditionally, integrating ads involved straightforward processes – but in the advent of privacy-focused technologies, our new aim is to ensure that ads are served in a privacy-preserving manner. Verve Group developed the necessary components on the supply side, while Remerge handled the buy side.

Luckey: Together, we set up a test in the form of an on-device, single seller, single buyer auction using the Sandbox’s Protected Audience API (PaAPI). With an emulated device and Verve Group’s test app and SDK, we joined the device to a Remerge custom audience via custom audience delegation. Verve Group initiated an auction which Remerge won, allowing us to successfully render a banner ad via Verve Group’s SDK.

How did the test work from a technical standpoint and what were the objectives?

Gaylord: The test was conducted using emulated devices within a development environment. These emulators simulate the behavior of Android devices, allowing for testing and development without the need for physical hardware. In the development environment, there's a window that resembles an Android phone, where the emulated device operates. This setup allowed for initial testing and validation of the integration between Remerge's DSP capabilities and Verve Group's on-device SDK. The next step would involve transitioning from emulator testing to real device testing.

We also initiated efforts to address ‘frequency capping’ within PaAPI. The absence of advertising IDs presents a challenge for implementing frequency capping on the buy side, as actual user information is unavailable – so frequency capping will be transitioned to the device level to ensure effective control and management of ad exposure.

What changes within the industry have led us to invest into these initiatives?

Gaylord: Previously, user data was shipped to buyers for analysis. However, with these new privacy technologies, data becomes more localized, requiring ad tech players to rethink their model architectures and decide what processes they should run on-device and/or within another Trusted Execution Environment (TEE). As auctions move from servers to devices and other TEEs, the landscape of mobile advertising is undergoing significant change.

Over the past 15 years, numerous business models have evolved around mobile advertising, leveraging platform capabilities and user data – but particularly advertising IDs for targeted decision-making. However, with Google phasing out IDs and promoting on-device data processing, traditional models will become outdated. Investing in initiatives that embrace these changes is imperative for businesses to adapt and thrive in a world where data privacy and user-centric approaches are the priority.

Luckey: Being early adopters of the Privacy Sandbox sets us up for success in the long term – given that privacy-first advertising is going to be the future of retargeting and user acquisition on Android. Investing into these initiatives sooner rather than later is essential because it allows us to play an active role in driving the development of the Privacy Sandbox without interrupting the service we provide for our clients. Working with Google also means we can advocate for the needs of the industry and see these requests materialize into features.

As testing is being carried out, what do advertisers need to know?

Luckey: Live-traffic testing on end-user devices will take place later in 2024 – so at this point, advertisers should stay informed with the latest privacy developments, do their research, and team up with advertising partners like Remerge who are working closely alongside key industry players such as Verve Group and MMPs like AppsFlyer to test and adopt Google’s Privacy Sandbox on Android. After the Privacy Sandbox rollout, in-app advertising should work as it always has, as long as advertisers keep their SDKs updated. For any questions, they can simply reach out to our team at Remerge. We’re always happy to chat.

What is changing from the perspective of an SSP and how does this impact publisher apps?

Gaylord: The previous workflow revolved around sending ad requests to Verve Group's ad server, which then distributed them to multiple buyers, conducted auctions, and returned results to the SDK. However, with the adoption of new technologies, (particularly on-device auctions or auctions within other TEEs), the entire process is undergoing a significant shift. In the new setup, while Verve Group still initiates the auction, the actual auction process now takes place on the user's device.

Consequently, Verve Group is undertaking the heavy lifting in updating its SDK and backend processes – and splitting them into multiple steps to accommodate the change. However, it's important to note that these changes do not affect publishers directly. They simply need to update their SDKs and any SDKs associated with their Mobile Measurement Partners (MMPs). From there, they can continue requesting ads as before.

What does Remerge’s and Verve Group’s ‘bidding proof of concept’ test mean for the development and rollout of the Android Privacy Sandbox?

Luckey: As a DSP-SSP partnership, it’s an exciting first step because it serves as evidence that two independent entities are able to make on-device bidding work successfully. This is great validation for all parties involved. Not only does it prove that our products work, but it shows that the Privacy Sandbox’s APIs are working too – which is evidence that in-app retargeting will continue to thrive in the privacy-first era.

Gaylord: For us, the test symbolizes a collaborative effort towards innovation, privacy, and industry progress. The successful execution of these tests demonstrates the feasibility of integrating Privacy Sandbox technologies into real-world applications. Looking to the future, as the technology evolves, we’ll remain committed to pioneering solutions that prioritize user privacy and experience.

What parallels are there today to bidding on OpenRTB? (Real Time Bidding)

Gaylord: We still kick off the auction process with a contextual bid request via OpenRTB, only without an advertising ID. These requests now signal support for Protected Audiences. The bid response serves as an opportunity for buyers to remotely contribute their data and bidding logic for the protected auction. While OpenRTB remains a vital component of our process, its functionality is evolving to incorporate additional logic, ensuring a comprehensive approach to ad serving and auction dynamics.

How has it been so far working with the Android Privacy Sandbox APIs and how are they shaping up?

Gaylord: Working with the Android Privacy Sandbox APIs has been quite an adventure. While still in the early stages and not yet widely adopted, there's a certain thrill in exploring uncharted territory. There may not be established best practices or extensive debugging experience yet, but we're confident that by the time this technology reaches users' devices, it will have matured.

Luckey: It's been an interesting challenge from a software engineering point-of-view. It's a well-defined space with somewhat of an even playing field to innovate. The product itself has some way to go and a lot of the smaller details are yet to be defined, but Google is working hard to understand the industry and take on our feedback. We’re excited to see this come together and to be part of such an important project.

Stay in the loop with the latest news in mobile ad privacy

Join our newsletter