Mobile Advertising ID (MAID) data sits at the core of most cross-device identity graphs, location analytics, and mobile attribution workflows. It's also one of the data categories facing the most regulatory scrutiny — the FTC's 2024 cases against X-Mode, Mobilewalla, and InMarket reset the procurement bar. Before signing a license agreement for a MAID feed, buyers should be working through a five-question diligence checklist. GSDSI's MAID Feed product and Global Mobility & Location Data are designed to clear this bar on every question.
Key Takeaways
Source-app transparency is non-negotiable: a vendor that won't disclose source apps cannot prove the consent chain.
TCF-compliant consent management (IAB Tech Lab's TCF) is the procurement bar — not a buried privacy-policy checkbox.
Latency and freshness matter: feeds arriving 10+ days after collection have limited attribution value. Real-time or daily is table stakes for measurement use cases.
Coverage uniformity by DMA matters more than total device count. Representativeness, not volume, determines whether the feed is fit for national analytics.
Platform-shift resilience is now a procurement diagnostic: how does the vendor adapt as Apple ATT and Google's Privacy Sandbox keep tightening?
Q1: Where Does the Data Actually Originate?
Which apps or SDKs are generating the signals? Whether those apps have proper consent mechanisms is unknowable without a source-app list. A vendor who can't — or won't — disclose their source apps is a first-order red flag. The consent chain is untestable without upstream transparency, and any downstream "privacy-safe" assertion rests on that chain.
Q2: What's the Opt-In Rate, and How Is Consent Collected?
Look for TCF-compliant consent management — not a checkbox buried in a 40-page privacy policy. The diagnostic artifact: a consent-architecture diagram showing how the user-facing opt-in maps to the downstream permission that authorizes the MAID's inclusion in a commercial feed. For the broader privacy-safety framing underneath this control, see what privacy-safe actually means when buying location data.
Q3: How Fresh Is the Data, and What's the Latency?
MAID feeds range from real-time to weeks old. For attribution and measurement, latency matters — a feed that arrives 10 days after collection has limited campaign-optimization value. Ask for the median delay from collection to delivery and the P95 tail. For CTV-to-store attribution and cross-channel measurement contexts that depend on tight latency, see cross-channel measurement for privacy-first advertisers.
Q4: What's the Geographic + Demographic Coverage?
Total device counts are less important than whether the coverage represents the population you're trying to measure. Ask for coverage breakdowns by DMA, state, and (for international) country. The shape matters: a large dataset biased toward dense urban cores is unusable for suburban retail reads. A credible vendor publishes these tables without friction.
Q5: What Happens When Apple or Google Changes the Rules Again?
Apple's App Tracking Transparency already reset the MAID landscape once. Google's Privacy Sandbox is next. Your data partner should have a clear strategy for maintaining signal quality as platform-level privacy controls keep tightening:
Current iOS vs. Android panel split (post-ATT iOS panels are structurally smaller; vendors that over-index iOS may face faster erosion).
Documented methodology for adapting collection as SDKs update.
Backup signals (web-only panels, CTV-based identity) that don't depend on the mobile platform ID layer.
A written contingency plan for a hypothetical future where MAIDs are effectively deprecated on both platforms.
The best MAID data partners treat these five questions as routine, not adversarial. If a vendor gets defensive or vague when you ask about sourcing and consent, that tells you everything you need to know about the durability of the data supply.
Frequently Asked Questions
Why is source-app transparency non-negotiable?
Every downstream privacy-safety claim rests on the upstream consent chain. Without the source-app list, the consent architecture is untestable — the vendor is asking the buyer to trust the chain without evidence. After the FTC's 2024 actions, buyers need the evidence.
What's a reasonable latency SLA for a MAID feed used in attribution?
For CTV/cross-channel attribution and real-time audience activation, intra-day to 24-hour latency is typical. For trend analysis and backtesting, 24–72 hours is acceptable. 10+ days of delay undermines campaign optimization and drifts toward "historical reference" territory.
How do Apple ATT and Google Privacy Sandbox affect MAID feed durability?
Apple's ATT already reduced iOS MAID availability materially, shifting panel composition toward Android. Google's Privacy Sandbox will gradually narrow MAID-based targeting on Android too. Vendors that diversify into CTV, web-based identity graphs, and clean-room measurement are better positioned than those reliant purely on ATT-impacted iOS panels.
What panel-mix data should buyers request?
iOS vs. Android split, DMA-level coverage table, opt-in rate by major app category, and a time series showing how panel composition has evolved over the last 24 months. Credible vendors publish these; opaque vendors treat the request as adversarial. The responsiveness itself is diagnostic.