6 top tips for game devs to adapt to app store and privacy regulation changes

Oscar Clark   •  October 13th 2021

2021 has seen some unprecedented events, and I’m not even talking about the pandemic.

Privacy and the protection of children playing games has become a major issue for the games industry, partly due to the general public becoming more aware and concerned about the negative aspects that have emerged from online experiences and social platforms.

Games have always been the target of certain groups, but we must acknowledge that these changes have at least partly been the result of some unfortunate (in some cases arguably cynical) design decisions.

I want to take a look at three specific areas of change, and our thoughts on what game devs can do about them, and how by embracing them authentically we can still deliver amazing experiences for players of all ages.

1. What has been the impact of iOS 14.5?

Earlier in the year after an extended period of change Apple removed their ID For Advertiser (IDFA) and replaced it with its SKAdNetwork/ATT approach.

This required a much more explicitly opt-in process for users to follow in order to track advertising data.

Predictably, there has been a significant drop in ad spend and ad performance since the introduction of iOS 14.5 (and subsequently iOS 14.6) this is clearly illustrated in this chart (source: Tenjin) which shows a gradual drop as adoption increases.

Also, predictably that spend doesn’t seem to have gone away, instead, it seems to have transitioned over to Android (source: Singular)

The more worrying aspect for me as a game publisher is the reported low level of opt-in; with something like 20% of users saying ‘Yes’ to the ATT prompt.

2. ICO and age appropriate design code

In the UK, the Information Commission Office (ICO) introduced its guidelines on the way data is captured in any online experience (not just games), building on the requirements of GDPR and this is now in force.

This will apply to any game (or potentially website or app) that is offered to people in the UK.

The ICO has set out 15 key principles which introduce some subtle but profound constraints that affect how we need to operate when it comes to using data, especially in the ‘Best Interest of the Child’.

This extends protection to teenagers up to 18 years old and applies to any service that is likely to be used by that audience – even if not intended.

This change means that we can no longer assume a player is an adult, just because we designed the game with that intention. We need to assume instead that they are not unless we can prove it.

The obligations under the code also mean we must pay increasing attention to every aspect of data that is captured about a player on all of the platforms we work with.

For example, even if you are working with a GDPR compliant platform you need to be super careful to understand how that platform captures and manages Anonymous IDs to avoid any custom events you create accidently making that player identifiable – and falling foul of the code.

Every team offering games to the UK will need to do a Data Protection Impact Assessment and decide what level of risk you are willing to accept.

However, whilst these restrictions have consequences, they actually provide a great framework for games to work with to improve their authentic engagement with players and to reinforce trust with your audience.

Advertising Standards Authority – guidance on in-game purchases

Adding to the regulatory framework that developers working in the UK will have to consider is the Advertising Standards Authority who in September released its new guidance around In-Game Purchases.

This is aimed at misleading promotions around the cost and content of in-game purchases on in-game storefronts, platforms or broader advertising. In particular, it seems to me that much of this is targeted at “bad-actor” use of purchasable virtual currency and loot crates which has caused so much backlash.

There are elements of the wording of the guideline that give me cause for concern about the implications for genuine game design choice – but we have to appreciate that it’s hard to legislate nuance.

We will need to see how these roll out in practice before making a judgement.

According to Tom Harding at law firm Osbourne Clarke, the key items are:

  • How in-game purchases are priced — material information must not be omitted or obscured. Advertisers should ensure there is a clear statement of the digital currency price, and easily accessible or clear signposting as to how much digital currency the player holds.
  • Odd-pricing — this is where an in-game item costs less virtual currency than the cost of the smallest virtual currency bundle. For example, where a sword costs 50 gold, but the lowest currency bundle is 80 gold.
  • Methods putting undue pressure on players — for example a short retry timer with a prompt to buy currency or implying success through buying.
  • Random-chance item purchasing – for example, direct or implied suggestions that the next purchase will grant a rare/specific item.
  • Limited time offers – such as for seasonal cosmetics and battle passes, where it should not be implied that items are only available for a specific time if the item will later be made available again or more generally.

One very important distinction I am very pleased to see is that the Gambling Commission have stated that in their view random chance loot boxes are not a gambling activity.

However, that doesn’t mean we can be complacent about their use.

6 tips for game devs to adapt

  1. Think about how you get your players to choose to opt-in to data (and ads!) – where players understand the value, what you are doing with their data and that you can be trusted they are much more likely to opt-in.
  2. Clearly communicate the value of your game to your players authentically – and design your monetisation around that value. This includes explaining why you capture data and asking for permission.
  3. Create more integrated UA campaigns that pair the creative design with the desired audience interests telling one story over time consistently across all your marketing channels (*including in-game and live ops).
  4. Carefully separate out your telemetry data from any player-specific information required to manage your game using session-based IDs. Make sure you can’t accidentally identify players through poorly considered custom events.
  5. Use that telemetry to define cohorts based on player “life stages” to track engagement and inform your user acquisition as well as live ops.
  6. Create a data map which shows what information is stored in what platform/tool and how that is used. The one below shows an example we created for a fictional game aimed specifically for a child audience on mobile:

All these rules, codes and guidelines provide a framework for developers to consider when they make and release games.

They present a high level of expectation on games teams to communicate and deliver authentic value for players. However, we should be doing that anyway, especially when it comes to making games for children.
There are some compromises we will have to accept in how we build games, but in doing so we will create commercial content that not only players love, but in a way that they can feel they trust. That is not only something we should be doing anyway but makes good long term business sense.

Oscar Clark   •  October 13th 2021