Revenue Challenges: Privacy & Platform Changes for Mobile Game Developers

The 80 Level Research Team reveals how privacy and platform changes affect mobile game developers' revenue and monetization strategy. It also outlines future privacy changes and how developers can prepare for them.

There are notable shifts between In-App Ads (IAA) and In-App Purchases (IAP) in the mobile gaming landscape. Hypercasual games rely on IAA for monetization, and hardcore games usually depend on IAP. However, there is currently a growing trend of hybrid monetization strategies incorporating IAA and IAP. The popularity of hypercasual games has dwindled, while hybrid and casual games have experienced growth in sales and downloads. 

Recently, privacy policies have become more complex, requiring developers to comply with rules designed to protect user data:

  1. New GDPR (General Data Protection Regulation) data processing rules (2018);
  2. Enforcement of the DMA law (Digital Markets Act) for big gatekeepers in 2023;
  3. Enforcement of the DSA law (Digital Services Act) for all online platforms in 2023.

#1: Privacy Changes

These regulations even affected large companies.  Apple made major changes to its privacy controls in 2021, implementing a new feature called ATT (App Tracking Transparency) that limited the ability to track user behavior. Today, developers are in a difficult situation regarding receiving personal information from users. 

To avoid hefty fines and successfully monetize an app, developers must be authorized publishers and comply with GDPR and local regulations. Let’s look at these steps in detail:

Step 1: Become an authorized publisher

This is an example of the supply chain that big companies like Google and Apple approve. The process allows them to validate conscientious sellers and prevent fraudulent efforts in ad space selling. 

The three entities using in-app ad units are publishers, intermediates, and buyers. Game publishers must upload a website to Google Play Store or Apple App Store and create an app-ads.txt file containing a list of authorized digital sellers. The file must be updated every two weeks, at minimum.

Step 2: Comply with GDPR

GDPR (General Data Protection Regulation) is a European regulation that defines how user data should be stored. To comply with GDPR, developers must have different servers for each region they work in and build three main systems: a data collection system, a data storage system, and a data deletion system. 

Local privacy policies ⏤ such as LGPD, POPIA, and CCPA ⏤ must be observed if a developer wants to work globally. Most privacy policies are similar to GDPR; however, developers need to specify in the user agreement which regulation is used for residents of each country. Also, if the target audience includes minor children, studios must comply with COPPA regulations and are advised to observe CARU guidelines. A practical way to proceed is to shift compliance responsibility to the users by specifying a lower age for players in the user agreement. 

Sergei Dudar, Producer | iLogos Game Studios

#2: Declining Revenue

Privacy changes can impact developers by restricting their ability to understand player data and make informed decisions. The tightening of data protection rules also limits developers’ choice to deliver personalized ads. According to Data.AI, mobile ad spending reached $336 billion in 2022, ⏤ a 13.8% increase from the previous year. This is the lowest annual percentage growth in recent years and 9% less than in 2021.

Understanding player behavior is crucial for game development. Limited access to metrics puts creating new features and releasing updates at risk.

Jamie McClenaghan, Founder & Lead Unity Developer | Classy Games Studios

Privacy changes also create challenges for indie developers. They must turn to third parties for assistance in making their apps compliant, which might stifle potential growth. They should maintain a marketing department to identify and define their target audience effectively.

Maksym Bondarenko, CEO | Gerillaz - World of the Abyss (WOTA)

#3: Ad Monetization is Vital

Despite the challenges, developers remain committed to ad monetization. Research participants noted that AAA studios are perhaps less affected, as their large legal departments can assist in avoiding legal collisions and identifying loopholes.

The direct-to-consumer strategy proves quite effective. The importance of keeping users engaged in the development process, asking for their input, incorporating community management for feedback, and supplementing missing analysis cannot be underrated.

Jamie McClenaghan, Founder & Lead Unity Developer | Classy Games Studios

#4: Opportunities for Third-Party Services

Apple's App Store policies continue to incite ire from developers who expressed dissatisfaction with Apple Search Ads. Although Google has not yet introduced restrictions on user data collection as Apple has, its analytical reports also aren’t convenient for developers. Developers note that Google uses complicated graphs and definitions for analytical indicators; hence, why developers are considering moving beyond Google and the App Store. 

Maria Lelkes, Co-founder & Product Owner | Pink Fox Games

One alternative is for developers to set up their own servers in different countries and to build in-house systems to collect, store, and delete user information while complying with privacy regulations. While effective, this approach is also very expensive, exceeding  $1 million

An additional burden for developers who house data in their servers is that they must prioritize data protection and purchase flow security — an arduous effort. Mid-tier and indie studios can receive more user behavior data through third-party services that already implement policy-compliant solutions, such as AppsFlyer, Adjust, or DeltaDNA. Paying for third-party services is deemed justifiable for ensuring secure payments and payment analytics, as evidenced by the booming market for third-party analytic services. 

Sergei Dudar, Producer | iLogos Game Studios

#5: Future Privacy Changes

Developers are confident that privacy regulations will become stricter in the next few years: Apple will introduce more restrictions on the collection and storage of user data, and perhaps, Google will follow the same principle. 

Technology does advance faster than policies. ChatGPT is one example where privacy regulations still need to be developed, yet many companies actively use the technology. Developers can adapt new rules on the go and find ways to obtain more customer information.

Published 14 June 2023
80 Level Research