As a mobile-traffic source that trades a large share of OEM inventory, we’ve upgraded our pipes to the latest OpenRTB 2.6+ changes. Two updates matter most for performance and compliance in 2H-2025: transparent identifier provenance and native fields to test Protected Audience (PA) auctions. Here’s what changed, how we implemented it, and how advertisers and DSPs should respond.

Fix identity trust, then test privacy-first retargeting

Bidding is only as good as the signals you trust. 2.6+ finally standardises where an ID came from and who bridged it, while Google’s Authorized Buyers extensions expose PA test flags at bid time. Together, they let you price OEM impressions by verified identity quality today — and experiment with ID-free retargeting for tomorrow.

What’s new for ID provenance (OpenRTB 2.6-202409)

OpenRTB extends user.eids[] with provenance fields so buyers can separate native advertising IDs from stitched identities:

• inserter – who inserted the EID into the stream (SSP, exchange, publisher SDK).
  
• matcher – who performed any ID bridging or graph match.
  
• mm – the match method (enumerated in AdCOM).
  

At the same time, the spec reiterates the original semantics for device.ifa: it is the platform advertising ID (IDFA/AAID and, where applicable, OEM equivalents such as OAID). Anything not the platform ad ID belongs in user.eids[] with proper provenance. Translation for mobile: stop overloading buyeruid or device.ifa with third-party identifiers; put them in eids and say exactly who created them and how.

Why this matters to OEM supply

OEM marketplaces (Xiaomi/OPPO/Transsion, etc.) often transact a mix of GAID/AAID/OAID and partner IDs. With provenance, our exchange can mark the source and match method for every EID we pass downstream. DSPs gain a clean feature for bid models e.g., pay more when inserter=oem_sdk and mm=native, shade or block when an external graph injected the ID.

What’s new for Protected Audience testing (Authorized Buyers extensions)

To run Protected Audience (formerly FLEDGE) experiments through OpenRTB, Google’s extensions introduce explicit flags and objects in the impression and the response, including:

• imp.ext.ae / imp.ext.igbid – signals that a PA auction is in play and identifies the interest-group bid.
  
• imp.ext.interest_group_auction.* – on-device auction configuration (e.g., render interest group ads).
  
• device.ext.cdep – Chrome 3PC deprecation experiment labels.
  
• BidResponse.ext.igbid – the bidder’s interest-group response.
  

This gives buy- and sell-side a standard wire format to coordinate PA tests without third-party cookies — and without leaking user-level identifiers.

OEM angle

Where OEM inventory routes through web surfaces (device browsers, OEM news feeds) monetised via Google Ad Manager/Authorized Buyers, those requests already carry the PA fields. That lets brands test ID-less retargeting in Chrome while continuing deterministic app-install measurement via MMPs on Android. For in-app OEM supply, the parallel track is Android Privacy Sandbox on device; the RTB layer (and your BI) should log the same flags for experiment analysis.

How we implemented the changes (and what you get)

• Provenance-first RTB: we populate user.eids[].inserter/matcher/mm on all OEM requests, and enforce linting that rejects non-platform IDs in device.ifa. Expect cleaner device graphs and fewer post-auction discrepancies.
  
• PA experiment logging: we ingest and expose imp.ext.ae/igbid and device.ext.cdep; if you bid into PA, we surface igbid performance alongside standard outcomes (install, D1, purchase).
  
• Model features: our bidder treats provenance as an attention-quality prior, lifting win-prices where mm=native and throttling stitched IDs that underperform on retention or ROAS.
  

Integration checklist for advertisers & DSPs

• Parse 2.6+ EIDs. Start reading inserter/matcher/mm; stop relying on buyeruid as a universal key.
  
• Keep device.ifa clean. Only IDFA/AAID/OAID belong here; everything else in user.eids[] with provenance.
  
• Enable PA fields. If you trade via AB, add imp.ext.ae/igbid and return BidResponse.ext.igbid when testing interest-group bids. Log device.ext.cdep to segment Chrome experiments.
  
• Update QA. Validate that OEM SDK traffic marks native IDs as mm=native and that stitched IDs are labeled (or dropped) per your policy.
  

Bottom line

OpenRTB 2.6+ finally gives programmatic a common language for who created an ID and how, and Authorized Buyers extensions make Protected Audience a first-class, testable path to retargeting without cross-app IDs. For OEM traffic, that’s a win-win: you can pay for verified identity today and pilot ID-free reach for tomorrow — with one spec, one log format, and fewer assumptions in your bid models.