Admob's usage of cookies for non-personalised ads

[J. Yu]

Hi there!

I hope this is the right email to contact regarding questions about Admob's usage of cookies.

I'm a developer utilizing the Google Mobile Ads SDK in my app. I have set in my Admob settings to use contextual ads only and to not serve personalised ads.

I have a question about the usage of cookies in the case of non-personalised ads. From my understanding, Admob will still utilize cookies even in the case of non-personalised ads to prevent fraud and abuse.

However, I do not see a cookie consent screen from Admob when using non-personalized ads. Does the responsibility of obtaining consent for Admob's cookie usage then fall on the developer? Or is Admob supposed to be showing a cookie consent screen in the case of non-personalized ads?

Thank you for your time!

Warm regards,

Jess

[Mobile Ads SDK Forum Advisor]

Hi Jess,

Thank you for contacting the Mobile Ads SDK Support team.

By reviewing your concern, I understand that you are implementing non personalized ads.

Non-personalized ads are ads that are not based on a user’s past behavior. 

Although Non-personalized ads don’t use cookies or mobile ad identifiers for ad targeting, they do still use cookies or mobile ad identifiers for frequency capping, aggregated ad reporting, and to combat fraud and abuse. Therefore, you must obtain consent to use cookies or mobile ad identifiers for those purposes where legally required, such as in certain countries in the European Economic Area (EEA) per the ePrivacy Directive.

I would recommend you to follow this link for more information.
 

This message is in relation to case "ref:!00D1U01174p.!5004Q02q96dq:ref"

Thanks,
 

Mobile Ads SDK Team

[dersekranda]

Hello. I also use non-personalized ads in my apps for Europe and the UK. I guess there is no need for the GDPR message.

How will we use cookies for Admob? Is there an example application? Thanks

30 Ekim 2023 Pazartesi tarihinde saat 17:10:22 UTC+3 itibarıyla Mobile Ads SDK Forum Advisor şunları yazdı:

[Mobile Ads SDK Forum Advisor]

Hi,

Thank you for reaching out to us.

Please note that If you're using non-personalized ads in your apps for Europe and the UK, it's generally considered that you don't need a GDPR consent message because non-personalized ads do not rely on the collection or use of personal data for ad targeting. However, it's essential to ensure that your ad implementation is genuinely non-personalized and doesn't involve any form of user tracking or data collection.

To use cookies for AdMob, follow these simplified steps:

• Create an AdMob Account: Sign up for AdMob if you haven't already.
• Make an Ad Unit: Define where ads will appear in your app.
• Integrate AdMob SDK: Add AdMob's code into your app. AdMob provides specific instructions for Android, iOS, etc.
• Set AdMob Up: Configure AdMob to show ads based on user data (personalized) or not (non-personalized).
• Show Ads: Use code to display ads in your app.
• Privacy Policy: Have a clear privacy policy explaining ad usage in your app.
• Privacy Rules: Be aware of privacy laws like GDPR and get user consent if needed.

Please reach out to us, if you need any further assistance.
 

[dersekranda]

First of all, thank you for the quick reply. Admob ads have already been running for years. What I want to learn is an example of Admob cookie approval. Kotlin or Swift example. My apps are only for kids. Presumably GDPR is not available. This requires cookie consent. Is it possible to use cookies for this?

31 Ekim 2023 Salı tarihinde saat 20:29:49 UTC+3 itibarıyla Mobile Ads SDK Forum Advisor şunları yazdı:

[Mobile Ads SDK Forum Advisor]

Hi dersekranda,

Thank you for getting back to us.

There is no sample project available. I would recommend referring to this link to implement the GDPR in your application and ensure you've added the Google User Messaging Platform SDK to your app to enable it to gather consent.

[dersekranda]

Hello. There is such confusion:
UMP sdk does not work in children's only applications. More precisely, it works, but when the application ump sds is added, the necessary kotlin codes are written and the update is sent, it is rejected. The update is accepted after the ump sdk is removed.
         val parameters = ConsentRequestParameters.Builder()
             .setTagForUnderAgeOfConsent(false)
             .build()

If the above is "setTagForUnderAgeConsent(true)", the GDPR message is not shown. If "setTagForUnderAgeConsent(false)", the GDPR message is shown. But the update is rejected.

I have written about this situation before. I haven't received a sufficient answer yet.

Can you give clear answers to my questions below?

1. All of my applications are applications for children. Do these apps have to use the GDPR message?
2. If the answer to question 1 is yes, how will the rejection situation I mentioned above be corrected? This rejection is not related to my codes.
3. If the answer to question 1 is no, should I show cookie consent instead of GDPR?

1 Kasım 2023 Çarşamba tarihinde saat 11:01:38 UTC+3 itibarıyla Mobile Ads SDK Forum Advisor şunları yazdı:

[Mobile Ads SDK Forum Advisor]

Hi Jess,

Thank you for getting back to us.

Yes, there is a way to completely disable the Mobile Ads SDK or prevent it from utilizing cookies.

To do this, you can add the following code to your app's AndroidManifest.xml file:

<application>

  ...

  <application>

    <meta-data

      android:name="com.google.android.gms.ads.enabled"

      android:value="false" />

  </application>

This will disable the Mobile Ads SDK entirely. If you only want to prevent the Mobile Ads SDK from utilizing cookies, you can add the following code to your app's AndroidManifest.xml file:

<application>

  ...

  <application>

    <meta-data

      android:name="com.google.android.gms.ads.cookieless"

      android:value="true" />

  </application>

This will prevent the Mobile Ads SDK from utilizing cookies.

However, this is a necessary step to comply with GDPR and give users the option to opt out of cookies.

Please reach out to us, if you need any further assistance.

This message is in relation to case "ref:!00D1U01174p.!5004Q02q96dq:ref"

Thanks,
 

Mobile Ads SDK Team

[J. Yu]

Hi there,

Thanks so much for your reply, I appreciate it.

I'm working to make my app compliant with GDPR and give the user an option to opt out of cookies, even if they are considered "essential" for functionality.

Is there any way to either completely disable the Mobile Ads SDK or prevent the Mobile Ads SDK from utilizing cookies, if the user chooses to opt out of ALL cookies?

Warm regards,

Jess

[Jess]

Hi,

Thank you for the AndroidManifest.xml hints, this is great to know!

As I understand it, modifying AndroidManifest.xml means I can disable cookies at buildtime. But is the Mobile Ads SDK able to disable usage of cookies during runtime?

For example, say the app is running and displays a consent screen. Then the user decides they want to disable all cookies. When this happens, I want to tell the Mobile Ads SDK to not use cookies after receiving the user's opt-out decision. Is this possible with code?

Thanks so much for all your help, I'm really grateful.

Warm regards,

Jess

[J. Yu]

Hi there!

I appreciate the hints you provided regarding disabling all usage of cookies in AndroidManifest.xml. Thanks a lot!

However, as I understand it, modifying AndroidManifest.xml to use com.google.android.gms.ads.cookieless is a buildtime option. Is there a runtime option of disabling the Mobile Ads SDK's usage of all cookies?

For example, if display a consent screen while the game is running, and a user chooses to opt out of all cookies in the game, then this would require a method to disable all Admob cookie usage at runtime. Does such a method exist?

Thank you so much for your kind assistance, I greatly appreciate it!

Warm regards,

Jess

[Mobile Ads SDK Forum Advisor]

Hi Jess,

Thank you for getting back to us.

I will check with our team regarding your query and one of my team members will reach out to you once we have an update on this. Meanwhile, your patience is highly appreciated.

[Mobile Ads SDK Forum Advisor]

@J

To answer your original question, Purpose 1 is the consent for cookies. If you are using the UMP SDK and the consent form from the AdMob UI, users can opt-in or out of this by selecting "Manage options" when the GDPR form appears. This screen details the 10 purposes they can consent to. If the user does not consent to cookies (Purpose 1), cookies are disabled. 

@dersekranda

If you want to see an example of the UMP SDK, check out or GitHub iOS and Android examples. If your app is for kids the UMP SDK provides the tagForUnderAgeOfConsent API.

ref:!00D1U01174p.!5004Q02q96dq:ref

[Mobile Ads SDK Forum Advisor]

@J

The Google Mobile Ads SDK reads the TFC spec from local storage. This applies to all Google-certified CMPs but you should consult with that specific consent management platform to confirm. 

For a solution only using the Google Mobile Ads SDK, see Consent for cookie settings to set this up.

Thanks,
Justin

ref:!00D1U01174p.!5004Q02q96dq:ref

[dersekranda]

Thank you for your answer. I've made this suggestion before.
val parameters = ConsentRequestParameters.Builder()
              .setTagForUnderAgeOfConsent(true)
              .build()

If I do as above, that is, set it to "true", the GDPR message will not be displayed. If I set it to "false" the message appears. But this time the application is rejected. 

Will this situation be corrected by January 16, 2024?
Are there any kids-only app developers experiencing a similar problem? Has anyone experienced my problem and applied for a solution?

2 Kasım 2023 Perşembe tarihinde saat 17:38:55 UTC+3 itibarıyla Mobile Ads SDK Forum Advisor şunları yazdı:

[Mobile Ads SDK Forum Advisor]

@dersekranda

Why is your application rejected? If it is due to anything related Google Play's Family Policy?. For reference, the Google Mobile Ads SDK does not have control whether an app gets rejected or not. If you implement .setTagForUnderAgeOfConsent(true), then the GDPR form will not appear which the correct behavior. 

[dersekranda]

So if I set it to true, will my app comply with GDPR? Was it this local?

my app gets rejected when i apply the ump sdk.
The update that I removed the ump sdk and sent the update again is accepted. So the reason for rejection is ump sdk.
  Email regarding the reason for rejection:

Issue details

We found an issue in the following area(s):

SPLIT_BUNDLE 22: Policy Declaration - Data Safety Section: Device Or Other IDs Data Type - Device Or Other IDs (some common examples may include Advertising ID, Android ID, IMEI, BSSID, MAC address)
About the Data safety section in Google Play User Data policy
Your app must be in compliance with this policy. If your app continues to be non-compliant, your app updates will be rejected and your app may face additional enforcement actions in the future.

Please make changes to align your app's Data safety form with the app's behavior. This can be done by either:

Updating your form in Play Console to declare collection of Data Types noted below; or
Removing unwanted functionality and attributable code that collects this user data from your app or libraries used in your app, and when applicable to deactivate all non-compliant APKs.
To deactivate non-compliant APKS, you can create a new release and upload a compliant APK to each track containing the non-compliant APKs.
Be sure to increment the APK version code. If using staged rollout, be sure to set the release to 100% rollout.
For helpful resources, you can:

Learn more about how to provide app privacy and security information for Google Play's Data safety section.
Watch the Google Play PolicyBytes - Data safety form walkthrough.
Check Google Play SDK Index to see if your SDK provider has shared a link to their data safety guidance. Review how any third-party code (such as third-party libraries or SDKs) in your app collects and shares user data.

2 Kasım 2023 Perşembe tarihinde saat 23:32:08 UTC+3 itibarıyla Mobile Ads SDK Forum Advisor şunları yazdı:

[J. Yu]

Hi there!

Thanks so much for your reply! I understand cookies can be disabled via the UMP SDK. But what if I am using a different consent solution?

For example, if I am using my own consent solution, is there a way to tell the Mobile Ads SDK (via a function or API call?) to not use cookies and serve limited ads?

Thank you for your kind assistance!

Warm regards,

Jess

[Mobile Ads SDK Forum Advisor]

@dersekranda

 

Is your app served for children only? If so, we recommend to set the tagForUnderAgeOfConsent to true. There will be no GDPR message because there is a minimum required age for consent. Even though there will be no message, this is in compliance. If you are also using the Google Mobile Ads SDK, you should also set this to true so to not serve personalized ads.

Thanks,
Justin

ref:!00D1U01174p.!5004Q02q96dq:ref

[dersekranda]

Ok. Your answer is sufficient. I got the answer to my question. Thank you very much.

3 Kasım 2023 Cuma tarihinde saat 17:39:12 UTC+3 itibarıyla Mobile Ads SDK Forum Advisor şunları yazdı:

[Sf]

Hello,

 tagForUnderAgeOfConsent to true - There will be no GDPR message 

but starting from January 16, will serve Non-personalized ads or Limited ads(No Ads)

in the designed for families category ? (for European users)

Thank you

Stefa

[Mobile Ads SDK Forum Advisor]

Hello Stefa,

Using the UMP SDK, a user is considered under the age of consent if tagForUnderAgeOfConsent is set to true. With the Google Mobile Ads SDK, the tagForUnderAgeOfConsent must also be set to true for ad requests. In this case, the user will receive limited ads (starting January 16th, per upcoming enforcement).