Request: share the code of Admob SDK, of how it fetches the UMP values of GDPR and US regulations choices

[Liran Barsisa]

Right now it's not written easily anywhere.

Not only that, but I think the one of the US regulations isn't functioning as it says:
https://issuetracker.google.com/issues/391129956

https://groups.google.com/g/google-admob-ads-sdk/c/X-huuHRx35o

So, please share the code of this part, to be used for all ad-sources of mediation.

[Mobile Ads SDK Forum Advisor]

Hi Liran,

I will raise this concern to the wider team, and will intimate once receive any update on this, meanwhile your patience is important.

This message is in relation to case "ref:!00D1U01174p.!5004Q02vGz8S:ref" (ADR-00286410)

Thanks,
 

Mobile Ads SDK Team

Feedback
How was our support today?

               

 

 

[Liran Barsisa]

Thank you. 
If needed, you could have a new dependency to automatically take the data from the Google's SDK to pass it to Admob's various ad-sources in the beginning of the code of MobileAds.initialize, and then we won't even need to add extra code for each ad-network.

The dependency should also allow us to do it manually, but just get us the basic values of GDPR&US regulations choices, that would be easy to pass forward for each network.

[Mobile Ads SDK Forum Advisor]

Hi Liran,

Thank you for your suggestion. I will inform to the wider team and one of my team members will reach out to you once we have an update on this. Meanwhile, your patience is highly appreciated.

[Mobile Ads SDK Forum Advisor]

Hi Liran,

I'd like to provide a more detailed update on the issue.

First off, we are noticing that the shared preferences do save when making a decision, despite the error warning. The encoded values are similar for the IABGPP_HDR_GppString key, but I'm seeing:

Allow data sharing: DBABL~BVQqAAAAAg
Don't allow data sharing: DBABL~BVQVAAAAAg

Note that one string has a q and another has a second V.

If you plug these into the IAB decoder:
1. https://iabgpp.com/#DBABL~BVQqAAAAAg
2. https://iabgpp.com/#DBABL~BVQVAAAAAg

You can see how the unencoded settings are different. Please reconfirm on your end.

Regarding the error message, this is a known issue we are prioritizing first. The plan is to fix this in an upcoming 3.2.0 version of the UMP SDK. We are also planning to make a serving change to fix this on 3.1.0 and earlier UMP SDKs. However, a side effect of this change would be that the ConsentStatus value you get from the SDK would start reporting OBTAINED on these old versions instead of NOT_REQUIRED. Going forward in 3.2.0, it would continue to return NOT_REQUIRED again since consent isn't actually required. Do you have an app live with this change, and if so, would that change impact your existing app?

I also acknowledge your feedback about a) The above string being hard to parse, and b) wanting it automatically forwarded. I'm going to continue to request prioritization on an easier solution for a). I also agree with you on b) being useful and more helpful overall. But for reasons I won't go into detail here, b) is a larger lift to get approved and is unlikely to happen.
 

This message is in relation to case "ref:!00D1U01174p.!5004Q02vGz8S:ref" (ADR-00286410)

Thanks,
 

Eric Leichtenschlag Mobile Ads SDK Team

Feedback
How was our support today?
               
 

 

[Liran Barsisa]

What I've found is that as I added a listener to SharedPreferences, it didn't reach the callback at all:

Do this before everything:

PreferenceManager.getDefaultSharedPreferences(context).registerOnSharedPreferenceChangeListener(object : OnSharedPreferenceChangeListener {

override fun onSharedPreferenceChanged(sharedPreferences: SharedPreferences, key: String?) {
Log.d("AppLog", "onSharedPreferenceChanged key:$key value:${if (key == null) null else sharedPreferences.all[key]}")
}
})

Then change the settings of the US dialog multiple times. For some reason it either gets called just once, or never.

I wanted to use it to pass the current status to a MutableLiveData, for example.

I also added a change to there just to make sure I registered properly, and I can see that the callback is being called here:

Handler(mainLooper).postDelayed({
Log.d("AppLog", "testing changes to SharedPreferences...")
androidx.preference.PreferenceManager.getDefaultSharedPreferences(this).edit()
.putString("test", SystemClock.elapsedRealtime().toString()).apply()
}, 5000L)

Why doesn't it get called when I do it via the dialog of the SDK ?

I also added this, to check manually:

binding.checkButton.setOnClickListener {
val result=androidx.preference.PreferenceManager.getDefaultSharedPreferences(this).getString("IABGPP_HDR_GppString",null)
Log.d("AppLog", "result:$result")
}

Seems only then it gets the values.

As for the values, seems the change is indeed hard to notice. Just one letter, from "q" (share) to "V" (don't share).

But what does it mean? How can I know how to parse it to a boolean?

Should I just compare to the string of "DBABL~BVQVAAAAAg", and if it's equal, it means that the user has chosen not to share the data?

Or I should check the character on the specific location of "V"?

Or something more complex, of some bitwise operation?

As for your parsing, please explain what you did. 
How from some weird string, did you find out if it's approved or denied, which is the boolean we are supposed to pass to the ad-networks.

Please share the code you use for Admob for this matter.

You gave me links that make it even more confusing.

Why isn't there a normal SDK to query? Such weird encodings, yet what we need is a simple boolean, both here for US regulations and for GDPR...

About being automatically sent, you can have a new dependency to help with it. 

By default it would automatically send the GDPR&US regulations results to all adapters of the various available ad-networks that Admob supports.

It will also have easy-to-use functions to do it manually. One function for GDPR that will return boolean , and another function for US regulations that will return a boolean.

Please also make it open sourced.

[Mobile Ads SDK Forum Advisor]

Hi Liran,

registerOnSharedPreferenceChangeListener does not maintain a strong reference to the listener you provide (see linked documentation). So it is getting garbage collected. The following code is working for me:
 

private lateinit var sharedPreferenceChangeListener: SharedPreferences.OnSharedPreferenceChangeListener
...
sharedPreferenceChangeListener = SharedPreferences.OnSharedPreferenceChangeListener { sharedPreferences, key ->
  Log.d(
    TAG,
    "onSharedPreferenceChanged key:$key value:${if (key == null) null else sharedPreferences.all[key]}"
  )
}
PreferenceManager.getDefaultSharedPreferences(this).registerOnSharedPreferenceChangeListener(sharedPreferenceChangeListener)

The value is encoded based upon the IAB GPP spec. The UMP SDK fills out the US-National section. You will quickly find that it's still a lot to navigate this. Generally,
this is something you shouldn't need to do, but something that a consent management provider like UMP SDK writes, and ad providers like the Google Mobile Ads SDK read.
https://iabgpp.com/ is a decoding tool that helps you manually check. I understand you want a code solution to decode, and I don't know if IAB provides one. I also
acknowledge what you want/need is a "yes/no" bit. In the case of US states integration, I think this is reasonable and is a FR I will continue to ask for internally.

Note that our preferred solution is that all ad tech vendors read and support the IAB spec. The key is written to a standardized place in a standard format for the spec,
so if all other ads SDKs were to read this, nobody would need to "pass" them consent manually (either you or Google through mediation adapters). In practice, I don't
think most other SDKs read it. The Google Mobile Ads SDK does though, in the event apps use a different consent management platform than UMP SDK.

GDPR is much more complicated of a spec where consent is not boolean. You can consent to various ad sources but not consent to others. The purposes for which a user
grants consent are different. The code at https://developers.google.com/admob/android/privacy/gdpr#how_to_read_consent_choices explains how to pull out purpose 1 consent
from the shared preferences that the UMP SDK writes as part of the IAB TCF spec, but stops short of recommending you use that as the "boolean" to pass to partners
because it is not a perfect proxy.

Similar to the GPP spec, ideally all ad sources would read this TCF spec for GDPR handling such that booleans wouldn't need to be forwarded via a proprietary API to
each ad source SDK manually.

[Liran Barsisa]

About the GC, seems correct. Weird because initially I didn't use this code, but my own implementation that uses a singleton of it:

@Suppress("unused")
object PreferenceUtil {
    @Volatile
    private var sharedPreferences: SharedPreferences? = null

    fun getDefaultSharedPreferences(context: Context): SharedPreferences {
        this.sharedPreferences?.let { return it }
        synchronized(this) {
            this.sharedPreferences?.let { return it }
            val result = PreferenceManager.getDefaultSharedPreferences(context)!!
            this.sharedPreferences = result
            return result
        }
    }
}

In any case, how can I now fetch this boolean for the US regulations out of the "IABGPP_HDR_GppString" value? 

What should I do exactly?

As for GDPR, the ad networks didn't agree to what you are saying, and instead they told me to talk with Google and check things out myself.

Also they want a boolean in their APIs. Not just a string of GDPR/US values.

And that's mentioned even on Admob's website. Admob's website doesn't mention how to get this information from any standard. 

Examples:
Unity:
https://docs.unity.com/ads/en-us/manual/GDPRCompliance#Android_(Java)

Chartboost:
https://developers.google.com/admob/android/mediation/chartboost#kotlin

Inmobi (this one also wants IM_GDPR_CONSENT_IAB value, for some reason):
https://developers.google.com/admob/android/mediation/inmobi#eu_consent_and_gdpr

Vungle/Liftoff:
https://developers.google.com/admob/android/mediation/liftoff-monetize#eu_consent_and_gdpr

Very few take things automatically, and even those that do, they don't do it for both GDPR and US regulations. Only one of them.

For example, IronSource, AppLovin, take GDPR values, but not US regulations values.

Mintegral fetches GDPR values too, but only when I initialize it before calling "MobileAds.initialize". 

There could be multiple ways that this could have been done, but none of those options exist:

1. Automatically by all ad-networks, and Admob would offer them only if they do it properly.

2. Manually by us, but with the SDK of Google giving us the way to fetch it nicely for each ad-network

3. Done via the Admob's mediation SDK, for each adapter

Instead I'm left in the dark with very unclear docs, and talking with both Admob and the ad-networks mean they just tell me to talk with others.

Your links just show how unclear the docs are...

We don't live in ideal world, but we can fix what we can for it.

[Liran Barsisa]

BTW, you said that Admob does things automatically, so please share the code for it, so that we could use the same thing for the other ad-networks.

It should especially be an easy thing for the US regulation part, because the dialog has only 2 options, so it has to be a boolean that works for all ad-networks the same way.

[Mobile Ads SDK Forum Advisor]

I mentioned AdMob automatically *reads* consent from the official specs - https://developers.google.com/admob/android/rel-notes#19.0.0. UMP SDK doesn't actually talk to the Google Mobile Ads SDK. UMP just writes to local storage per the official spec and the Google Mobile Ads SDK reads from the official spec at that location at ad request time.

I understand that most networks don't accept the spec, and their official documentation wants a boolean. Unfortunately, there's too much liability in understanding every ad network's proprietary parameter, their implementation, and how that maps to the complex consent settings that are required by the official IAB (interactive advertising bureau) spec. The IAB built standards around these regulations to standardize the industry, but not every network participates in supporting that spec. As a result, that is something you as a publisher are forced to take on.

I will mention https://developers.google.com/admob/android/privacy/gdpr#how_to_read_consent_choices again, as purpose 1 consent yes/no is a critical bit of consent that massively impacts what ad serving mode Google operates in (https://developers.google.com/admob/android/privacy/ad-serving-modes). That bit is the result of the option to "store and/or access information on a device" setting from the GDPR consent form. You may choose to map this to other partner SDK's boolean bits as a proxy, but you will have to decide whether that's acceptable from a legal standpoint.

For US states, I think it's reasonable to do a mapping today based on these strings, as that matches the encoding of the spec exactly.

DBABL~BVQqAAAAAg - Allow data sharing:
DBABL~BVQVAAAAAg - Don't allow data sharing

If the spec changes, and the result is something different than these two strings, you would have to decide what the default should be.

As mentioned before, I will discuss with the team internally about adding some API like ConsentInformation.isUSDataSharingAllowed() to make this easier. Since this one is more clearly a yes/no from the form itself.

[Liran Barsisa]

I know UMP just stores the data, but that's not enough because the ad-networks need the decision result as a boolean.

If you know that there is a problem and that many don't use it, why aren't you offering it?

At the very least, teach how to fetch it for ad network XYZ with steps, so that we can do it ourselves. Instead you just send us to weird standards documentation that takes tens of pages...

What do you mean about legal standpoint? If it's good for Google's Admob, why shouldn't it be good for others, especially if they don't offer any help in fetching what they really want.

Is the function of "canShowPersonalizedAds" enough here:

https://stackoverflow.com/q/79371638/878126

?

Or should I use the "detectAdConfiguration", which often requires me to update the value for goodVendorConfiguration there?

Why is it so hard instead of having it set up properly in the UMP SDK or a helper SDK to it? 
Just have there some function "canShowPersonalizedAdsForAdNetwork(...)" that returns a boolean and that's it.

Why choose a standard that the ad-networks themselves don't use...

Why can't we have a simple dialog like of the US regulations one, of just a simple yes/no choice...
Many users that saw this dialog complain about it, as if now things changed and the apps have malicious intent...

About US regulations string, are you saying that I can just compare the string to one of these constant values, and determine by it alone? No need to even check specific character in there?

What's the purpose of all the rest of the string, if it stays the same, in this case?

[Liran Barsisa]

We don't even have a function to check if the user/device is subjected to GDPR or not ...

[Mobile Ads SDK Forum Advisor]

Hi Liran,

The canShowPersonalizedAds() method from https://stackoverflow.com/q/79371638/878126 looks correct to me for consent for Google specifically. The checks it makes matches the purposes/legitimate interest requirements as explained in https://developers.google.com/admob/android/privacy/ad-serving-modes#personalized_ads, and 755 is Google's registered ID (based on https://iabeurope.eu/vendor-list-tcf/).

That method does NOT say if there was consent for other vendors. InMobi would be ID 333 from this TCF vendor page, and Liftoff is 667. Looking for those additional IDs on top of that method is a pretty good approximation, but I don't know if Liftoff and Chartboost requires the same set of GDPR purposes as Google.

Unity and Chartboost are not even TCF registered. For non-registered partners, Google has an "Additional Consent" spec at https://support.google.com/admob/answer/9681920 that writes to yet another shared preferences location (IABTCF_AddtlConsent). From there, Chartboost is ID 2898 and UnityAds is 3234. The AC string 2~1.35.41.101~dv.9.21.81 means that the user has consented to ATPs with IDs 1, 35, 41 and 101, ATPs with IDs 9, 21, and 81 have been disclosed to the user and the string is created using the format defined in the v2 specification. You could look for 2898 and 3234 in this string to see if Chartboost and Unity are there.

For US states, you can see from the JSON output at https://iabgpp.com/#DBABL~BVQqAAAAAg and https://iabgpp.com/#DBABL~BVQVAAAAAg what these value mean. I'm seeing these three settings change based on the two configurations:

• SaleOptOut"
• "SharingOptOut"
• "TargetedAdvertisingOptOut"

So even though you don't have the decoding in your project, you may choose to infer a boolean based on the hardcoded strings for yes/no.

I don't have the details for why none of the other bits don't change. But this is just the implementation of the UMP SDK as a consent management provider for US states.

Finally, for GDPR, there is an IABTCF_gdprApplies key in the local storage. Documentation for that is at https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/TCFv2/IAB%20Tech%20Lab%20-%20CMP%20API%20v2.md#in-app-details. I'm not aware of anything similar for US states.

[Liran Barsisa]

How do I know which number belongs to which ad-network?

Why isn't the website you've provided in the docs and in an SDK we can all use, with constants to reach each of them?

I don't understand if what you wrote means I can just change this id value for each ad-network or I need more, and what to do with those that aren't on the list...

As for IABTCF_AddtlConsent, I never saw this mentioned anywhere on any ad-consent question on StackOverflow, and I don't understand what you are saying. 

About US regulations, I don't understand if you mean I can just compare to the strings I've mentioned or not. Can I use something like that:

fun isDataShareAllowed(context: Context): Boolean {
    val defaultSharedPreferences = PreferenceUtil.getDefaultSharedPreferences(context)
    val gppString = defaultSharedPreferences.getString("IABGPP_HDR_GppString", null) ?: return true
    //        DBABL~BVQVAAAAAg - don't share
    //        DBABL~BVQqAAAAAg - allow share
    return gppString == "DBABL~BVQqAAAAAg"
}

?

Please just make these things possible for all.

You have ad mediation, but nothing about how to pass GDPR and US regulations data that is required...

Why aren't there any Github samples SDKs for such an important thing by Admob/Google?

About IABTCF_gdprApplies, I already had it (again from things that other people wrote as the docs are hard to understand), but I mentioned that we don't have any API for it, anywhere.

This is what I have:

fun isGDPR(context: Context): Boolean? {
    val prefs = PreferenceUtil.getDefaultSharedPreferences(context)
    val gdpr =
            if (prefs.contains("IABTCF_gdprApplies"))
                prefs.getInt("IABTCF_gdprApplies", 0)
            else return null
    return gdpr == 1
}

[Liran Barsisa]

Can you please update the docs of each ad-network that Admob supports in mediation, of how to fetch the data for it?

Or create a library just for this (or update what we have) ? Or offer to automatically fetch everything via MobileAds.initialize and pass it for each of the ad-networks?
That's when they all need this data anyway...

[Mobile Ads SDK Forum Advisor]

Hi Liran,

The CSV for additional consent vendors is https://storage.googleapis.com/tcfac/additional-consent-providers.csv. This was linked off the help center article for additional consent, but is also mentioned in the FAQ at https://developers.google.com/admob/android/privacy/gdpr#frequently_asked_questions. Any partners in IABTCF_AddtlConsent are partners that are not registered with IAB TCF at https://iabeurope.eu/vendor-list-tcf/.

The Stackoverflow post only mentioned the IAB TCF ID 755 which is for Google. Each ad tech vendor has a different iD that's either with the IAB TCF list, or part of this additional spec that Google created for vendors not in the IAB list.

For GPP decoding, I just learned there is a java library for decoding: https://github.com/IABTechLab/iabgpp-java. We are looking into this as part of trying to make the docs more helpful on decoding US states consent choices.

Thanks,
 

Eric Leichtenschlag Mobile Ads SDK Team

Feedback
How was our support today?
               

[2025-02-20 23:50:22Z GMT] This message is in relation to case "ref:!00D1U01174p.!5004Q02vGz8S:ref" (ADR-00286410)

 

[Liran Barsisa]

Guys I don't understand what you are saying, so I will ask in a different way:

1. Some companies appear in the "EU IAB TCF Vendor List" , either here or here. 

I've noticed that Admob takes the data automatically for us, from the SharedPreferences, and it seems at least another that's on the list (I think it was Vungle/Liftoff) also does it automatically, yet it's not mentioned on its docs.

Just by having them there, does it mean I have to pass the data that I parse from SharedPreferences to them via their special SDK functions (GDPR and US regulations) or not?
If I don't have to do it, why isn't it mentioned in the Admob's website about them?

If I have to do it, why isn't there any explanation how to fetch this information?

2. Please answer with Yes if possible, and if not, please explain more:

For companies that are on the list, is the function I've mentioned with the 755 there needs to change just by the number?

If not, what other more steps are required?

3. Some companies don't appear on the list. 
What do I need to do about it? Where are the docs about it in terms of parsing from the SharedPreferences?

4. Some companies don't even have any docs about them, those that have no SDK at all. Should I do anything about them?

5. Why for each of Admob's support of ad-networks in mediation, doesn't Admob have any support for them in terms of GDPR&US regulations so that we won't have to deal with them by parsing things on our own from the UMP SDK, when Google is the one that created the UMP SDK ? 

Even a generic solution that's in a new dependency? 
Something like just 4 functions would be enough: 

- isDeviceOnGdpr():boolean

- isDeviceOnCca():boolean  - can be merged with previous one, to return an integer of which type/s it belongs to

- getCcpaResult():boolean

- getGdprResultForAdNetwor(adNetworkEnum):boolean - the parameter can be an integer

Why not offer it to all, instead of putting links to countless of pages of specs that are unclear?
The list of supported ad-networks haven't changed in a very long time, and some of them don't seem to be working anymore (forms are invalid etc...)...

6. Why can't you share the code that Admob uses to detect about itself for GDPR and where is the code it uses for US regulations? 

Is it the same function as I've mentioned, of the 755 for GDPR, and checking the string of  "DBABL~BVQVAAAAAg" or "DBABL~BVQqAAAAAg" for US regulations ?

The US regulations can help for all networks, after all...

And if the ID is the only thing that needs to change for some networks, it could also be shared with explanation of how to do it for them.

7. Is there a way to check if the user has confirmed all in the dialog of GDPR, using the simple button that the dialog has?

What would the code to detect this be? Why can't I use this for the various ad-networks? The user might not even enter to look at all the networks...

[Mobile Ads SDK Forum Advisor]

Hi Liran,

1. When we last did a poll of partners, they did not confirm that they read the TCF string from shared preferences. Each partner's documentation has a section on privacy settings (example for Liftoff is https://developers.google.com/admob/android/mediation/liftoff-monetize#step_4_implement_privacy_settings_on_liftoff_monetize_sdk) with information about how each partner handles GDPR and a link to their relevant documentation. There is no direct explanation about how to forward to each partner because Google does not know each partners specific consent requirements (which purposes, consent vs legitimate interests, etc), to attempt to do a mapping. Those requirements could also change over time and we do not want to present misinformation. This is why we link to the partner documentation. Docs sections at https://developers.google.com/admob/android/privacy/gdpr#how_to_read_consent_choices and https://developers.google.com/admob/android/privacy/us-iab-support#read-consent-choices give some general information about how to read choices, and over time we will improve those to make them a bit more helpful.

2. I'm assuming you're referring to https://stackoverflow.com/q/79371638/878126. 755 needs to change to the relevant partner. Also, the purposes from this code:
 

 return hasConsentFor(listOf(1, 3, 4), purposeConsent, hasGoogleVendorConsent)
            && hasConsentOrLegitimateInterestFor(listOf(2, 7, 9, 10), purposeConsent, purposeLI, hasGoogleVendorConsent, hasGoogleVendorLI)

*may* need to change. This is precisely the information we don't have, and partners to our knowledge don't document, whether these are the purposes they use the data for. I can't provide you legal guidance here, you will have to consult with your company's legal team, or if you are a solo developer, make a judgment decision. Or reach out and ask each partner for guidance.

3. Companies that don't appear on this list are instead part of the "Additional Consent" spec I mentioned earlier at https://support.google.com/admob/answer/9681920. This document explains that the key to read this part of the consent is at IABTCF_AddtlConsent and the format of the consent string. The partner identifiers that would show up there are listed at https://storage.googleapis.com/tcfac/additional-consent-providers.csv.

4. Which companies are you referring to? The bidders from https://developers.google.com/admob/android/choose-networks who say "No SDK required"? If so, those partners will be in one of the two lists.

5. For decoding, that's outside the scope of a consent management provider. For Android, https://github.com/IABTechLab/iabgpp-java can do it. For something like getGdprResultForAdNetwork(adNetworkEnum), As I've explained above, it's not just a simple boolean, we are not in control of how 3ps use the spec.

6. The Google Mobile Ads SDK automatically reads the TCF string and it is parsed server-side. It's not something the client does.

7. There is not. That button writes the defaults, but the vendors written may be different depending which vendors are submitted to the AdMob/Ad Manager UI. Purpose 1 is a pretty significant purpose for consent. Without it, Google enters limited ads serving mode (per https://developers.google.com/admob/android/privacy/ad-serving-modes#limited_ads). This is why the docs at https://developers.google.com/admob/android/privacy/gdpr#how_to_read_consent_choices specifically show how to get purpose 1 as that is likely a very important purpose for other ad networks as well. I cannot officially recommend you go with just that though, against this is something you should consult with your legal team on.

 

Thanks,
 

Eric Leichtenschlag Mobile Ads SDK Team

Feedback
How was our support today?
               

[2025-02-21 22:58:32Z GMT] This message is in relation to case "ref:!00D1U01174p.!5004Q02vGz8S:ref" (ADR-00286410)

[Liran Barsisa]

1. So you don't know even if a company being in the website list you've provided means anything?

The docs of the companies don't mention anything about fetching data from SharedPreferences or TCF string or anything. They just want a boolean for GDPR and a boolean for US regulations.

The links you've provided don't help. They make things more confusing. How could you say that you don't know what ad-networks want and tell me to look at their docs, yet you can see for yourself they don't show anything about those things.
Here, examples of docs by ad-networks, and you can see none of them talk about how to fetch data, only about how to pass the data to them:

Unity:

https://developers.google.com/admob/android/mediation/unity#eu_consent_and_gdpr  => https://docs.unity.com/ads/en-us/manual/GDPRCompliance#Android_(Java)

https://developers.google.com/admob/android/mediation/unity#us_states_privacy_laws  => https://docs.unity.com/ads/en-us/manual/CCPACompliance#Android_(Java)

IronSource:

for GDPR , no need to call IronSource.setConsent, as it's fetched from Google: https://developers.google.com/admob/android/mediation/ironsource#us_states_privacy_laws => https://developers.is.com/ironsource-mobile/android/regulation-advanced-settings/

https://developers.google.com/admob/android/mediation/ironsource#us_states_privacy_laws

Applovin:

https://developers.google.com/admob/android/mediation/applovin#optimizations => https://developers.applovin.com/en/max/android/overview/new-sdk-initialization-api/

No need for GDPR stuff: "AppLovin supports reading the consent string from shared preferences and setting the consent status accordingly."
https://developers.google.com/admob/android/mediation/applovin#us_states_privacy_laws => https://developers.applovin.com/en/max/android/overview/privacy#multi-state-consumer-privacy-laws

Chartboost:

https://developers.google.com/admob/android/mediation/chartboost#kotlin

Mintegral:

https://developers.google.com/admob/android/mediation/mintegral#eu_consent_and_gdpr 

It says it's fetching the data of GDPR automatically but not about US regulation, yet it says we do need to call something manually before "MobileAds.initialize".

Inmobi:

https://developers.google.com/admob/android/mediation/inmobi#eu_consent_and_gdpr => https://support.inmobi.com/monetize/sdk-documentation/android-guidelines/overview-android-guidelines#add-the-inmobi-sdk

Here it says that US regulation is fetched automatically: "the InMobi adapter added support to read IAB U.S. Privacy string from shared preferences"

LiftOff:

https://developers.google.com/admob/android/mediation/liftoff-monetize#eu_consent_and_gdpr => https://support.vungle.com/hc/en-us/articles/360047780372-Advanced-Settings#gdpr-recommended-implementation-instructions-0-1

https://developers.google.com/admob/android/mediation/liftoff-monetize#us_states_privacy_laws => https://support.vungle.com/hc/en-us/articles/360047780372-Advanced-Settings#ccpa-implementation-0-9

You need to tell them to be clearer, about what's fetched automatically in case we use UMP SDK by Google, and how to fetch the rest for them if needed.

2. So talk with the partners to have clear instructions. If you don't mention them and they don't, there is no way I can know what to do.

Is this answer at least correct for ad-networks that are on the vendors list websites, that I can use it ?

3. I don't understand what I need to do about these. How do I parse what's needed to pass for them, and if you already know the answer, why not provide it in the UMP SDK ? 

Also, for ad-networks that are on the vendors list, is it ok to assume they fetch the data themselves for GDPR and US regulations ? 

4. Yes, I'm talking about these. What do you mean that they will be "in one of the two lists" ? Should I do something about them? Do they get the GDPR and US regulations data automatically from UMP SDK via Admob?

5. You can make things easier by having functions that can help.

I don't understand what is this github repository you've linked to.

Why isn't there a function of "isGDPR" and "isCCPA" (or a function to return an enum of either or none)? 
Why isn't there a function to return the result of CCPA?

Why isn't there a function for all the ad-networks that you are supporting in mediation, as you can contact with them for partnership?

Or even the "accept all" option? Why isn't there a function to return this boolean, if the user accepted all in the UMP dialog? If all was accepted then surely it will be fine for all ad-networks...

6. You pass the whole TCF string to the server instead of parsing locally? 
OK so please share this code instead. Show how to parse it nicely for all networks.

7. Are you saying that even if the user has accepted all using the single button of the dialog, it might not be enough for the various ad-networks?
What could possible be more than accept-all?
Are you saying we should show yet another dialog? What is this dialog? 
Or that the user should have entered somewhere in the settings of the UMP dialog and do something there?

Guys you are making things more and more complicated and confusing. There is no way to implement things correctly because of this.

You handle things automatically only for Admob, making it impossible for other ad-networks to be handled. That's not a nice competition.

[Liran Barsisa]

BTW, it's incorrect that Admob can't do anything about GDPR being mentioned as being auto-fetched for various ad-networks.
Proof: It already does mention it for some. 

Example is Applovin, as it says there:
"Since SDK version 12.0.0, AppLovin supports reading the consent string from shared preferences and setting the consent status accordingly."
https://developers.google.com/admob/android/mediation/applovin#step_4_implement_privacy_settings_on_applovin_sdk
I don't know if it's the adapter or AppLovin SDK itself because it doesn't mention it, but for either case it's good to have it.

[Mobile Ads SDK Forum Advisor]

Hi Liran,

1-3. When we reached out to partners last year, I believe it was only AppLovin that positively confirmed they read the TCF (Transparency and Consent Framework) string. It is the SDKs that should read it if they support it, there is no need for an adapter to pass it to them because every ads SDK has access to a context and can look up SharedPreferences directly. We don't have visibility into partner SDK behavior, so we need supporting documentation on their site to link to off Google documentation, as the source of truth for it being automatically read. Any partner that's TCF registered at https://iabeurope.eu/vendor-list-tcf/ should in theory be supporting the spec, so we can reach out again in an effort do document similar for other partners.

The vendors that are on the https://iabeurope.eu/vendor-list-tcf/ list are specifically TCF registration which the spec built for GDPR. This registration provides no indication about US states. US states doesn't have a similar registration.

4. Correction here, ad sources with "no third-party SDKs required" from https://developers.google.com/admob/android/choose-networks#network_details are handled automatically for you. The ad server does parse the TCF string, figure out if those non-SDK bidders have consent, and block bid requests to those ad sources if there is not consent for that vendor. Additionally, depending on the purposes consented to, the ad serving mode is determined and sends a compliant request based on that consent.

To be clear, this also happens for SDK bidders too, where bid callouts are blocked if there's no consent for that partner. The key difference though is that there may be consent for the partner, just not consent for  identifiers and ad personalization. And while Google's bid callouts are compliant, these SDK-based partners have the ability to collect their own encrypted signals to be used in bid request, and do their own rendering after bidding, and during both points may collect and use identifiers in a way that's not visible to Google or under our control. This is where settings on the respective partner SDKs comes in to make sure they are compliant.

Waterfall ad sources also still serve in "Limited Ads" mode even if there is no consent, and similarly what those SDKs do is not under Google's control.

5. Traditionally, the UMP SDK is a consent management provider SDK, a tool to help you collect and store consent. It is not a consent parser. In the short term, I shared with you an SDK that performs that task. We are thinking about ways to help make this transition to these booleans to make your job easier, but this is not available today.

6. It's not feasible to share the server-side code. Also in general it's a non-goal to have partners parse, so any effort towards doing that is better spent on the other parts of feedback you have around helper functions to translate consent to booleans.

7. There is code to check all the purposes, and that is already in the stackoverflow post you linked earlier. But is the ad technology partner in question included in your consent request (i.e. is it one of the partners you configured in the AdMob UI?). Two different apps may request 2 different sets of partners, so the "yes" button will write the same purpsoes, but could write a different set of vendors. So again, up to you if you care to do the vendor check.
 

Thanks,
 

Eric Leichtenschlag Mobile Ads SDK Team

Feedback
How was our support today?
               

[2025-02-26 16:30:20Z GMT] This message is in relation to case "ref:!00D1U01174p.!5004Q02vGz8S:ref" (ADR-00286410)

[Liran Barsisa]

1-3. So do it. Talk with all ad-networks to make it automatic for all of them. Or at least tell them to show how to parse the TCFstring for them to get this magic boolean they want.

Applovin isn't the only one. There is  IronSource and Mintegral too:
https://developers.is.com/ironsource-mobile/android/regulation-advanced-settings/
"Starting from ironSource SDK 7.7.0, GDPR consent from the Google UMP (Google’s CMP solution) and CMPs that support Google Additional Consent, is automatically passed to the ironSource SDK"

Mintegral  docs available after login on : https://dev.mintegral.com/doc/index.html?file=sdk-m_sdk-android&lang=en#sdkprivacycompliancestatement
/**
* If you use UMP, use the following method to set GDPR consent.
* Please confirm "Mintegral International Limited" is in the UMP vendor preferences.
* If not, please add "Mintegral International Limited" to the UMP management platform.
* Method added in V16.5.7
*/
void setConsentStatus(Context context);

And I also talked with Vungle/Liftoff recently and it seems they also read automatically, but that's not mentioned anywhere.

I don't know what about CCPA US regulations though. Seems it's usually only GDPR that's mentioned. 

4. It's not written anywhere about ad-networks that don't need an SDK. Please have links to their websites to also mention about app-ads.txt and a way to communicate with them, so that we can ask about it.

5. You can have another SDK just for parsing, especially the easy things I've mentioned.

6. So do something. It's impractical to tell us to read specs that take so many pages... Not to mention that the ad-networks don't cooperate about what they need, as opposed to what you say that we should just ask them.

7. Which function ? The "detectAdConfiguration", with the "goodVendorConfiguration" variable? This one needs to get updated from time to time, sadly, as the list changes.

I don't understand what you are saying here at all.

Also what is "up to you if you care to do the vendor check." ? There is an alternative? What can I do that should be easier? Why isn't it mentioned anywhere and with code/API/sample/SDK/library available to us?

[Mobile Ads SDK Forum Advisor]

Hi Liran,

Thank you for the feedback.

Re: #7, canShowPersonalizedAds looks correct to me for Google ads specifically. From that method, the lines:

val googleId = 755
val hasGoogleVendorConsent = hasAttribute(vendorConsent, index = googleId)
val hasGoogleVendorLI = hasAttribute(vendorLI, index = googleId)

are checking for the Google-specific vendor. To do this for other partners registered by IAB, find the partner ID in https://iabeurope.eu/vendor-list-tcf/ (e.g. Liftoff Monetize is ID 667), and check that instead.

Thanks,
 

Eric Leichtenschlag Mobile Ads SDK Team

Feedback
How was our support today?
               

[2025-02-28 23:23:12Z GMT] This message is in relation to case "ref:!00D1U01174p.!5004Q02vGz8S:ref" (ADR-00286410)

[Liran Barsisa]

7. But you wrote "check all the purposes". It works for all other ad-networks that Admob supports for mediation?
Or only ad-vendors on the lists?

Or none?

Can I trust it completely and pass this data to the SDKs when needed, or there is something missing here?

For example, for Liftoff (which BTW, they told me they get GDPR values already, but sadly not CCPA), I can use this to query its status completely fine, just by changing the 755 to 667 ? 

And can I use it for every other ad-network that I find on the vendors lists websites I've mentioned?

If so, please document it for each ad-network, that we can use such a function for UMP, offer a way to have some library of yourself (new or existing one) do it for us, and in case it's already done (in case of using UMP) just mention that no need for any code.

Currently there is no consistency and all goes to "ask the ad-networks about what to do" , even when you are saying you know what to do...

[Zubaida Jannat]

theres no partner .

--

---
You received this message because you are subscribed to the Google Groups "Google Mobile Ads SDK Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-admob-ads...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/google-admob-ads-sdk/ehUaM000000000000000000000000000000000000000000000SSF2AO00829YWASwQvaHsKuUMBPJ8A%40sfdc.net.