User Consent Flow - cleveradssolutions/CAS-Android GitHub Wiki
:zap: Before you start
Make sure you have correctly Privacy Regulations.
- Overview flow
- Automatic consent flow
- Manual consent flow
- Privacy options button
- Debug geography
- Custom Consent Logic
[!NOTE]
If you implement a CMP that is compliant with IAB TCF v2 (Transparency & Consent Framework) for your user consent flow, the CAS SDK supports sending the TCF v2 consent to networks. In this case, the CAS Consent Flow will not be shown to the user.
[!WARNING]
If you integrate your own CMP flow, make sure the flow completes before you initialize the CAS SDK.
In order for CAS and our ad providers to deliver ads that are more relevant to your users, as a mobile app publisher, you need to collect explicit user consent for use of personal data in the regions covered by GDPR, CCPA, LGPD, PIPEDA.
[!NOTE]
Keep in mind that it’s best to contact qualified legal professionals, if you haven’t done so already, to get more information and be well-prepared for compliance.Read more about:
Overview flow
Users will not see the Consent dialog if at least one of following is true
- Users located in regions that are not covered by information protection
- Users who are subject to COPPA restrictions.
Automatic consent flow
To get consent for collecting personal data of your users, we suggest you use a built-in Consent Flow, comes with a pre-made consent form that you can easily present to your users. That means you no longer need to create your own consent window.
First, create a utility static property wherever convenient in your application to check if the Consent Flow is obtained for the user.
var isConsentObtained = true;
The user will see the consent flow when your app create CAS Manager. When the user completes the flow, the SDK calls your initialization-completion handler.
val builder = CAS.buildManager()
builder.withConsentFlow(
ConsentFlow()
.withDismissListener { status ->
isConsentObtained = status == ConsentFlow.Status.OBTAINED
}
)
builder.withCompletionListener { initConfig ->
// The user completes the flow here
// Initialize other 3rd-party SDKs
}
CAS consent flow is enabled by default. You can disable the consent flow by building CAS Manager withConsentFlow()
:
builder.withConsentFlow(
ConsentFlow(isEnabled = false)
)
Don't forget to apply the configuration by calling the builder.build()
function.
[!IMPORTANT]
You must wait until the user finishes the consent flow before you initialize third-party SDKs (such as MMPs or analytics SDKs). For this reason, initialize such SDKs from within your initialization-completion callback. If you were to initialize these third-party SDKs before the user completes the consent flow, these third-party SDKs would not be able to access relevant identifiers and you would suffer a material impact on measurement, reporting, and ad revenue.
Manual consent flow
Call showIfRequired()
on the ConsentFlow
class. If the consent is required, the SDK loads a form and immediately presents it .
The OnDismissListener
is called after the form is dismissed. If consent is not required, the OnDismissListener
is called immediately.
ConsentFlow()
.withDismissListener { status ->
isConsentObtained = status == ConsentFlow.Status.OBTAINED
}
.withUIContext(activity)
.showIfRequired();
ConsentFlow.Status | Description |
---|---|
OBTAINED | User consent obtained. Personalized vs non-personalized undefined. |
NOT_REQUIRED | User consent not required. |
UNAVAILABLE | User consent unavailable. |
INTERNAL_ERROR | There was an internal error. |
NETWORK_ERROR | There was an error loading data from the network. |
CONTEXT_INVALID | There was an error with the UI context is passed in. |
FLOW_STILL_SHOWING | There was an error with another form is still being displayed. |
[!WARNING]
The cache consent status on your app or a previously saved consent string, could lead to a TCF 3.3 error if consent is expired.
Privacy options button
Some consent forms require the user to modify their consent at any time. Adhere to the following steps to implement a privacy options button if required.
- Implement a UI element, such as a button in your app's settings page, that can trigger a privacy options form.
- Once
showIfRequired()
completes, checkisConsentObtained
to determine whether to display the UI element that can present the privacy options form. - When a user interacts with your UI element, call
show()
to show the form so the user can update their privacy options at any time.
override fun onCreate(savedInstanceState: Bundle?) {
...
if (isConsentObtained) {
// Generate the options menu to include the privacy button.
}
}
fun showPrivacyOptionsForm()
{
ConsentFlow()
.withDismissListener { status ->
isConsentObtained = status == ConsentFlow.Status.OBTAINED
if (!isConsentObtained) {
// Regenerate the options menu to remove the privacy button.
}
}
.withUIContext(activity)
.show();
}
Debug geography
The SDK provides a way to test your app's behavior as though the device was located in the EEA or UK using the WithDebugGeography
option.
ConsentFlow()
.WithDebugGeography(ConsentFlow.DebugGeography.EEA)
.withForceTesting(BuildConfig.DEBUG)
.ShowIfRequired();
[!NOTE]
Note that debug geography only work if:
- Active test device defined in
CAS.settings.testDeviceIds
.withForceTesting
value is true.
Meta Audience Network Data Processing Options for Users in California
The CAS does not support your handling of CCPA opt-out values for Meta Audience Network, you must work directly with the network to purposes of your obligations for CCPA compliance.
To learn how to implement Meta Audience Network’s “Limited Data Use” flag, read the Additional Meta AudienceNetwork steps.
Custom Consent Logic
The following instructions apply if you are using your own or a third-party party consent mechanism.
[!IMPORTANT]
If you access Google demand through CAS, it’s critical that you review the Google CMP requirements before you start the integration process.
[!WARNING]
You must set the privacy options before creating the CAS Manager to disable the automatic CAS consent flow and advertising SDKs are initialized respecting the user's consent.
Consent in GDPR and Other regions
CAS shares these set consent values via adapters to supported mediation partners.
If the user consents to interest-based advertising, set the user consent ACCEPTED
flag:
CAS.settings.userConsent = ConsentStatus.ACCEPTED
If the user does NOT consent to interest-based advertising, set the user consent DENIED
flag:
CAS.settings.userConsent = ConsentStatus.DENIED
Once you set the consent value, CAS will continue to respect that value for the lifetime of your application or until the user consents to interest-based advertising.
Multi-State Consumer privacy laws
California and Virginia laws may require you to display a “Do Not Sell or Share My Personal Information” link or provide other options to users located in those states to opt out of interest-based advertising. You must set a flag that indicates whether users in those states opt out of interest-based advertising or the sale or share of personal information for interest-based advertising.
If a user does NOT opt out of interest-based advertising, set the OPT_IN_SALE
flag:
CAS.settings.ccpaStatus = CCPAStatus.OPT_IN_SALE
If a user does opt out of interest-based advertising, set the OPT_OUT_SALE
flag:
CAS.settings.ccpaStatus = CCPAStatus.OPT_OUT_SALE
You do not need to set this flag for users who are outside California. If you do set this flag for such users, this will not impact how ads are served to them.
🔗 Done! What’s Next?
- Improve ads targeting with Targeting options