User Consent Flow - cleveradssolutions/CAS-Flutter GitHub Wiki
Note
It is optional to use the CMP flow included with the CAS SDK. If you integrate your own CMP flow, make sure that flow completes before you initialize the CAS SDK.
Note
If you implement a CMP that is compliant with IAB TCF v2 (Transparency & Consent Framework) for your user consent flow, the CAS SDK supports sending the TCF v2 consent to networks. In this case, the CAS Consent Flow will not be shown to the user.
In order for CAS and our ad providers to deliver ads that are more relevant to your users, as a mobile app publisher, you need to collect explicit user consent for use of personal data in the regions covered by GDPR, CCPA, LGPD, PIPEDA.
flowchart TD
I((Initialize)) --> IG{{In GDPR region?}}
IG -->|yes| IU{{Google Ads adapter included?}}
IU -->|yes| UMP(Google UMP flow)
IU -->|no| CF(CAS Consent flow)
CF -->|accept| AP(ATT promt)
UMP -->|accept| ATT(iOS ATT System dialog)
IG -->|no| AP
AP --> ATT
ATT --> CH([Initialize Future])
UMP -->|decline|CH
CF -->|decline|CH
1. Opt-in consent for the collection and use of personal data in the regions covered by GDPR, CCPA, LGPD, PIPEDA.
Any businesses established are required to comply with GDPR in Europe, CCPA in California, LGPD in Brazil, PIPEDA in Canada or risk facing heavy fines.
Keep in mind that it’s best to contact qualified legal professionals, if you haven’t done so already, to get more information and be well-prepared for compliance.
Read more about:
- GDPR - General Data Protection Regulation
- CCPA - The California Consumer Privacy Act
- LGPD - General Personal Data Protection Act
- PIPEDA - The Personal Information Protection and Electronic Documents Act
- Users located in regions that are not covered by information protection
- Users who are subject to COPPA restrictions.
With iOS 14.5 and later, you need to receive the user’s permission through the AppTrackingTransparency framework in order to track them or access their device’s advertising identifier. Read more about Asking Permission to Track and AppTrackingTransparency Framework on Apple developer page
Warning
If an app does not present this request, the IDFA will automatically be zeroed out, which may lead to a significant loss in ad revenue.
- Users using iOS versions below 14.5
- Users who have indicated that they do not allow apps to ask to track them, by setting Settings > Privacy, Allow Apps to Request to Track
- Users with child accounts, or who are under age 18, who are signed in via their Apple ID
- Users who have already answered so far
- The app does not have a usage tracking description in Info.plist under
NSUserTrackingUsageDescriptionkey
The automatic consent flow is enabled by default and described on the CAS initialization page.
Call showIfRequired() on the ConsentFlow class. If the consent is required, the SDK loads a form and immediately presents it .
The Future<int> completes after the form is dismissed. If consent is not required, the Future completes immediately.
ConsentFlow.create().showIfRequired().then((int status){
if (status == ConsentFlow.statusObtained) {
// User consent obtained.
}
});| ConsentFlow constant | Description |
|---|---|
| statusObtained | User consent obtained. Personalized vs non-personalized undefined. |
| statusNotRequired | User consent not required. |
| statusUnavailable | User consent unavailable. |
| statusInternalError | There was an internal error. |
| statusNetworkError | There was an error loading data from the network. |
| statusFlowStillShowing | There was an error with another form is still being displayed. |
Warning
The cache consent status on your app or a previously saved consent string, could lead to a TCF 3.3 error if consent is expired.
Some consent forms require the user to modify their consent at any time. Adhere to the following steps to implement a privacy options button if required.
- Implement a UI element, such as a button in your app's settings page, that can trigger a privacy options form.
- Once
showIfRequired()completes, checkisConsentObtainedto determine whether to display the UI element that can present the privacy options form. - When a user interacts with your UI element, call
show()to show the form so the user can update their privacy options at any time.
bool _isConsentObtained = false;
void main() {
CASMobileAds.initialize(
casId: casId,
).then((InitializationStatus status) {
_onConsentFlowDismissed(status.consentFlowStatus)
});
...
}
void _onConsentFlowDismissed(int status) {
// The user completes the consent flow
_isConsentObtained = status.consentFlowStatus == ConsentFlow.statusObtained;
}
void _showPrivacyOptionsForm() {
ConsentFlow.create().show().then(_onConsentFlowDismissed);
}The SDK provides a way to test your app's behavior as though the device was located in the EEA or UK using the PrivacyGeography enum.
Specify it in the SDK initialization arguments, and the setting will be applied only for test sessions.
CASMobileAds.initialize(
casId: casId,
forceTestAds: kDebugMode,
debugPrivacyGeography: PrivacyGeography.europeanEconomicArea,
)If you're showing the Consent Flow manually, define the debugGeography creation argument, and the setting will remain active even for production sessions. Leave it set to .unknown to allow the system to determine the user's geography automatically.
ConsentFlow.create(
debugGeography: kDebugMode
? PrivacyGeography.europeanEconomicArea
: PrivacyGeography.unknown,
).showIfRequired();The CAS does not support your handling of CCPA opt-out values for Meta Audience Network, you must work directly with the network to purposes of your obligations for CCPA compliance.
To learn how to implement Meta Audience Network’s “Limited Data Use” flag, read the Additional Meta AudienceNetwork steps.
🔗 Next
Enabling Test ads