User Consent Flow - cleveradssolutions/CAS-Flutter GitHub Wiki

Note

It is optional to use the CMP flow included with the CAS SDK. If you integrate your own CMP flow, make sure that flow completes before you initialize the CAS SDK.

Note

If you implement a CMP that is compliant with IAB TCF v2 (Transparency & Consent Framework) for your user consent flow, the CAS SDK supports sending the TCF v2 consent to networks. In this case, the CAS Consent Flow will not be shown to the user.

In order for CAS and our ad providers to deliver ads that are more relevant to your users, as a mobile app publisher, you need to collect explicit user consent for use of personal data in the regions covered by GDPR, CCPA, LGPD, PIPEDA.

image

1. Opt-in consent for the collection and use of personal data in the regions covered by GDPR, CCPA, LGPD, PIPEDA.

Any businesses established are required to comply with GDPR in Europe, CCPA in California, LGPD in Brazil, PIPEDA in Canada or risk facing heavy fines.

Keep in mind that it’s best to contact qualified legal professionals, if you haven’t done so already, to get more information and be well-prepared for compliance.

Read more about:

image

Users will not see the Consent dialog if at least one of following is true

  • Users located in regions that are not covered by information protection
  • Users who are subject to COPPA restrictions.

2. Asking user permission to track them or access their device’s advertising identifier

With iOS 14.5 and later, you need to receive the user’s permission through the AppTrackingTransparency framework in order to track them or access their device’s advertising identifier. Read more about Asking Permission to Track and AppTrackingTransparency Framework on Apple developer page

Warning

If an app does not present this request, the IDFA will automatically be zeroed out, which may lead to a significant loss in ad revenue.

Users will not see the ATT request if at least one of the following is true

  • Users using iOS versions below 14.5
  • Users who have indicated that they do not allow apps to ask to track them, by setting Settings > Privacy, Allow Apps to Request to Track
  • Users with child accounts, or who are under age 18, who are signed in via their Apple ID
  • Users who have already answered so far
  • The app does not have a usage tracking description in Info.plist under NSUserTrackingUsageDescription key

Automatic consent flow

The automatic consent flow is enabled by default and described on the CAS initialization page.

Manual consent flow

Call showIfRequired() on the ConsentFlow class. If the consent is required, the SDK loads a form and immediately presents it . The OnDismissListener is called after the form is dismissed. If consent is not required, the OnDismissListener is called immediately.

class _HomeScreenState extends State<HomeScreen> implements OnDismissListener {
  @override
  void initState() {
    ConsentFlow.create()
        .withDismissListener(this)
        .showIfRequired();
  }
  
  @override
  void onConsentFlowDismissed(int status) {
    if (status == 3 /* will be replaced with ConsentStatus.obtained */) {
      // User consent obtained
    }
  }
}
ConsentFlow.Status Description
OBTAINED User consent obtained. Personalized vs non-personalized undefined.
NOT_REQUIRED User consent not required.
UNAVAILABLE User consent unavailable.
INTERNAL_ERROR There was an internal error.
NETWORK_ERROR There was an error loading data from the network.
CONTEXT_INVALID There was an error with the UI context is passed in.
FLOW_STILL_SHOWING There was an error with another form is still being displayed.

Warning

The cache consent status on your app or a previously saved consent string, could lead to a TCF 3.3 error if consent is expired.

Privacy options button

Some consent forms require the user to modify their consent at any time. Adhere to the following steps to implement a privacy options button if required.

  1. Implement a UI element, such as a button in your app's settings page, that can trigger a privacy options form.
  2. Once showIfRequired() completes, check isConsentObtained to determine whether to display the UI element that can present the privacy options form.
  3. When a user interacts with your UI element, call show() to show the form so the user can update their privacy options at any time.
class _HomeScreenState extends State<HomeScreen> implements OnDismissListener {

  @override
  void initState() {
    super.initState();
    ...

    _initializeCAS();
    _generateOptionsMenu(3 /* ConsentStatus.obtained */);
  }

  void _initializeCAS() {
    final builder = CAS
        .buildManager()
        .withCasId(_casId)
        .withTestMode(kDebugMode)
        .withCompletionListener(_onCASInitialized);
    builder.build(this);
  }

  void _onCASInitialized(InitConfig initConfig) async {
    // The user completes the consent flow
    _generateOptionsMenu(config.getConsentFlowStatus());
  }

  void _generateOptionsMenu(int status) {
    if (status == 3 /* ConsentStatus.obtained */) {
      // Generate the options menu to include the privacy button.
    } else {
      // Regenerate the options menu to remove the privacy button.
    }
  }

  void _showPrivacyOptionsForm() {
    ConsentFlow
        .create()
        .withConsentFlow(ConsentFlow.create()
            .withDismissListener(this))
        .withUIContext(activity)
        .show();
  }

  @override
  void onConsentFlowDismissed(int status) {
    // The user completes the consent flow
    _generateOptionsMenu(status);
  }
}

Meta Audience Network Data Processing Options for Users in California

The CAS does not support your handling of CCPA opt-out values for Meta Audience Network, you must work directly with the network to purposes of your obligations for CCPA compliance.

To learn how to implement Meta Audience Network’s “Limited Data Use” flag, read the Additional Meta AudienceNetwork steps.

Custom Consent Logic

The following instructions apply if you are using your own or a third-party party consent mechanism.

Important

If you access Google demand through CAS, it’s critical that you review the Google CMP requirements before you start the integration process.

Warning

You must set the privacy options before initialize the CAS to disable the automatic CAS consent flow and advertising SDKs are initialized respecting the user's consent.

Consent in GDPR and Other regions

CAS shares these set consent values via adapters to supported mediation partners.

If the user consents to interest-based advertising, set the user consent accepted flag:

CAS.settings.setUserConsent(ConsentStatus.accepted);

If the user does NOT consent to interest-based advertising, set the user consent denied flag:

CAS.settings.setUserConsent(ConsentStatus.denied);

Once you set the consent value, CAS will continue to respect that value for the lifetime of your application or until the user consents to interest-based advertising.

Multi-State Consumer privacy laws

California and Virginia laws may require you to display a “Do Not Sell or Share My Personal Information” link or provide other options to users located in those states to opt out of interest-based advertising. You must set a flag that indicates whether users in those states opt out of interest-based advertising or the sale or share of personal information for interest-based advertising.

If a user does NOT opt out of interest-based advertising, set the optInSale flag:

    CAS.settings.setCCPAStatus(CCPAStatus.optInSale);

If a user does opt out of interest-based advertising, set the optOutSale flag:

    CAS.settings.setCCPAStatus(CCPAStatus.optOutSale);

You do not need to set this flag for users who are outside California. If you do set this flag for such users, this will not impact how ads are served to them.

🔗 Next
Enabling Test ads

Android SDK | iOS SDK | Unity SDK | Flutter SDK | App-ads.txt | cleveradssolutions.com | [email protected]

⚠️ **GitHub.com Fallback** ⚠️