Terms & Privacy Policy Flow

This page explains how you can use the MAX Terms & Privacy Policy Flow to prompt acceptance of your Terms of Use and Privacy Policy.

Note

It is optional to use the CMP flow included with the MAX SDK. If you integrate your own CMP flow, make sure that flow completes before you initialize the MAX SDK.

SDK 12.0.0 Release

Note

Due to a bug in iOS 17.4, the App Tracking Transparency (ATT) prompt may prematurely indicate that a user rejected ATT. This causes the AppLovin SDK to initialize your Ad Units with LAT-configured ad networks, even for a user who might consent to ATT. If you use AppLovin’s Unifed Consent Flow, update to the latest iOS SDK (12.3.0+) to mitigate this issue.

AppLovin MAX SDK v12.0.0, when used with Google UMP, complies with TCF v2: the MAX SDK can ingest the consent string and AC string and can forward the TCF v2 Consent strings / states to the mediated networks, as described in TCF v2 Consent.

If you do not use Google UMP as your CMP (either through AppLovin’s automated flow or otherwise), you must ensure that the CMP you choose supports all of the mediated networks you integrate.

If you do not use a CMP, you must continue to set AppLovin’s SDK’s binary consent flags as described in Consent and Age Related Flags in GDPR and Other Regions.

Note

If you access Google demand through MAX, it’s critical that you review the Google CMP requirements before you start the integration process.

Google UMP Automation

Versions 12.0.0 and above of the AppLovin MAX SDK automate the integration of Google UMP. Therefore you do not need to manually integrate the Google UMP in addition to the MAX SDK. This is completely opt-in and AppLovin will provide you instructions on how you can enable this additional Google UMP integration. Below is a visual representation of the flow:

1. MAX SDK initializes.
2. Regional Compliance Check: AppLovin determines whether the user is located in a GDPR region. If the user is in a GDPR region, the MAX SDK presents Google UMP. If the user is not in a GDPR region, MAX SDK makes a further check to ascertain whether the user is age-restricted.
3. Age Verification: MAX uses the UAppLovinMAX::SetIsAgeRestrictedUser API to determine whether the user is age-restricted under COPPA. If so, the user is taken to MAX’s ATT (App Tracking Transparency) prompt. If not, MAX SDK presents the user with a Terms of Service and Privacy Policy prompt. Steps 2 and 3 ensure that users are informed about data collection and usage and that they have the option to consent or decline.
4. (iOS only) If Google UMP is not configured to display the ATT (App Tracking Transparency) prompt, or if the user did not see the Google UMP flow, MAX SDK shows the MAX ATT prompt.
5. MAX SDK calls your initialization completion callback to signal that you can start loading ads.

Note

The TCF consent state may be false in either of the following circumstances:

1. The user indicated that they do not consent to the terms of data collection that you specified in your message.
2. Some of the ad networks you integrated into your application are not configured into UMP. Therefore UMP will always reject consent. See “Verifying Missing Networks” to learn how to fix this.

Enabling Google UMP

Enabling Google CMP on AdMob Dashboard

So that the MAX consent flow can display the Google GDPR form, you must first create and publish the Google GDPR message on the AdMob dashboard. To do so:

1. Sign in to your AdMob account at apps.admob.com.
   • Add your apps to the AdMob dashboard, if you have not done so already.
2. Click Privacy & messaging.
3. Click GDPR.
4. Click Create message. The GDPR message page opens.
5. Select the apps that you want to display your message:
   1. Click Select apps.
   2. Select the desired apps.
   3. Click Save.
6. Select the languages in which you want to display your message.
7. In the User consent options section, select Consent or Manage options.

   Note

   Do not check the Close (do not consent) option.

8. In the Targeting section, select Countries subject to GDPR (EEA and UK).
9. Click Continue. The Edit message page opens.
10. In the Message name field, enter a descriptive message name to help you identify the message later. This name appears only on the Privacy & messaging page and is not visible to users.
11. Select the Styling tab.
    1. Under the Global section, set the Secondary color to white (#ffffff).
    2. Under the Buttons section, set the Secondary color to gray (#6e6e6e).
12. Click Publish.

Customize Ad Partners List

Note

In its default GDPR message, Google might not show all of your ad network partners. If you fail to include these networks, this could adversely affect your ad revenue. Follow the steps in this section to ensure all of your ad partners appear in the GDPR message.

To customize which ad partners show in the GDPR message:

1. Open the GDPR settings page.
2. Click the edit icon () under the Review your ad partners section.
3. Select the Custom ad partners toggle. Then select all of the networks that you integrated into your app.

   Note

   For Mintegral, select Mobvista/Mintegral from the list of ad partners, rather than Mintegral.

4. Click Confirm.
5. Click Save at the bottom of the GDPR settings page.

Android Instructions

Add the dependency for the Google User Messaging Platform SDK into your project’s build.gradle:

dependencies {
  implementation 'com.google.android.ump:user-messaging-platform:2.1.0'
}

iOS Instructions

Add the dependency for the Google User Messaging Platform SDK into your project’s Podfile:

target '«your-project-name»' do
  pod 'Google-Mobile-Ads-SDK'
end

Next, in your app’s game.project, create a new extension property named ios_user_tracking_usage_description. This string is how you inform your user why the app is requesting permission to use data that tracks the user or the device. AppLovin recommends that you set its value to “This uses device info for more personalized ads and content.” For example, you may update game.project as follows:

[applovin]
ios_user_tracking_usage_description = This uses device info for more personalized ads and content

Setting Properties

To enable the MAX Terms and Privacy Policy Flow, set several properties before you initialize the SDK. This works for both Android and iOS. The code sample below shows how to do this:

applovin.set_terms_and_privacy_policy_flow_enabled(true)
applovin.set_privacy_policy_url("«https://your_company_name.com/privacy/»")
-- Terms of Service URL is optional
applovin.set_terms_of_service_url("«https://your_company_name.com/terms/»")
applovin.initialize("«your-SDK-key»")

Integration

The SDK presents the consent flow when you initialize the SDK. When the user completes the flow, the SDK calls your initialization-completion callback.

Caution

You must wait until the user finishes the consent flow before you initialize third-party SDKs (such as MMPs or analytics SDKs). For this reason, initialize such SDKs from within your initialization-completion callback. If you initialize third-party SDKs before the user completes the consent flow, these third-party SDKs cannot access relevant identifiers. Therefore you would suffer a material impact on measurement, reporting, and ad revenue.

Do not initialize MAX mediated network SDKs in your initialization callback. MAX performs this initialization automatically.

Show GDPR Flow to Existing Users

AppLovin recommends that you allow existing users in GDPR regions to reenter the GDPR flow. Typically, users do this in your app’s Settings section via an option to Manage Existing Privacy Settings. In order to determine if a user is within a GDPR region, find the value of the consentFlowUserGeography field on the OnSdkInitializedEvent callback params (the user is in GDPR region when consentFlowUserGeography is applovin.CONSENT_FLOW_USER_GEOGRAPHY_GDPR). This way, you can conditionally show that settings option only to users within a GDPR region.

When the user clicks Manage Existing Privacy Settings (or its equivalent), call applovin.show_cmp_for_existing_user(). This resets the user’s existing consent information.

Testing

If you want to test the Google CMP outside the GDPR region, set the debug user geography:

applovin.set_consent_flow_debug_user_geography("GDPR")

Note

The flow is shown only to new users. If you want to test the flow after you have completed the CMP prompt, you must delete and re-install the app.

Testing Google UMP Integration with the Mediation Debugger

Verifying Installation

Under the Privacy section of the MAX Mediation Debugger, the CMP (Consent Management Platform) row displays the name of the Google-certified CMP SDK that you integrated. If you successfully integrated the Google UMP SDK, it displays “Google consent management solutions” as the name.

Verifying IAB TCF Parameters

If you select the CMP (Consent Management Platform) row, you can inspect the IAB TCF parameters IABTCF_gdprApplies, IABTCF_TCString, and IABTCF_AddtlConsent. For the latter two, you can click on the row to copy or share its value.

Verifying Missing Networks

In the CMP CONFIGURATION section, you can verify which networks are integrated with or are missing from your Google UMP configuration. This is an exhaustive list of all networks that are available to MAX. You can ignore any networks that you did not integrate in your application.

On your CMP flow you must list all of the networks that you integrate in your application. To check if any of those networks are missing, and to fix this problem:

1. Complete the CMP flow, granting consent to all networks.
2. Open the Mediation Debugger. The Mediation Debugger parses the TC and AC strings and displays two lists:
   1. Integrated networks you listed on your CMP flow
   2. Networks that are missing which you might need to add (under Configured CMP Networks in the CMP CONFIGURATION section)
3. You will see missing networks in the MISSING ATP NETWORKS or MISSING TCF VENDORS lists. If any of these are networks that you integrated into your application:
   1. Return to your CMP’s dashboard. Add the missing networks to those covered by the GDPR message. (See Customize Ad Partners List for how to do this in Google’s Unified Consent Flow.)
   2. Restart your app.

Repeat these steps until you verify that all of your networks are correctly included in the CMP flow.

Verifying Mediated Network Consent Statuses

To view the consent statuses of all networks, expand Network Consent Statuses in the Mediation Debugger. The Mediation Debugger parses the TC string and displays the consent statuses of all networks. It also displays the AppLovin consent status that it parses from the AC string that Google UMP generates.