Skip to content

Terms and Privacy Policy Flow

This page explains how you can use the MAX Terms & Privacy Policy Flow to prompt acceptance of your Terms of Use and Privacy Policy.

SDK 12.0.0 Release

AppLovin MAX SDK v12.0.0, when used with Google UMP, complies with TCF v2: The MAX SDK can ingest the consent string and AC string and forward the TCF v2 Consent strings / states to the mediated networks as described in TCF v2 Consent.

If you do not use Google UMP as your CMP, either through AppLovin’s automated flow or otherwise, you must ensure that the CMP you choose supports all of the mediated networks you integrate.

If you do not use a CMP, you must continue to set AppLovin’s SDK’s binary consent flags as described in Consent and Other Applicable Flags in GDPR and Other Regions.

Google UMP Automation

Versions 12.0.0 and above of the AppLovin MAX SDK automate the integration of Google UMP. Therefore you do not need to manually integrate the Google UMP in addition to the MAX SDK. This is completely opt-in and AppLovin will provide you instructions on how you can enable this additional Google UMP integration. Below is a visual representation of the flow:

Initialize MAX SDK. In GDPR region? Google UMP Flow. MAX Terms / Privacy Policy Flow. MAX ATT Prompt (iOS only). SDK Initialization Completion callback

  1. MAX SDK initializes.
  2. Regional Compliance Check: AppLovin determines whether the user is located in a GDPR region. If the user is in a GDPR region, the MAX SDK presents Google UMP.
  3. (iOS only) If Google UMP is not configured to display the ATT prompt, or if the user did not see the Google UMP flow, MAX SDK shows the MAX ATT prompt.
  4. MAX SDK calls your initialization completion callback to signal that you can start loading ads.

Enabling Google UMP

Enabling Google CMP on AdMob Dashboard

So that the MAX consent flow can display the Google GDPR form, you must first create and publish the Google GDPR message on the AdMob dashboard. To do so:

  1. Sign in to your AdMob account at apps.admob.com.
  2. Click Privacy & messaging.
  3. Click GDPR.
  4. Click Create message. The GDPR message page opens.
  5. Select the apps that you want to display your message:
    1. Click Select apps.
    2. Select the desired apps.
    3. Click Save.
  6. Select the languages in which you want to display your message.
  7. In the User consent options section, select Consent or Manage options.
  8. In the Targeting section, select Countries subject to GDPR (EEA and UK).
  9. Click Continue. The Edit message page opens.
  10. In the Message name field, enter a descriptive message name to help you identify the message later. This name appears only on the Privacy & messaging page and is not visible to users.
  11. Select the Styling tab.
    1. Under the Global section, set the Secondary color to white (#ffffff).
    2. Under the Buttons section, set the Secondary color to gray (#6e6e6e).
  12. Click Publish.
Customize Ad Partners List

To customize which ad partners show in the GDPR message:

  1. Open the GDPR settings page.
  2. Click the edit icon ( ) under the Review your ad partners section.
  3. Select the Custom ad partners toggle. Then select all of the networks that you integrated into your app.
  4. Click Confirm.
  5. Click Save at the bottom of the GDPR settings page.

Enabling MAX Terms and Privacy Policy Flow

Follow these steps to enable Terms and Privacy Policy Flow:

  1. In Unity, select AppLovin > Integration Manager. The AppLovin Integration Manager dialog appears.
  2. In Privacy Settings check Enable MAX Terms and Privacy Policy Flow.
  3. You must include values for your Privacy Policy URL and the base User Tracking Usage Description. The AppLovin Integration Manager will populate the English (base) User Tracking Usage Description and a variety of localizations of that description with default values for you. The Terms of Service URL value is optional.
  4. Close the AppLovin Integration Manager dialog.

Privacy Settings. Enable Consent Flow. Privacy Policy URL. Terms of Service URL (optional). Override Default User Tracking Usage Description. User Tracking Usage Description. Localize User Tracking Usage Description.

When you submit your app to App Store Connect for review, you must notify the reviewer that you enabled the App Tracking Transparency framework permission request for iOS 14.5+ only. Do this in the Review Notes section. If you do not do this, Apple may reject your build.

Integration

The SDK presents the consent flow when you initialize the SDK. When the user completes the flow, the SDK calls your initialization-completion callback.

If you set the user ID in your MMP integration, set it where you set the AppLovin user ID. The code snippets below use Adjust as an example. Refer to Adjust’s documentation to learn how to initialize Adjust and set the user ID.

MaxSdkCallbacks.OnSdkInitializedEvent += (MaxSdkBase.SdkConfiguration sdkConfiguration) = {
// You can check app transparency tracking authorization in sdkConfiguration.AppTrackingStatus for Unity Editor and iOS targets.
// Initialize other third-party SDKs; do not initialize mediated advertising SDKs (MAX does that for you). Not following this step will result in noticeable integration issues.
// Initialize the Adjust SDK inside the AppLovin SDK's initialization callback
string adjustAppToken = "«your_Adjust_app_token»";
AdjustEnvironment adjustEnvironment = AdjustEnvironment.Sandbox or AdjustEnvironment.Production;
AdjustConfig config = new AdjustConfig(adjustAppToken, adjustEnvironment);
Adjust.start(config);
// Start loading ads
};
MaxSdk.SetSdkKey("«your_SDK_key»");
MaxSdk.SetUserId("«user_ID»");
Adjust.addSessionCallbackParameter("«your_user_ID_key»", "«user_ID»");
MaxSdk.InitializeSdk();
Localizing NSUserTrackingUsageDescription

The AppLovin MAX Unity plugin includes a default set of User Tracking Usage Descriptions. If you wish to override them, check the Override Default User Tracking Usage Description setting in the Integration Manager and enter your desired descriptions.

Show GDPR Flow to Existing Users

AppLovin recommends that you allow existing users in GDPR regions to reenter the GDPR flow. Typically, users do this in your app’s Settings section via an option to Manage Existing Privacy Settings. If a user is within a GDPR region you can conditionally show that settings option. To determine this, use the SDK API MaxSdk.GetSdkConfiguration().ConsentFlowUserGeography. The user is in GDPR region when ConsentFlowUserGeography is ConsentFlowUserGeography.Gdpr.

When the user clicks Manage Existing Privacy Settings (or its equivalent), call MaxSdk.CmpService.ShowCmpForExistingUser(). This resets the user’s existing consent information.

using UnityEngine;
using AppLovinMax.Internal.API;
public class MyGame
{
private void LoadAndShowCmpFlow()
{
var cmpService = MaxSdk.CmpService;
cmpService.ShowCmpForExistingUser(error =>
{
if (null == error)
{
// The CMP alert was shown successfully.
}
});
}
}
Testing

If you want to test the Google CMP outside the GDPR region, set the Debug User Geography to GDPR in the Integration Manager as shown below:

Testing: Debug User Geography: GDPR. Debug User Geography is only enabled in debug mode

Then, set the test device hash ID as an SDK extra parameter before you initialize the MAX SDK. The Google CMP SDK logs this test device hash ID when the app runs on a device. Set the test device hash ID by making the following call:

MaxSdk.SetExtraParameter("google_test_device_hashed_id", "«your-test-device-hashed-ID»")

Testing Google UMP Integration with the Mediation Debugger

Verifying Installation

Under the Privacy section of the MAX Mediation Debugger, the CMP (Consent Management Platform) row displays the name of the Google-certified CMP SDK that you integrated. If you successfully integrated the Google UMP SDK, it displays “Google consent management solutions” as the name.

MAX Mediation Debugger. CMP (Consent Management Platform): Google consent management solutions

Verifying IAB TCF Parameters

If you select the CMP (Consent Management Platform) row, you can inspect the IAB TCF parameters IABTCF_gdprApplies, IABTCF_TCString, and IABTCF_AddtlConsent. For the latter two, you can click on the row to copy or share its value.

IAB TCF Parameters: IABTCF_gdprApplies, IABTCF_TCString, IABTCF_AddtlConsent

Verifying Missing Networks

In the CMP CONFIGURATION section, you can verify which networks are integrated with or are missing from your Google UMP configuration. This is an exhaustive list of all networks that are available to MAX. You can ignore any networks that you did not integrate in your application.

On your CMP flow you must list all of the networks that you integrate in your application. To check if any of those networks are missing, and to fix this problem:

  1. Complete the CMP flow, granting consent to all networks.
  2. Open the Mediation Debugger. The Mediation Debugger parses the TC and AC strings and displays two lists:
    1. Integrated networks you listed on your CMP flow
    2. Networks that are missing which you might need to add (under Configured CMP Networks in the CMP CONFIGURATION section)
  3. You will see missing networks in the MISSING ATP NETWORKS or MISSING TCF VENDORS lists. If any of these are networks that you integrated into your application:
    1. Return to your CMP’s dashboard. Add the missing networks to those covered by the GDPR message. (See Customize Ad Partners List for how to do this in Google’s Unified Consent Flow.)
    2. Restart your app.

Repeat these steps until you verify that all of your networks are correctly included in the CMP flow.

CMP Configuration: IABTCF_CmpSdkID = 300, IABTCF_CmpSdkVersion = 2. To check which of your integrated networks are missing from your CMP, first make sure that you have granted consent to all networks through your CMP flow. Then add the following networks to your CMP network list. Configured CMP Networks: Missing 3 network(s).Configured CMP Networks: Missing TCF Vendors (TC String), Missing ATP Networks (AC String), Listed TCF Vendors (TC String)

To view the consent statuses of all networks, expand Network Consent Statuses in the Mediation Debugger. The Mediation Debugger parses the TC string and displays the consent statuses of all networks. It also displays the AppLovin consent status that it parses from the AC string that Google UMP generates.

Network Consent Statuses: TCF Vendors (TC String), ATP Networks (AC String)