Forum Xamarin.Android
We are excited to announce that the Xamarin Forums are moving to the new Microsoft Q&A experience. Q&A is the home for technical questions and answers at across all products at Microsoft now including Xamarin!

We encourage you to head over to Microsoft Q&A for .NET for posting new questions and get involved today.

Consent SDK for GDPR

To be compliant with the GDPR on May 25th 2018 and to show ads in a Xamarin app, developers need to implement the Consent SDK.
https://developers.google.com/admob/android/eu-consent

Where can I find the SDK? Is there a NuGet package?

Tagged:

Answers

  • MarcoTronconeMarcoTroncone GBUniversity ✭✭✭

    How is possible that no one cares about it?
    If you want to have ads on your app and respect the law, you must seek consent for the ads.

    In this moment as I don't know precisely how the GDPR works, I've removed all my apps from the store.

    Is Xamarin going to release an update for the GDPR?

  • RobSchoenakerRobSchoenaker NLMember ✭✭

    Well, it's not that you need to remove your apps from the store. It's even simpler: Google will just stop showing ads in the EU altogether until you prove that your app meets the GDPR requirements. In my case: no more revenue...

  • MariusBuMariusBu ROMember ✭✭

    I wouldn't count on that.

    You are not required to ask consent through their SDK. You can ask consent in any way you want as long as you actively seek it and receive it. It's your responsibility to ask for it and Google can't possibly know if you did or not. So they won't stop serving ads all of the sudden for everyone not using their consent SDK.

    I've had a look at a couple of popular apps and they all tend to do the same link: display a popup saying "Here is our privacy policy. By continuing to use our application, you agree with it." And an "ok/I agree" button. You can check the following apps: Imgur, CandyCrush, Speedtest and The Weather Channel. They all handle it the same way.

    I will do the same over the weekend. Hopefully no fines will be coming through until then :)

  • RobSchoenakerRobSchoenaker NLMember ✭✭

    They will not be showing personalized ads. This means less revenue.
    To be fully compliant you need to actually ask for consent. We'll see what happens.

  • MariusBuMariusBu ROMember ✭✭

    Actually they will. This is quoted from their AdMob SDK EU Consent page in the section "Forward consent to the Google Mobile Ads SDK. Cannot post links...
    developers.google.com/admob/android/eu-consent

    The default behavior of the Google Mobile Ads SDK is to serve personalized ads. If a user has consented to receive only non-personalized ads, you can configure an AdRequest object with the following code to specify that only non-personalized ads should be returned

    `Bundle extras = new Bundle();
    extras.putString("npa", "1");

    AdRequest request = new AdRequest.Builder()
    .addNetworkExtrasBundle(AdMobAdapter.class, extras)
    .build();
    `

    This is both bad and good news at the same time. Bad news because we are heavily out of compliance with GDPR, but good news because it means we can implement this ourselves as long as the Xamarin port supports adding extras. If it does, all we need to do is display a consent dialog and if they don't consent then we need to add the "npa" (non-personalized ads) key in the extras of the ad request that we make.

    I can't check right now if the Xamarin Admob SDK supports this or not; I'll check later today or tomorrow. But it should.

  • LarsNymandLarsNymand DKMember ✭✭

    As mention by the others, you are not forced to use their Consent SDK. You CAN develop something yourself.

    Please also note that by default Google will show personalized ads. It's up to YOU to disable it - by adding "extras.putString("npa", "1");" to you ad request if you do not have consent!

    Found on this page: https://developers.google.com/admob/android/eu-consent
    "The default behavior of the Google Mobile Ads SDK is to serve personalized ads. If a user has consented to receive only non-personalized ads, you can configure an AdRequest object with the following code to specify that only non-personalized ads should be returned"

  • RobSchoenakerRobSchoenaker NLMember ✭✭

    Ah, I see. Thanks for clarifying that. Seems to me that this should be reversed by Google since consent is mandatory.

  • MarcoTronconeMarcoTroncone GBUniversity ✭✭✭

    On the google webiste I've read that also for not personalized ads, you need to seek consent.

    If we need to prove to Google that we asked consent, how can we show that?

    I save no data at all with my current apps, so the only data are local.
    If I ask consent, I can only save it locally, could it be enough?

  • LarsNymandLarsNymand DKMember ✭✭

    @MarcoTroncone if you use the Admob SDK it will send data to Google even if you do not.

    As I see it you have 3 options:
    1. Ask for personalized ads consent (change nothing in you code)
    2. Ask for non-personalized consent (Add "extras.putString("npa", "1");" to your request)
    3. Do not show ads at all (Do not execute Admob SDK code at all)
    3.a Here it's up to you to decide if you want to give the user your app for free of if they should be redirected to a paid version

  • Motoko89Motoko89 USMember ✭✭

    @LarsNymand said:
    @MarcoTroncone if you use the Admob SDK it will send data to Google even if you do not.

    As I see it you have 3 options:
    1. Ask for personalized ads consent (change nothing in you code)
    2. Ask for non-personalized consent (Add "extras.putString("npa", "1");" to your request)
    3. Do not show ads at all (Do not execute Admob SDK code at all)
    3.a Here it's up to you to decide if you want to give the user your app for free of if they should be redirected to a paid version

    Sorry for many questions. So I can do this without using Consent SDK? Is there a Consent SDK for Xamarin?

    "it will send data to Google even if you do not": How does Google know if I have asked for consent or not?

    My app doesn't require location. How do I know the user is in Europe?

  • LarsNymandLarsNymand DKMember ✭✭
    You do not need their consent SDK. You can create your own consent text and data privacy policy (which you should have anyway).
    Basically what the consent SDK is, is a text telling the user what kind of data you will collect about them and what you will use it for. Then it asks the user if it's okay with them with a yes/no kind of checkbox.
    Then it's up to you to respect that choice throughout your application.

    Regarding Google I guess they don't know. They probably rely on you be in control of that in respect to the users choice made above.

    I'm not 100% sure how to handle the in/outside EU. Maybe it's enough to ask the user where they are from when they create the user.
    But instead of implementing that, look at it this way.
    GDPR is about putting the users in control of their data and making us developers respect our users choices and have the proper security implementations in place.
    As I see it this respect for the users shouldn't only be for EU citizens but for all people regardless where they come from :-)

    Don't collect data you don't need, and be transparent to your users, what you store and for what reason.

    Hope it makes sense? :-)
Sign In or Register to comment.