Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Categories
- 7.8K All Categories
- 11 Help with translations
- 4.2K General questions
- 107 Roadmap
- 358 Game & application design
- 316 Plugins
- 70 User experience
- 75 Marketplace
- 291 Code snippets
- 34 Building a team?
- 269 Suggestions & requests
- 352 Announce your apps made with Gideros.
- 90 Step by step tutorials
- 668 Bugs and issues
- 195 Introduce yourself
- 239 Announcements
- 106 Forum talk
- 404 Relax cafe
In this Discussion
Gideros and GDPR?
MobAmuse
Member
Anyone have any idea how Gideros apps may be affected by GDPR?
I was updating a few apps yesterday for other unrelated reasons, and noticed both AppLovin and Charboost SDK's are quite dated in the latest build. Both newer SDK's from them support GDPR requirements now so I will be looking at updating to those soon.
This then lead to me to think that plain apps without ads that are written in Gideros might be affected by GDPR ...I have no idea what Gideros does under the hood so to speak and therefore not sure if it complies or not TBH.
Sorry I have been gone a while
I was updating a few apps yesterday for other unrelated reasons, and noticed both AppLovin and Charboost SDK's are quite dated in the latest build. Both newer SDK's from them support GDPR requirements now so I will be looking at updating to those soon.
This then lead to me to think that plain apps without ads that are written in Gideros might be affected by GDPR ...I have no idea what Gideros does under the hood so to speak and therefore not sure if it complies or not TBH.
Sorry I have been gone a while
Likes: Apollo14, SinisterSoft
Tagged:
+1 -1 (+2 / -0 )Share on Facebook
Comments
Likes: MobAmuse
https://deluxepixel.com
Technically a player's score is a personal data, so games with leaderboards are actually concerned.
Likes: MobAmuse
I do have ads via Charboost and AppLovin and will want to update both of those to their latest SDK's which support GDPR in EU region.
SinisterSoft is going to have a look at those soon he said so that I can rebuild all my free apps with ads to the latest ads sdk's hopefully.
AppLovin SDK is now at 8.0.1
Chartboost SDK is now at 7.2.0
Gideros latest build as of time of writing is still on older...
Applovin-sdk-7.2.0
Chartboost-sdk-6.6.1
Updating these from time to time also increases revenue from past experience, so hopefully Gideros can be updated soon to use latest ad sdk's.
Thank you.
Likes: MobAmuse
Likes: MobAmuse
https://deluxepixel.com
After doing some more research and talking with my business partner, we both agree that there is no way to comply with GDPR with Gideros (or other frameworks for that matter) as it currently stands.
The issues:
1) All ad network SDKs need to have explicit consent to either show targeted or non-targeted ads. Consent / non consent would need to be passed to the SDK as a parameter. All ad SDKs supported by Gideros will need to be updated. Here is some further information about admob as an example: https://developers.google.com/admob/android/eu-consent
2) Apps will need to display a consent dialogue for users to opt-in to targeted ads and analytics SDKs.
3) The opt-out options has to be the default option.
How to comply in the short term:
1) Disable ads in EU countries.
2) Disable analytics in EU counties.
3) Disable other SDKs that use personal data for EU countries.
Or
1) Remove ads for users in the EU.
2) Remove analytics for users in the EU.
Here is an interesting article:
https://martechtoday.com/consent-unworkable-programmatic-ads-era-gdpr-209358
This is a real problem. The above information is purely our own opinions based on personal research. We'd love to hear other views and interpretations to find a solution to these issues.
Likes: Apollo14, MobAmuse
Grim really as the options are basically as you describe.
I am considering removing ad versions from EU altogether if I come under pressure in due course, as most of my market is outside Europe.
I will wait and see what everybody else does first tho including non-Gideros apps
The whole thing is a farce. The ad providers should be handling the country specific stuff inside the ad sdk wrapper 100% really.
My gut tells me this is not going to work out very well at all. How this will be policed with millions of apps alone is beyond me.
Likes: simwhi
That way the developer could prompt the user for consent before enabling ads and analytics (or anything else).
However I bet most users will say no to ads and analytics...
Likes: MobAmuse, simwhi
As an example, Google admob are putting the responsibility on app owners / publishers to obtain user consent. By default the SDK will provide targeted ads unless specified otherwise. This breaks the GDPR laws.
Rather than removing ads completely, we would need the admob SDK to serve non-targeted ads by default.
Likes: MobAmuse, hgy29, antix, jdbc
Example:
Privacy Settings
AppLovin SDK requires that publishers set a flag indicating whether a user located in the European Union (i.e., EU/GDPR data subject) has provided opt-in consent for the collection and use of personal data.
For users outside the EU, this flag is not required to be set in the SDK and if set, will not impact how the ad is served to such non-EU users.
If the user has consented, please set the following flag to true.
AppLovinPrivacySettings.setHasUserConsent( true, context );
If the user has not consented, please set the following flag to false.
AppLovinPrivacySettings.setHasUserConsent( false, context );
Additionally, if the user is known to be in an age-restricted category (i.e., under the age of 16) please set the following flag to true.
AppLovinPrivacySettings.setIsAgeRestrictedUser( true, context );
If you are using an approved 3rd party mediation provider (MoPub, Ironsource, etc), they will facilitate the setting of these flags via the AppLovin adapters. Contact them directly should you have questions.
AdMob mediation requires the developer to set these flags themselves. See the AdMob integration section for details.
The consent flag is just so that the advert providers are allowed to keep personal tracking data if the person is in the EU. For the time being just always setting that to false/no will do. The person will get ads but they will not be personalised (if they are in the EU).
In reality you should never set it to true, so you never need consent. If you do get consent and set it to true then the whole of GDPR falls on you. You will need to have a way of erasing the data (the right to be forgotten) and also a way of returning what data you have to the user in a machine readable file. This would be a nightmare in a game.
Likes: simwhi
https://deluxepixel.com
Likes: antix, MobAmuse, simwhi
https://deluxepixel.com
The only question I have now is that how do we easily determine if a user is located in an EU country? Is it even possible to do this? Perhaps we just opt-out for all users globally.
Here's some potentially useful information: https://stackoverflow.com/questions/3659809/where-am-i-get-country?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
And this link for admob consent SDK: https://developers.google.com/admob/android/eu-consent
Likes: MobAmuse, simwhi
All very grey!
Likes: SinisterSoft, simwhi, jdbc
With regard to analytics, I think we can ask for consent otherwise disable it.
In fact it's their routines and their system that stores the data, manipulates, processes it, etc - I'm wondering if technically we have any responsibility at all (for ads).
Analytics may be a different thing as we supply some of the content - eg 'Clicked an powerup'.
In any event, if we always set the privacy switches to 'no consent' then data for analytics and ads will be anonymised if in the EU.
Likes: MobAmuse, simwhi, antix
https://deluxepixel.com
https://deluxepixel.com
About ads, that upcoming consent switch should be exposed to lua. What about a ads:allowPersonalDataCollection(true/false) kind of call ? If the actual ad provider doesn't provide a switch then gideros could decide to disable the use of that ad provider (by not loading its libs at all) depending on wether it collects personal data or not
Likes: MobAmuse, simwhi
public static boolean hasUserConsent(Context paramContext)
{
Boolean localBoolean = ac.a(paramContext);
if (localBoolean != null) {
return localBoolean.booleanValue();
}
return false;
}
From our understanding you can't assume non-consent. However, we are not 100% on this but we would rather err on the side of caution.