Terms and privacy policy flow

This page explains how you can use the MAX Terms & Privacy Policy Flow to prompt acceptance of your Terms of Use and Privacy Policy.

ノート

You may use the CMP flow included with the MAX SDK, or you may integrate your own. If you integrate your own CMP flow, make sure that flow completes before you initialize the MAX SDK.

AppLovin MAX SDK, when used with Google UMP, complies with TCF v2: the MAX SDK can ingest the consent string and the AC string and can forward the TCF v2 Consent strings / states to the mediated networks as described in TCF v2 consent.

If you do not use Google UMP as your CMP (either through AppLovin’s automated flow or otherwise), you must ensure that the CMP you choose supports all the mediated networks you integrate.

If you do not use a CMP, you must continue to set AppLovin’s SDK’s binary consent flags as described in Consent and other applicable flags in GDPR and other regions.

ノート

If you access Google demand through MAX, it’s critical that you review the Google CMP requirements before you start the integration process.

Google UMP automation

The AppLovin MAX SDK automates the integration of Google UMP. You do not need to manually integrate the Google UMP. This is opt-in and AppLovin will provide you instructions on how you can enable this Google UMP integration. Below is a visual representation of the flow:

1. MAX SDK initializes.
2. Regional Compliance Check: AppLovin determines whether the user is in a GDPR region. If so, the MAX SDK presents Google UMP.
3. (iOS only)
4. MAX SDK calls your initialization completion callback to signal that you can start loading ads.

ノート

The TCF consent state may be false in either of the following circumstances:

1. The user indicated that they do not consent to the terms of data collection that you specified in your message.
2. Some ad networks you integrated into your application are not configured into UMP, so UMP always rejects consent. See “Verifying missing networks” to learn how to fix this.

Enabling Google UMP

Enabling Google CMP on AdMob dashboard

For MAX consent flow to display the Google GDPR form, you must first create and publish the Google GDPR message on the AdMob dashboard. To do so:

1. Sign in to your AdMob account at apps.admob.com.
   • Add your apps to the AdMob dashboard, if you have not done so already.
2. Click Privacy & messaging.
3. Click GDPR.
4. Click Create message. The GDPR message page opens.
5. Select the apps that you want to display your message:
   1. Click Select apps.
   2. Select the desired apps.
   3. Click Save.
6. Select the languages in which you want to display your message.
7. In the User consent options section, select Consent or Manage options.

   ノート

   Do not check the Close (do not consent) option.

8. In the Targeting section, select Countries subject to GDPR (EEA and UK).
9. Click Continue. The Edit message page opens.
10. In the Message name field, enter a descriptive message name to help you identify the message later. This name appears on the Privacy & messaging page and is not visible to users.
11. Select the Styling tab.
    1. Under the Global section, set the Secondary color to white (#ffffff).
    2. Under the Buttons section, set the Secondary color to gray (#6e6e6e).
12. Click Publish.

Customize ad partners list

ノート

In its default GDPR message, Google might not show all your ad network partners. If you fail to include these networks, this could adversely affect your ad revenue. Follow the steps in this section to ensure all your ad partners appear in the GDPR message.

To customize which ad partners show in the GDPR message:

1. Open the GDPR settings page.
2. Click the edit icon () under the Review your ad partners section.
3. Select the Custom ad partners toggle. Then select all the networks that you integrated into your app.

   ノート

   For Mintegral, select Mobvista/Mintegral from the list of ad partners, rather than Mintegral.

4. Click Confirm.
5. Click Save at the bottom of the GDPR settings page.

Enabling MAX terms and privacy policy flow

First, add the dependency for the Google User Messaging Platform SDK to your module’s app-level Gradle file. This file is typically app/build.gradle:

Groovy

dependencies {
  implementation 'com.google.android.ump:user-messaging-platform:2.1.0'
}

Kotlin

dependencies {
  implementation("com.google.android.ump:user-messaging-platform:2.1.0")
}

Then you can enable the MAX Terms and Privacy Policy Flow programmatically or by adding a settings file to application resources. The sections below explain both of these methods.

Programmatically

To enable the MAX Terms and Privacy Policy Flow programmatically, set certain properties of the SDK’s settings object. Do this before you initialize the SDK, as in the code sample below:

Java

package com.applovin.apps.test;

import android.net.Uri;

import com.applovin.sdk.AppLovinMediationProvider;
import com.applovin.sdk.AppLovinSdk;
import com.applovin.sdk.AppLovinSdkSettings;

public class MyApplication
       extends Application
{
  @Override
  public void onCreate()
  {
    super.onCreate();

    val settings = AppLovinSdk.getInstance( this ).getSettings();
    settings.getTermsAndPrivacyPolicyFlowSettings().setEnabled( true );
    settings.getTermsAndPrivacyPolicyFlowSettings().setPrivacyPolicyUri( Uri.parse( "«https://your-company-name.com/privacy-policy»" ) );

    // Terms of Service URL is optional
    settings.getTermsAndPrivacyPolicyFlowSettings().setTermsOfServiceUri( Uri.parse( "«https://your-company-name.com/terms-of-service»" ) );
    // Showing Terms & Privacy Policy flow in GDPR region is optional (disabled by default)
    settings.getTermsAndPrivacyPolicyFlowSettings().setShowTermsAndPrivacyPolicyAlertInGdpr( true );

    // Set the mediation provider value to "max" to ensure proper functionality
    AppLovinSdkInitializationConfiguration initConfig = AppLovinSdkInitializationConfiguration.builder( "«SDK-key»" )
                    .setMediationProvider( AppLovinMediationProvider.MAX )
                    .build();

    // Initialize the SDK with the configuration
    AppLovinSdk.getInstance( this ).initialize( initConfig, new AppLovinSdk.SdkInitializationListener()
    {
      @Override
      public void onSdkInitialized(final AppLovinSdkConfiguration sdkConfig)
      {
        ⋮
      }
    } );
  }
}

Kotlin

package com.applovin.apps.test

import android.net.Uri
import com.applovin.sdk.AppLovinMediationProvider
import com.applovin.sdk.AppLovinSdk
import com.applovin.sdk.AppLovinSdkSettings

class MyApplication : Application()
{
  override fun onCreate()
  {
    super.onCreate()

    val settings = AppLovinSdk.getInstance(this).settings
    settings.termsAndPrivacyPolicyFlowSettings.isEnabled = true
    settings.termsAndPrivacyPolicyFlowSettings.privacyPolicyUri = Uri.parse("«https://your-company-name.com/privacy-policy»")

    // Terms of Service URL is optional
    settings.termsAndPrivacyPolicyFlowSettings.termsOfServiceUri = Uri.parse("«https://your-company-name.com/terms-of-service»")
    // Showing Terms & Privacy Policy flow in GDPR region is optional (disabled by default)
    settings.termsAndPrivacyPolicyFlowSettings.showTermsAndPrivacyPolicyAlertInGdpr = true

    // Set the mediation provider value to "max" to ensure proper functionality
    val initConfig = AppLovinSdkInitializationConfiguration.builder("«SDK-key»")
      .setMediationProvider(AppLovinMediationProvider.MAX)
    ).build()

    // Initialize the SDK with the configuration
    AppLovinSdk.getInstance(this).initialize(initConfig) { sdkConfig ->
      ⋮
    }
  }
}

You can find your SDK key in the Account > General > Keys section of the AppLovin dashboard.

applovin_settings.json

To enable MAX’s Terms and Privacy Policy Flow via Android resources:

1. Create a JSON file named applovin_settings.json in your raw resource directory.
2. In this file, create a new JSON object with the key consent_flow_settings.
3. In this consent_flow_settings object, add the following key-value pairs:
   1. One with the key consent_flow_enabled and the value true.
   2. Another with the key consent_flow_privacy_policy and the value of your Privacy Policy URL.
   3. Optionally, another with the key consent_flow_terms_of_service and the value of your Terms of Service URL.
   4. Optionally, another with the key consent_flow_show_terms_and_privacy_policy_alert_in_gdpr and the value true to show the Terms and Privacy Policy alert in GDPR region before the Google UMP flow.

The final result should resemble this:

{
  "consent_flow_settings": {
    "consent_flow_enabled": true,
    "consent_flow_terms_of_service": "«https://your-company-name.com/terms-of-service»",
    "consent_flow_privacy_policy": "«https://your-company-name.com/privacy-policy»",
    "consent_flow_show_terms_and_privacy_policy_alert_in_gdpr": true
  }
}

Integration

The SDK presents the consent flow when you initialize the SDK. When the user completes the flow, the SDK calls your initialization-completion callback.

注意

You must wait until the user finishes the consent flow before you initialize third-party SDKs (such as MMPs or analytics SDKs). For this reason, initialize such SDKs in your initialization-completion callback. If you initialize third-party SDKs before the user completes the consent flow, these SDKs cannot access relevant identifiers, and you suffer a material impact on measurement, reporting, and ad revenue.

Do not initialize MAX mediated network SDKs in your initialization callback. MAX performs this initialization automatically.

If you set the user ID in your MMP integration, set it where you set the AppLovin user ID. The code snippets below use Adjust as an example. Refer to Adjust’s documentation to learn how to initialize Adjust and set the user ID.

Java

package com.applovin.apps.test;

import com.adjust.sdk.Adjust;
import com.adjust.sdk.AdjustConfig;
import com.adjust.sdk.LogLevel;
import com.applovin.sdk.AppLovinMediationProvider;
import com.applovin.sdk.AppLovinSdk;
import com.applovin.sdk.AppLovinSdkConfiguration;
import com.applovin.sdk.AppLovinSdkInitializationConfiguration;
import com.applovin.sdk.AppLovinSdkSettings;

import lombok.val;

public class MyApplication
       extends Application
{
  @Override
  public void onCreate()
  {
    super.onCreate();

    // Create the initialization configuration
    AppLovinSdkInitializationConfiguration initConfig = AppLovinSdkInitializationConfiguration.builder( "«SDK-key»" )
        .setMediationProvider( AppLovinMediationProvider.MAX )
        .build();

    // Set the user ID
    val settings = AppLovinSdk.getInstance( this ).getSettings();
    settings.setUserIdentifier( "«user-ID»" );

    // Initialize the SDK with the configuration
    AppLovinSdk.getInstance( this ).initialize( initConfig, new AppLovinSdk.SdkInitializationListener()
    {
      @Override
      public void onSdkInitialized(final AppLovinSdkConfiguration sdkConfig)
      {
        // Initialize the Adjust SDK inside the AppLovin SDK's initialization callback
        AdjustConfig adjustConfig = new AdjustConfig( this, "«your-Adjust-app-token»", AdjustConfig.ENVIRONMENT_SANDBOX or AdjustConfig.ENVIRONMENT_PRODUCTION );
        Adjust.onCreate( adjustConfig );

        // Start loading ads
      }
    } );
  }
}

Kotlin

package com.applovin.apps.test

import com.adjust.sdk.Adjust
import com.adjust.sdk.AdjustConfig
import com.applovin.sdk.AppLovinMediationProvider
import com.applovin.sdk.AppLovinSdk
import com.applovin.sdk.AppLovinSdkInitializationConfiguration

class MyApplication : Application()
{
  override fun onCreate()
  {
    super.onCreate()

    // Create the initialization configuration
    val initConfig = AppLovinSdkInitializationConfiguration.builder("«SDK-key»")
      .setMediationProvider(AppLovinMediationProvider.MAX)
      .build()

    // Configure the SDK settings if needed before or after SDK initialization.
    val settings = AppLovinSdk.getInstance(this).settings
    settings.userIdentifier = "«user-ID»"

    // Initialize the SDK with the configuration
    AppLovinSdk.getInstance(this).initialize(initConfig) { sdkConfig ->

      // Initialize other 3rd-party SDKs - do not initialize mediated advertising SDKs, MAX will automatically do that for you. Not following this step will result in noticeable integration issues

      // Initialize the Adjust SDK inside the AppLovin SDK's initialization callback
      val adjustConfig = AdjustConfig( this, "«your-Adjust-app-token»", AdjustConfig.ENVIRONMENT_SANDBOX or AdjustConfig.ENVIRONMENT_PRODUCTION )
      Adjust.onCreate(adjustConfig )

      // Start loading ads
    }
  }
}

Show GDPR flow to existing users

AppLovin recommends that you allow existing users in GDPR regions to reenter the GDPR flow. Typically, users do this in your app’s Settings section via an option to Manage Existing Privacy Settings. You can conditionally show that settings option, based on whether the user is in a GDPR region. To determine if a user is in a GDPR region, call AppLovinSdkConfiguration.getConsentFlowUserGeography() (the user is in GDPR region when getConsentFlowUserGeography() returns ConsentFlowUserGeography.GDPR).

When the user clicks Manage Existing Privacy Settings (or its equivalent), call AppLovinCmpService.showCmpForExistingUser(). Note that this resets the user’s existing consent information.

Java

package com.applovin.apps.test;

import android.app.Activity;

import com.applovin.sdk.AppLovinSdk;
import com.applovin.sdk.AppLovinCmpService;

public class MyActivity
       extends Activity
{
  private void showAppLovinConsentFlow()
  {
    AppLovinCmpService cmpService = AppLovinSdk.getInstance( this ).getCmpService();

    cmpService.showCmpForExistingUser( this, new AppLovinCmpService.OnCompletedListener()
    {
      @Override
      public void onCompleted(final AppLovinCmpError error)
      {
        if ( null == error )
        {
          // The CMP alert was shown successfully.
        }
      }
    } );
  }
}

Kotlin

package com.applovin.apps.test

import android.app.Activity

import com.applovin.sdk.AppLovinSdk

public class MyActivity : Activity()
{
  private fun showAppLovinConsentFlow()
  {
    val cmpService = AppLovinSdk.getInstance(this).cmpService
    cmpService.showCmpForExistingUser(this) { error ->
      if (null == error)
      {
        // The CMP alert was shown successfully.
      }
    }
  }
}

Testing

If you want to test the Google CMP from outside the GDPR region, set the debug user geography to GDPR with one of the following methods:

Java

AppLovinSdkSettings settings = AppLovinSdk.getInstance( this ).getSettings();
⋮
settings.getTermsAndPrivacyPolicyFlowSettings().setDebugUserGeography( AppLovinSdkConfiguration.ConsentFlowUserGeography.GDPR );

Kotlin

val settings = AppLovinSdk.getInstance(this).settings
⋮
settings.termsAndPrivacyPolicyFlowSettings.debugUserGeography = AppLovinSdkConfiguration.ConsentFlowUserGeography.GDPR

applovin_settings.json

To set the debug user geography, add the consent_flow_debug_user_geography key with value gdpr under the consent_flow_settings object:

{
  "consent_flow_settings": {
    ⋮
    "consent_flow_debug_user_geography": "gdpr"
  }
}

Then, set the test device hash ID before you initialize the MAX SDK. The Google CMP SDK logs this test device hash ID when the app runs on a device. Set the test device hash ID by making the following call:

Java

settings.setExtraParameter("google_test_device_hashed_id", "«your-test-device-hashed-ID»");

Kotlin

settings.setExtraParameter("google_test_device_hashed_id", "«your-test-device-hashed-ID»")

Testing Google UMP integration with the Mediation Debugger

Verifying installation

Under the Privacy section of the MAX Mediation Debugger, the CMP (Consent Management Platform) row displays the name of the Google-certified CMP SDK that you integrated. If you integrated the Google UMP SDK, it displays “Google consent management solutions” as the name.

Verifying IAB TCF parameters

If you select the CMP (Consent Management Platform) row, you can inspect the IAB TCF parameters IABTCF_gdprApplies, IABTCF_TCString, and IABTCF_AddtlConsent. For the latter two, you can click the row to copy or share its value.

Verifying missing networks

In the CMP CONFIGURATION section, you can verify which networks integrate with or are missing from your Google UMP configuration. This is an exhaustive list of all networks that are available to MAX. You can ignore any networks that you did not integrate in your application.

On your CMP flow you must list the networks that you integrate in your application. To check if any of those networks are missing, and to fix this problem:

1. Complete the CMP flow, granting consent to all networks.
2. Open the Mediation Debugger. The Mediation Debugger parses the TC and AC strings and displays two lists:
   1. Integrated networks you listed on your CMP flow
   2. Networks that are missing which you might need to add (under Configured CMP Networks in the CMP CONFIGURATION section)
3. You will see missing networks in the MISSING ATP NETWORKS or MISSING TCF VENDORS lists. If any of these are networks that you integrated into your application:
   1. Return to your CMP’s dashboard. Add the missing networks to those covered by the GDPR message. (See Customize ad partners list for how to do this in Google’s Unified Consent Flow.)
   2. Restart your app.

Repeat these steps until you verify that you included all of your networks in the CMP flow.

Verifying mediated network consent statuses

To view the consent statuses of all networks, expand Network Consent Statuses in the Mediation Debugger. The Mediation Debugger parses the TC string and displays the consent statuses of all networks. It also displays the AppLovin consent status that it parses from the AC string that Google UMP generates.