To participate, please log in to your Andromo App Maker account then come back here!

Creating GDPR Compliant Apps with Andromo

Andromo is committed to ensuring that apps created on it’s platform comply with the European Union (EU) General Data Protection Regulation (GDPR) which took affect on May 25th, 2018.

With today’s release of Andromo v5.0.15, we’ve taken the following steps to provide GDPR compliance for your apps:

  • AdMob – Will only serve non-personalized ads for EU users.
  • StartApp – Will only serve non-personalized ads for EU users.
  • AppLovin – Will only serve non-personalized ads for EU users.
  • Others – Disabled the following ad networks for EU users: Amazon, AppBrain, Facebook Audience Network.
  • Analytics – Disabled Andromo & Google analytics for EU users.
  • AirBop – Disabled AirBop for EU users.

Requirements for AdMob, StartApp or AppLovin Ads

If your app includes AdMob, StartApp or AppLovin ads, you must perform the following steps to be compliant:

  1. Enable the “Launch Notice” dialog in your app for EU users. To do this, go to your project’s “Settings” tab, enable the “Show Launch Notice” checkbox and then enable the “European Union countries only (uncheck for Worldwide)” checkbox. The text you provide is up to you, however below is an example of what might be appropriate for your app if you include AdMob:

    We care about your privacy and data security. We keep this app free by showing ads. We’ll partner with Google and use a unique identifier on your device to serve only non-personalized ads.
    For information about how Google uses your mobile identifier please visit:
    https://policies.google.com/technologies/partner-sites

    You should inform users about these ad networks in your Launch Notice text, including links to their privacy policies.

    The privacy policies for StartApp and AppLovin can be found here:

    https://www.applovin.com/privacy
    http://www.startapp.com/policy/privacy-policy/

    Google’s policy page can be found at:
    https://policies.google.com/technologies/partner-sites

  2. Once you’ve made the above changes, increase your app’s version number on the “Settings” tab, and then generate a new build of your app by clicking the “Build My App” button on your project’s “Build” tab. Once the build has completed, test it and publish the new version to all of the app stores you previously published to.

Requirements for All Apps

Even if your app does not contain ads, you’ll need to generate a new build of your app to comply with GDPR. This is also a good time to revisit adding a “cookie notice”. Refer to our KB article “EU User Consent / Privacy Policy” for more info – or read up at https://www.cookiechoices.org/.

To generate a new build, increase your app’s version number on the “Settings” tab, and then go to your project’s “Build” tab and click the “Build My App” button. Once the build has completed, test it and publish the new version to all of the app stores you previously published to.

Further Details…

What is GDPR?

The basics of GDPR state that if you are located in the EU or your app is targeting users in the EU, then you need to obtain explicit consent from the user in order to collect and store “personal information.”

The exact language and wording is much more complicated than written above (specifically concerning what exactly is personal information), but that is the gist of it. You can and should read the official document 2018 reform of EU data protection rules or if you can’t make it through that document, the “simplified version” is available from GDPR Portal. It makes excellent bedtime reading.

Why Should You Care?

At first glance you might think that your app doesn’t collect personal information so this does not apply to you. However, the definition of personal information is quite broad and extends to IP addresses and mobile device identifiers – not just names, addresses and medical records.

The problem lies with the fact that over the years, all advertising networks have evolved to store that information so that they can track and identify users behavior and serve up what has come to be known as “personalized ads”.

So, while your app itself may never have asked people for their name, email, address etc., the ad networks and analytics providers are still making use of IP and device identifiers.

What Does it Require of You?

In a nutshell, to be compliant with GDPR your app either needs to obtain explicit consent to collect and store personal information, or it needs to stop storing that info for anyone in the EU.

To obtain explicit consent requires a startup screen that asks users to specifically sign up to be tracked and receive “personalized ads” from each ad network you work with, along with privacy policy information for each one. For context, Google’s AdMob has literally thousands of ad providers enabled by default…

At the moment, the tools and recommendations to deal with explicit consent are simply inadequate to make that realistic.

What we Have Done for Andromo Apps

The safest option right now is to disable anything in your app that stores personal information if the user is located in the EU. That is what we have done in Andromo v5.0.15 so that you can put out a GDPR compliant app today.

Fortunately several ad networks supported by Andromo have now added the ability to turn off personalized ads and instead serve up only non personalized ads. Hopefully more will follow suit in the future.

Additionally, once the tools and procedures to obtain explicit consent for personalized ads solidify, we can revisit and see about making that an option.


Comments

  • Thanks for the update

  • Create Your Own App with Andromo


  • Excelent!! thanks for the important information
  • Well done! Can we use the launch notice for both GDPR and cookie consent?
    Do we just combine the recommended wording? Any suggestions for a combo GDPR and cookie consent wording?
  • edited May 29
    @anteos Technically this message is basically “cookie consent”, as that is how the non personalized ads work rather than the ad network storing personal info. The suggested message is just that: suggested. However, it is based on what google suggests in order to comply with their own terms of service. Reading between the lines there, you will see it already combines elements of “cookie” like the device identifier and “GDPR” such as the privacy policy links... up to you in the end though. There is no single correct answer applicable to everyone, unfortunately. For actual legal advice, you will need to consult an actual lawyer. I only play one on television.
  • @colinadams
    True, thanks Colin!
  • FYI, we have increased the number of build servers by ~70% to help meet the demand of these GDPR builds. We were at about 45 minutes the other day but down to 5 right now, but have been at about 10 all day today.
  • @colinadams
    True, build times are lower now. Thanks!
    By the way, can you please check out my last post at https://forums.andromo.com/discussion/2336/andromo-app-maker-for-android-v5-0-15-released#latest?
    I cannot send ad requests to FAN because I am in EU. How can I get around this problem? I was planning to submit few new apps this weekend but I don't see it very possible unless I manage to work around this.
  • I think if the 'Launch Notice' had Decline/Accept like button similar to that of the 'License Agreement' launcher this would be acceptable to serve personalised Ads am I right?
  • @mataan As crazy as it sounds, the GDPR regulations say that you can not deny people access to your app if they choose not to provide consent to store personal information. So... no.
  • Oh you right because Decline exists the app silly me. Thanks @colinadams
  • @colinadams

    Hey Colin,

    Is the Admob App id really that necessary to have under monetization tab? Thanks

    https://www.dropbox.com/s/6to1kpyyyb4w4pi/app_id.png?dl=0

  • Create Your Own App with Andromo


  • Hi,
    thanks for this update but when will the API level updated to 26?
    The point is that when I update all apps now I have to update them again in less than 2 month. :/
    Maybe you can try to rollout the new API ASAP, so we can combine these two required changes in one update.
    Would save countless hours of work.
    Thank you very much!
  • @sylviathewitch I think you've misunderstood the upcoming changes to Google Play. They're not forcing users to update their existing apps. The API targeting only applies to new apps and app updates after those dates. The key points are:

    August 2018: New apps required to target API level 26 (Android 8.0) or higher.
    November 2018: Updates to existing apps required to target API level 26 or higher.
    Existing apps that are not receiving updates are unaffected.



  • Hi ,about the airbop push notifications and GDPR.If I add a launch notice that the app will send notifications and I add the same message at google play app description,will my app violate GDPR?
    Is there any option about push notifications?
  • AirBop is disabled for EU users.
  • Instead of Launch Notice can we just add activity with name GDPR Policy or Privacy Policy and add text about that in that activity? Is there need for popup notice or we just can add html activity in app?
  • yes, u can do a activity . No need to put launch notice. I am doing this without problems.
  • That is bad advice. While of course you can “do” anything, it doesn’t mean you are being GDPR compliant. Ignore the recommendations provided at your own risk...
  • Hello team,

    I Receive this notification from google play

    Plzz Help Me..:(

    This is a notification that your Google Play Publisher account has been terminated.

    REASON FOR TERMINATION: Prior violations of the Developer Program Policies and Developer Distribution Agreement by this or associated accounts as outlined in previous emails sent to the registered email address(es) of the Publisher account(s).

    Google Play Publisher suspensions are associated with developers, and may span multiple account registrations and related Google services.

    You can visit the Developer Policy Center to better understand how we enforce Developer Program Policies. If you’ve reviewed the policy and feel this termination may have been in error, please reach out to our policy support team.

    Do not attempt to register a new developer account. We will not be restoring your account at this time.

    The Google Play Team


  • Create Your Own App with Andromo


  • edited 3:38PM
  • Do you have more Google Play accounts, and did you EVER get banned there in the past?
    If yes (be sincere with yourself, I don't care how many you had), this is because they linked your banned account with with the one that's still active.

    If no, appeal. Mistakes happen, even from Google.
Sign In or Register to comment.