Creating GDPR Compliant Apps with Andromo
Andromo is committed to ensuring that apps created on it’s platform comply with the European Union (EU) General Data Protection Regulation (GDPR) which took affect on May 25th, 2018.
With today’s release of Andromo v5.0.15, we’ve taken the following steps to provide GDPR compliance for your apps:
- AdMob – Will only serve non-personalized ads for EU users.
- StartApp – Will only serve non-personalized ads for EU users.
- AppLovin – Will only serve non-personalized ads for EU users.
- Others – Disabled the following ad networks for EU users: Amazon, AppBrain, Facebook Audience Network.
- Analytics – Disabled Andromo & Google analytics for EU users.
- AirBop – Disabled AirBop for EU users.
Requirements for AdMob, StartApp or AppLovin Ads
If your app includes AdMob, StartApp or AppLovin ads, you must perform the following steps to be compliant:
- Enable the “Launch Notice” dialog in your app for EU users. To do
this, go to your project’s “Settings” tab, enable the “Show Launch
Notice” checkbox and then enable the “European Union countries only
(uncheck for Worldwide)” checkbox. The text you provide is up to you,
however below is an example of what might be appropriate for your app if
you include AdMob:
We care about your privacy and data security. We keep this app free by showing ads. We’ll partner with Google and use a unique identifier on your device to serve only non-personalized ads.
For information about how Google uses your mobile identifier please visit:
You should inform users about these ad networks in your Launch Notice text, including links to their privacy policies.
The privacy policies for StartApp and AppLovin can be found here:
Google’s policy page can be found at:
- Once you’ve made the above changes, increase your app’s version number on the “Settings” tab, and then generate a new build of your app by clicking the “Build My App” button on your project’s “Build” tab. Once the build has completed, test it and publish the new version to all of the app stores you previously published to.
Requirements for All Apps
To generate a new build, increase your app’s version number on the “Settings” tab, and then go to your project’s “Build” tab and click the “Build My App” button. Once the build has completed, test it and publish the new version to all of the app stores you previously published to.
What is GDPR?
The basics of GDPR state that if you are located in the EU or your app is targeting users in the EU, then you need to obtain explicit consent from the user in order to collect and store “personal information.”
The exact language and wording is much more complicated than written above (specifically concerning what exactly is personal information), but that is the gist of it. You can and should read the official document 2018 reform of EU data protection rules or if you can’t make it through that document, the “simplified version” is available from GDPR Portal. It makes excellent bedtime reading.
Why Should You Care?
At first glance you might think that your app doesn’t collect personal information so this does not apply to you. However, the definition of personal information is quite broad and extends to IP addresses and mobile device identifiers – not just names, addresses and medical records.
The problem lies with the fact that over the years, all advertising networks have evolved to store that information so that they can track and identify users behavior and serve up what has come to be known as “personalized ads”.
So, while your app itself may never have asked people for their name, email, address etc., the ad networks and analytics providers are still making use of IP and device identifiers.
What Does it Require of You?
In a nutshell, to be compliant with GDPR your app either needs to obtain explicit consent to collect and store personal information, or it needs to stop storing that info for anyone in the EU.
At the moment, the tools and recommendations to deal with explicit consent are simply inadequate to make that realistic.
What we Have Done for Andromo Apps
The safest option right now is to disable anything in your app that stores personal information if the user is located in the EU. That is what we have done in Andromo v5.0.15 so that you can put out a GDPR compliant app today.
Fortunately several ad networks supported by Andromo have now added the ability to turn off personalized ads and instead serve up only non personalized ads. Hopefully more will follow suit in the future.
Additionally, once the tools and procedures to obtain explicit consent for personalized ads solidify, we can revisit and see about making that an option.