Creating GDPR Compliant Apps with Andromo
Andromo is committed to ensuring that apps created on it’s platform comply with the European Union (EU) General Data Protection Regulation (GDPR) which took affect on May 25th, 2018.
With today’s release of Andromo v5.0.15, we’ve taken the following steps to provide GDPR compliance for your apps:
- AdMob – Will only serve non-personalized ads for EU users.
- StartApp – Will only serve non-personalized ads for EU users.
- AppLovin – Will only serve non-personalized ads for EU users.
- Others – Disabled the following ad networks for EU users: Amazon, AppBrain, Facebook Audience Network.
- Analytics – Disabled Andromo & Google analytics for EU users.
- AirBop – Disabled AirBop for EU users.
Requirements for AdMob, StartApp or AppLovin Ads
If your app includes AdMob, StartApp or AppLovin ads, you must perform the following steps to be compliant:
- Enable the “Launch Notice” dialog in your app for EU users. To do
this, go to your project’s “Settings” tab, enable the “Show Launch
Notice” checkbox and then enable the “European Union countries only
(uncheck for Worldwide)” checkbox. The text you provide is up to you,
however below is an example of what might be appropriate for your app if
you include AdMob:
We care about your privacy and data security. We keep this app free by showing ads. We’ll partner with Google and use a unique identifier on your device to serve only non-personalized ads.
For information about how Google uses your mobile identifier please visit:
https://policies.google.com/technologies/partner-sitesYou should inform users about these ad networks in your Launch Notice text, including links to their privacy policies.
The privacy policies for StartApp and AppLovin can be found here:
https://www.applovin.com/privacy
http://www.startapp.com/policy/privacy-policy/Google’s policy page can be found at:
https://policies.google.com/technologies/partner-sites - Once you’ve made the above changes, increase your app’s version number on the “Settings” tab, and then generate a new build of your app by clicking the “Build My App” button on your project’s “Build” tab. Once the build has completed, test it and publish the new version to all of the app stores you previously published to.
Requirements for All Apps
Even if your app does not contain ads, you’ll need to generate a new build of your app to comply with GDPR. This is also a good time to revisit adding a “cookie notice”. Refer to our KB article “EU User Consent / Privacy Policy” for more info – or read up at https://www.cookiechoices.org/.
To generate a new build, increase your app’s version number on the “Settings” tab, and then go to your project’s “Build” tab and click the “Build My App” button. Once the build has completed, test it and publish the new version to all of the app stores you previously published to.
Further Details…
What is GDPR?
The basics of GDPR state that if you are located in the EU or your app is targeting users in the EU, then you need to obtain explicit consent from the user in order to collect and store “personal information.”
The exact language and wording is much more complicated than written above (specifically concerning what exactly is personal information), but that is the gist of it. You can and should read the official document 2018 reform of EU data protection rules or if you can’t make it through that document, the “simplified version” is available from GDPR Portal. It makes excellent bedtime reading.
Why Should You Care?
At first glance you might think that your app doesn’t collect personal information so this does not apply to you. However, the definition of personal information is quite broad and extends to IP addresses and mobile device identifiers – not just names, addresses and medical records.
The problem lies with the fact that over the years, all advertising networks have evolved to store that information so that they can track and identify users behavior and serve up what has come to be known as “personalized ads”.
So, while your app itself may never have asked people for their name, email, address etc., the ad networks and analytics providers are still making use of IP and device identifiers.
What Does it Require of You?
In a nutshell, to be compliant with GDPR your app either needs to obtain explicit consent to collect and store personal information, or it needs to stop storing that info for anyone in the EU.
To obtain explicit consent requires a startup screen that asks users to specifically sign up to be tracked and receive “personalized ads” from each ad network you work with, along with privacy policy information for each one. For context, Google’s AdMob has literally thousands of ad providers enabled by default…
At the moment, the tools and recommendations to deal with explicit consent are simply inadequate to make that realistic.
What we Have Done for Andromo Apps
The safest option right now is to disable anything in your app that stores personal information if the user is located in the EU. That is what we have done in Andromo v5.0.15 so that you can put out a GDPR compliant app today.
Fortunately several ad networks supported by Andromo have now added the ability to turn off personalized ads and instead serve up only non personalized ads. Hopefully more will follow suit in the future.
Additionally, once the tools and procedures to obtain explicit consent for personalized ads solidify, we can revisit and see about making that an option.
Comments
Do we just combine the recommended wording? Any suggestions for a combo GDPR and cookie consent wording?
True, thanks Colin!
True, build times are lower now. Thanks!
By the way, can you please check out my last post at https://forums.andromo.com/discussion/2336/andromo-app-maker-for-android-v5-0-15-released#latest?
I cannot send ad requests to FAN because I am in EU. How can I get around this problem? I was planning to submit few new apps this weekend but I don't see it very possible unless I manage to work around this.
Hey Colin,
Is the Admob App id really that necessary to have under monetization tab? Thanks
https://www.dropbox.com/s/6to1kpyyyb4w4pi/app_id.png?dl=0
thanks for this update but when will the API level updated to 26?
The point is that when I update all apps now I have to update them again in less than 2 month.
Maybe you can try to rollout the new API ASAP, so we can combine these two required changes in one update.
Would save countless hours of work.
Thank you very much!
Is there any option about push notifications?
I Receive this notification from google play
Plzz Help Me..:(
This is a notification that your Google Play Publisher account has been terminated.
REASON FOR TERMINATION: Prior violations of the Developer Program Policies and Developer Distribution Agreement by this or associated accounts as outlined in previous emails sent to the registered email address(es) of the Publisher account(s).
Google Play Publisher suspensions are associated with developers, and may span multiple account registrations and related Google services.
You can visit the Developer Policy Center to better understand how we enforce Developer Program Policies. If you’ve reviewed the policy and feel this termination may have been in error, please reach out to our policy support team.
Do not attempt to register a new developer account. We will not be restoring your account at this time.
The Google Play Team
If yes (be sincere with yourself, I don't care how many you had), this is because they linked your banned account with with the one that's still active.
If no, appeal. Mistakes happen, even from Google.
It says:
If you’ve reviewed the policy and feel this termination may have been in error, please reach out to our policy support team.
Do I need to make an adjustment to my consent or the current one should be enough?
Thanks!