Mandatory Consent for Admob User Messaging Platform

Question

I switched from the deprecated GDPR Consent Library to the new User Messaging Platform, and used the code as stated in the documentation.

I noticed that when the user clicks on Manage Options then Confirm choices, ads will stop displaying altogether (Ad failed to load, no ad config), and I can't find anyway to check if the user didn't consent to the use of personal data.

This is problematic as my app relies purely on ads, and I will be losing money if ads don't show up, so I want to make it mandatory for users to consent to the use of their personal data, otherwise the app should be unusable.

I have made a test project on Github so everyone can test this behavior. If you are not using an emulator, then you need to change the "TEST_DEVICE_ID" to yours.

How can I achieve this?

Tyler V · Accepted Answer · 2022-07-12T21:44:49.983

The UMP writes its output to some attributes in SharedPreferences, outlined here. You can write some helper methods to query these attributes to find out what level of ad consent the user has given or whether the user is EEA or not, but you will need to look at more than just the VendorConsents string.

There are generally 5 attributes you will want to look for to determine whether ads will be served:

IABTCF_gdprApplies - An integer (0 or 1) indicating whether the user is in the EEA
IABTCF_PurposeConsents - A string of 0's and 1's up to 10 entries long indicating whether the user provided consent for the 10 different purposes
IABTCF_PurposeLegitimateInterests - A string of 0's and 1's up to 10 entries long indicating whether the app has legitimate interest for the 10 different purposes
IABTCF_VendorConsents - A string of 0s and 1s that is arbitrarily long, indicating whether a given vendor has been given consent for the previously mentioned purposes. Each vendor has an ID indicating their position in the string. For example Google's ID is 755, so if Google has been given consent then the 755th character in this string would be a "1". The full vendor list is available here.
IABTCF_VendorLegitimateInterests - Similar to the vendor consent string, except that it indicates if the vendor has legitimate interest for the previously indicated purposes.

Per the Google documentation here there are really only a few practical outcomes from the UMP Funding Choices form with respect to serving ads:

The user clicked "Consent To All" - the strings above will be all 1's and personalized ads will be shown
The user clicked "Consent To None" - no ads will be shown at all
The user clicked "Manage" and selected storage consent (Purpose 1) and scrolled through the giant list of non-alphabetically listed vendors to also select "Google" - non-personalized ads will be shown
The user clicked "Manage" and did anything less than the prior step (e.g. selected storage and basic ads but didn't manually select Google from the vendor list) - again, no ads will be shown at all

This is a pretty non-ideal set of options, since #3 is extremely unlikely to ever occur and #2 and #4 result in the user getting an ad-free app without paying. For all practical purposes, this has removed the "non-personalized ads" option that was in the legacy consent SDK (and the option to purchase the ad-free app) and replaced it with simply disabling ads entirely.

I've written a few helper methods to at least let you query what the user actually selected and act accordingly.

fun isGDPR(): Boolean {
    val prefs = PreferenceManager.getDefaultSharedPreferences(applicationContext)
    val gdpr = prefs.getInt("IABTCF_gdprApplies", 0)
    return gdpr == 1
}

fun canShowAds(): Boolean {
    val prefs = PreferenceManager.getDefaultSharedPreferences(applicationContext)

    //https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/TCFv2/IAB%20Tech%20Lab%20-%20CMP%20API%20v2.md#in-app-details
    //https://support.google.com/admob/answer/9760862?hl=en&ref_topic=9756841

    val purposeConsent = prefs.getString("IABTCF_PurposeConsents", "") ?: ""
    val vendorConsent = prefs.getString("IABTCF_VendorConsents","") ?: ""
    val vendorLI = prefs.getString("IABTCF_VendorLegitimateInterests","") ?: ""
    val purposeLI = prefs.getString("IABTCF_PurposeLegitimateInterests","") ?: ""

    val googleId = 755
    val hasGoogleVendorConsent = hasAttribute(vendorConsent, index=googleId)
    val hasGoogleVendorLI = hasAttribute(vendorLI, index=googleId)

    // Minimum required for at least non-personalized ads
    return hasConsentFor(listOf(1), purposeConsent, hasGoogleVendorConsent)
            && hasConsentOrLegitimateInterestFor(listOf(2,7,9,10), purposeConsent, purposeLI, hasGoogleVendorConsent, hasGoogleVendorLI)

}

fun canShowPersonalizedAds(): Boolean {
    val prefs = PreferenceManager.getDefaultSharedPreferences(applicationContext)

    //https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/TCFv2/IAB%20Tech%20Lab%20-%20CMP%20API%20v2.md#in-app-details
    //https://support.google.com/admob/answer/9760862?hl=en&ref_topic=9756841

    val purposeConsent = prefs.getString("IABTCF_PurposeConsents", "") ?: ""
    val vendorConsent = prefs.getString("IABTCF_VendorConsents","") ?: ""
    val vendorLI = prefs.getString("IABTCF_VendorLegitimateInterests","") ?: ""
    val purposeLI = prefs.getString("IABTCF_PurposeLegitimateInterests","") ?: ""

    val googleId = 755
    val hasGoogleVendorConsent = hasAttribute(vendorConsent, index=googleId)
    val hasGoogleVendorLI = hasAttribute(vendorLI, index=googleId)

    return hasConsentFor(listOf(1,3,4), purposeConsent, hasGoogleVendorConsent)
            && hasConsentOrLegitimateInterestFor(listOf(2,7,9,10), purposeConsent, purposeLI, hasGoogleVendorConsent, hasGoogleVendorLI)
}

// Check if a binary string has a "1" at position "index" (1-based)
private fun hasAttribute(input: String, index: Int): Boolean {
    return input.length >= index && input[index-1] == '1'
}

// Check if consent is given for a list of purposes
private fun hasConsentFor(purposes: List<Int>, purposeConsent: String, hasVendorConsent: Boolean): Boolean {
    return purposes.all { p -> hasAttribute(purposeConsent, p)} && hasVendorConsent
}

// Check if a vendor either has consent or legitimate interest for a list of purposes
private fun hasConsentOrLegitimateInterestFor(purposes: List<Int>, purposeConsent: String, purposeLI: String, hasVendorConsent: Boolean, hasVendorLI: Boolean): Boolean {
    return purposes.all { p ->
            (hasAttribute(purposeLI, p) && hasVendorLI) ||
            (hasAttribute(purposeConsent, p) && hasVendorConsent)
    }
}

The global list of vendor IDs can be found here: https://vendor-list.consensu.org/v2/vendor-list.json — Nicolas Prugne, Jul 12 '22 at 13:42
Thanks, you can also access it [here](https://iabeurope.eu/vendor-list-tcf-v2-0/) — Tyler V, Jul 12 '22 at 21:44
It seems apps still using legacy content SDK will only get non personalized apps now!? — 3c71, Feb 06 '23 at 02:19

score 0 · Answer 2 · answered Nov 02 '21 at 17:50

I found a workaround for this, but this is no final official solution.

It seems that if a user consented to Personalized ads, a string in SharedPreferences, which key is IABTCF_VendorConsents, will contain ones and zeros corresponding to some vendors (I think). If he didn't consent, this string will be equal to 0.

private val sp = PreferenceManager.getDefaultSharedPreferences(appContext)
fun consentedToPersonalizedAds() = sp.getString("IABTCF_VendorConsents", null) != "0"

Mandatory Consent for Admob User Messaging Platform

2 Answers2