This page explains how you can use the MAX Terms and Privacy Policy Flow to prompt acceptance of your Terms of Use and Privacy Policy, based on the relevant operating system (Android or iOS):
SDK 12.0.0 Release
AppLovin MAX SDK v12.0.0, when used with Google UMP, complies with TCF v2 in that the MAX SDK can ingest the consent string and AC string and forward the TCF v2 Consent strings / states to the mediated networks as described in TCF v2 Consent.
If you do not use Google UMP as your CMP, either through AppLovin’s automated flow or otherwise, you must ensure that the CMP you choose supports all of the mediated networks you integrate.
All MAX-mediated ad networks except AdColony are supported by MAX’s Google UMP integration.
If you do not use a CMP, you must continue to set AppLovin’s SDK’s binary consent flags as described in Consent and Age Related Flags in GDPR and Other Regions.
If you access Google demand through MAX, it’s critical that you review the Google CMP requirements before you start the integration process.
Google UMP Automation
- MAX SDK initializes.
- Regional Compliance Check: AppLovin determines whether the user is located in a GDPR region. If the user is in a GDPR region, the MAX SDK presents Google UMP. If the user is not in a GDPR region, MAX SDK a subsequent check is made to ascertain whether the user is age-restricted.
- Age Verification: If the user is age-restricted under COPPA as determined via the
setIsAgeRestrictedUserAPI, the user is taken to MAX’s ATT (App Tracking Transparency) prompt. Otherwise MAX SDK presents the user with a Terms of Service and Privacy Policy prompt. Steps 2 and 3 ensure that users are informed about data collection and usage and have the option to consent or decline. - (iOS only) If Google UMP is not configured to display the ATT prompt, or if the user did not see the Google UMP flow, MAX SDK shows the MAX ATT prompt.
- MAX SDK calls your initialization completion callback to signal that you can start loading ads.
The TCF consent state may be false in either of the following two circumstances:
- The user indicated that they do not consent to the terms of data collection that you specified in your message.
- Some of the ad networks you have integrated into your application are not configured into UMP, and so UMP will always reject consent. See Verifying Missing Networks to learn how to fix this.
Enabling Google UMP
When you submit your app to App Store Connect for review, you must notify the reviewer, in the Review Notes section, that you have enabled the App Tracking Transparency framework permission request for iOS 14.5+ only. If you do not do this, Apple may reject your build.
Enabling Google CMP on AdMob Dashboard
For the MAX consent flow to display the Google GDPR form, you first must create and publish the Google GDPR message on the AdMob dashboard. To do so:
- Sign in to your AdMob account at apps.admob.com.
- Add your apps to the AdMob dashboard, if you have not done so already.
- Click Privacy & messaging.
- Click GDPR.
- Click Create message. The GDPR message page opens.
- Select the apps that you want to display your message:
- Click Select apps.
- Select the desired apps.
- Click Save.
- Select the languages in which you want to display your message.
- In the User consent options section, select Consent or Manage options.
- Do not check the Close (do not consent) option.
- In the Targeting section, select Countries subject to GDPR (EEA and UK).
- Click Continue. The Edit message page opens.
- In the Message name field, enter a descriptive message name to help you identify the message later. This name appears only on the Privacy & messaging page and is not visible to users.
- Select the Styling tab.
- Under the Global section, set the Secondary color to white (
#ffffff). - Under the Buttons section, set the Secondary color to gray (
#6e6e6e).
- Under the Global section, set the Secondary color to white (
- Click Publish.
Customize Ad Partners List
By default, Google might not show all of your ad partners in your GDPR message. If you fail to include these networks, this could adversely affect your ad revenue. Follow the steps in this section to ensure all of your ad partners appear in the GDPR message.
To customize which ad partners show in the GDPR message:
- Open the GDPR settings page.
- Click the edit icon (
) under the Review your ad partners section.
- Select the Custom ad partners toggle and then select all of the networks you integrated in your app.
- Click Confirm.
- Click Save at the bottom of the GDPR settings page.
Enabling MAX Consent Flow
-
You can enable the MAX Terms and Privacy Policy Flow programmatically or by adding a settings file to application resources. The sections below explain both of these methods.
- To enable the MAX Terms and Privacy Policy Flow programmatically, set several properties of the SDK’s
settingsobject before you initialize the SDK, as in the code sample below:package com.applovin.apps.test; import android.net.Uri; import com.applovin.sdk.AppLovinMediationProvider; import com.applovin.sdk.AppLovinSdk; import com.applovin.sdk.AppLovinSdkSettings; public class MyApplication extends Application { @Override public void onCreate() { super.onCreate(); AppLovinSdkSettings settings = new AppLovinSdkSettings( this ); settings.getUnifiedFlowSettings().setEnabled( true ); settings.getUnifiedFlowSettings().setPrivacyPolicyUri( Uri.parse( "https://your_company_name.com/privacy_policy" ) ); // Terms of Service URL is optional settings.getUnifiedFlowSettings().setTermsOfServiceUri( Uri.parse( "https://your_company_name.com/terms_of_service" ) ); AppLovinSdk sdk = AppLovinSdk.getInstance( settings, this ); // Please make sure to set the mediation provider value to "max" to ensure proper functionality sdk.setMediationProvider( AppLovinMediationProvider.MAX ); sdk.initializeSdk( config -> { ⋮ } ); } } - To enable MAX’s Terms and Privacy Policy Flow via Android resources:
- Create a JSON file named applovin_settings.json in your raw resource directory.
- Within this file create a new JSON object with the key
consent_flow_settings. - Within this
consent_flow_settingsobject, add the following key-value pairs:- One with the key
consent_flow_enabledand the valuetrue. - Another with the key
consent_flow_privacy_policyand the value of your Privacy Policy URL. - Optionally, another with the key
consent_flow_terms_of_serviceand the value of your Terms of Service URL.
- One with the key
{ "consent_flow_settings": { "consent_flow_enabled": true, "consent_flow_terms_of_service": "https://lionstudios.cc/terms/", "consent_flow_privacy_policy": "https://lionstudios.cc/privacy/" } }
Integration
The SDK presents the consent flow when you initialize the SDK. When the user completes the flow, the SDK calls your initialization-completion callback.
You must wait until the user finishes the consent flow before you initialize third-party SDKs (such as MMPs or analytics SDKs). For this reason, initialize such SDKs from within your initialization-completion callback. If you were to initialize these third-party SDKs before the user completes the consent flow, these third-party SDKs would not be able to access relevant identifiers, and you would suffer a material impact on measurement, reporting, and ad revenue.
Do not initialize MAX mediated network SDKs in your initialization callback. MAX performs this initialization automatically.
If you set the user ID in your MMP integration, set it where you set the AppLovin user ID. The code snippets below use Adjust as an example. Please refer to Adjust’s documentation for more information on how to initialize Adjust and set the user ID.
package com.applovin.apps.test; import com.adjust.sdk.Adjust; import com.adjust.sdk.AdjustConfig; import com.adjust.sdk.LogLevel; import com.applovin.sdk.AppLovinSdk; import com.applovin.sdk.AppLovinSdkConfiguration; import lombok.val; public class MyApplication extends Application { @Override public void onCreate() { super.onCreate(); // Initialize AppLovinSDK val sdk = AppLovinSdk.getInstance( this ); sdk.setMediationProvider( "max" ); sdk.setUserIdentifier( "USER_ID" ); sdk.initializeSdk( (AppLovinSdkConfiguration config) - { // Initialize other 3rd-party SDKs - do not initialize mediated advertising SDKs, MAX will automatically do that for you. Not following this step will result in noticeable integration issues // Initialize the Adjust SDK inside the AppLovin SDK's initialization callback AdjustConfig adjustConfig = new AdjustConfig( this, "Your Adjust App Token", AdjustConfig.ENVIRONMENT_SANDBOX or AdjustConfig.ENVIRONMENT_PRODUCTION ); Adjust.onCreate( adjustConfig ); // Start loading ads } ); ⋮ } }Show GDPR Flow to Existing Users
AppLovin recommends that you allow existing users in GDPR regions to reenter the GDPR flow. Typically, users can do this in your app’s Settings section via an option to Manage Existing Privacy Settings. In order to determine if a user is within a GDPR region so that you can conditionally show that settings option, you can use the SDK API
AppLovinSdkConfiguration.getConsentFlowUserGeography()(the user is in GDPR region whengetConsentFlowUserGeography()returnsConsentFlowUserGeography.GDPR).When the user clicks Manage Existing Privacy Settings (or its equivalent), call
AppLovinCmpService.showCmpForExistingUser(). Note that this resets the user’s existing consent information.package com.applovin.apps.test; import android.app.Activity; import com.applovin.sdk.AppLovinSdk; import com.applovin.sdk.AppLovinCmpService; public class MyActivity extends Activity { private void showAppLovinConsentFlow() { AppLovinCmpService cmpService = AppLovinSdk.getInstance( this ).getCmpService(); cmpService.showCmpForExistingUser( this, new AppLovinCmpService.OnCompletedListener() { @Override public void onCompleted(final boolean success) { if ( success ) { // The CMP alert was shown successfully. } } } ); } }Testing
If you want to test the Google CMP outside the GDPR region, you can do so by setting the debug user geography as shown below.
- To set the debug user geography, call
UnifiedFlowSettings.setDebugUserGeography()with optionAppLovinSdkConfiguration.ConsentFlowUserGeography.GDPR. The following code snippets show you how to do this.AppLovinSdkSettings.getUnifiedFlowSettings().setDebugUserGeography( AppLovinSdkConfiguration.ConsentFlowUserGeography.GDPR );
- To set the debug user geography, add the
consent_flow_debug_user_geographykey with valuegdprunder theconsent_flow_settingsobject:{ "consent_flow_settings": { ⋮ "consent_flow_debug_user_geography": "gdpr" } }
- To enable the MAX Terms and Privacy Policy Flow programmatically, set several properties of the SDK’s
-
You can enable the MAX Terms and Privacy Policy Flow programmatically or by adding a settings file to application resources. The sections below explain both of these methods.
- To enable the MAX Terms and Privacy Policy Flow programmatically, set several properties of the SDK’s
settingsobject before you initialize the SDK, as in the code sample below:#import <AppLovinSDK/AppLovinSDK.h> ⋮ @implementation AppDelegate - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { ⋮ ALSdkSettings *settings = [[ALSdkSettings alloc] init]; settings.unifiedConsentFlowSettings.enabled = YES; settings.unifiedConsentFlowSettings.privacyPolicyURL = [NSURL URLWithString: @"https://your_company_name.com/privacy_policy"]; // Terms of Service URL is optional settings.unifiedConsentFlowSettings.termsOfServiceURL = [NSURL URLWithString: @"https://your_company_name.com/terms_of_service"]; ALSdk *sdk = [ALSdk sharedWithKey: sdkKey settings: settings]; // Set the mediation provider value to @"max" to ensure proper functionality sdk.mediationProvider = @"max"; [sdk initializeSdkWithCompletionHandler:^(ALSdkConfiguration *configuration) { ⋮ }]; } -
To enable the MAX Terms and Privacy Policy Flow by using your app’s AppLovin-Settings.plist, do the following:
- Add a new property list file named AppLovin-Settings.plist to your project’s main target.
- In AppLovin-Settings.plist, create a new key named
ConsentFlowInfoof typeDictionary. InsideConsentFlowInfoadd the following key/value pairs: - A
Booleanwith the keyConsentFlowEnabledand the valueYES. - A
Stringwith the keyConsentFlowPrivacyPolicyand the value of your Privacy Policy URL. - Optionally, a
Stringwith the keyConsentFlowTermsOfServiceand the value of your Terms of Service URL.
The final result should look similar to this:
Integration
The SDK presents the consent flow when you initialize the SDK. When the user completes the flow, the SDK calls your initialization-completion callback.
You must wait until the user finishes the consent flow before you initialize third-party SDKs (such as MMPs or analytics SDKs). For this reason, initialize such SDKs from within your initialization-completion callback. If you were to initialize these third-party SDKs before the user completes the consent flow, these third-party SDKs would not be able to access relevant identifiers, and you would suffer a material impact on measurement, reporting, and ad revenue.
Do not initialize MAX mediated network SDKs in your initialization callback. MAX performs this initialization automatically.
If you set the user ID in your MMP integration, set it where you set the AppLovin user ID. The code snippets below use Adjust as an example. Please refer to Adjust’s documentation for more information on how to initialize Adjust and set the user ID.
#import <AppLovinSDK/AppLovinSDK.h> #import <Adjust/Adjust.h> @implementation AppDelegate - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { ⋮ // Please make sure to set the mediation provider value to @"max" to ensure proper functionality [ALSdk shared].mediationProvider = @"max"; [ALSdk shared].userIdentifier = @"user_ID"; [Adjust addSessionCallbackParameter: @"your_user_ID_key" value: @"user_ID"]; [[ALSdk shared] initializeSdkWithCompletionHandler:^(ALSdkConfiguration *configuration) { // You can check app transparency tracking authorization via configuration.appTrackingTransparencyStatus // Initialize other 3rd-party SDKs - do not initialize mediated advertising SDKs; MAX will automatically do that for you. Not following this step will result in noticeable integration issues // Initialize the Adjust SDK inside the AppLovin SDK's initialization callback ADJConfig *adjustConfig = [ADJConfig configWithAppToken: @"your_Adjust_app_token" environment: ADJEnvironmentSandbox or ADJEnvironmentProduction]; [Adjust appDidLaunch: adjustConfig]; // Start loading ads }]; }Localizing NSUserTrackingUsageDescription
The table below gives you an English (base) description and a variety of localizations that you can use at your discretion. Please follow the Documentation > Xcode > Localization instructions to learn how to localize your app.
Locale String English (base) This uses device info for more personalized ads and content Chinese Simplified (ZhHans) 我们使用设备信息来提供个性化的广告和内容。 Chinese Traditional (ZhHant) 我們使用設備信息來提供個性化的廣告和內容。 French (fr) Cela permet d'utiliser les informations du téléphone pour afficher des contenus publicitaires plus pertinents. German (de) Dies benutzt Gerätinformationen für relevantere Werbeinhalte Japan (Ja) これはユーザーデータをもとに、より関連性の高い広告コンテンツをお客様に提供します Korean (Ko) 보다 개인화된 광고 및 콘텐츠를 위해 기기 정보를 사용합니다. Spanish (es) Esto utiliza la información del dispositivo para anuncios y contenido más personalizados Show GDPR Flow to Existing Users
AppLovin recommends that you allow existing users in GDPR regions to reenter the GDPR flow. Typically, users can do this in your app’s Settings section via an option to Manage Existing Privacy Settings. In order to determine if a user is within a GDPR region so that you can conditionally show that settings option, you can use the SDK API
ALSdkConfiguration.consentFlowUserGeography(the user is in GDPR region whenconsentFlowUserGeographyreturnsALConsentFlowUserGeographyGDPR).When the user clicks Manage Existing Privacy Settings (or its equivalent), call
-[ALCMPService showCMPForExistingUserWithCompletion]. Note that this resets the user's existing consent information.#import "MyViewController.h" #import <AppLovinSDK/AppLovinSDK.h> @interface MyViewController () @end @implementation MyViewController - (void)loadAndShowCMPFlow { ALCMPService *cmpService = [ALSdk shared].cmpService; [cmpService showCMPForExistingUserWithCompletion:^(BOOL success) { if ( success ) { // The CMP alert was shown successfully. } }]; } @endTesting
If you want to test the Google CMP outside the GDPR region, you can do so by setting the debug user geography as shown below.
- To set the debug user geography, set the
UnifiedFlowSettings.debugUserGeographyproperty toALConsentFlowUserGeographyGDPR. The following code snippet shows you how to do this:AppLovinSdkSettings.unifiedFlowSettings.debugUserGeography = ALConsentFlowUserGeographyGDPR;
-
To set the debug user geography, add the
ConsentFlowDebugUserGeographykey with string valuegdprunder theConsentFlowInfoobject:
- To enable the MAX Terms and Privacy Policy Flow programmatically, set several properties of the SDK’s
-
Follow these steps to enable Terms and Privacy Policy Flow:
- In Unity, select AppLovin > Integration Manager. The AppLovin Integration Manager dialog appears.
- In Privacy Settings check Enable Consent Flow.
- You must include values for your Privacy Policy URL and the base User Tracking Usage Description. The AppLovin Integration Manager will populate the English (base) User Tracking Usage Description and a variety of localizations of that description with default values for you. The Terms of Service URL value is optional.
- Close the AppLovin Integration Manager dialog.
Integration
The SDK presents the consent flow when you initialize the SDK. When the user completes the flow, the SDK calls your initialization-completion callback.
You must wait until the user finishes the consent flow before you initialize third-party SDKs (such as MMPs or analytics SDKs). For this reason, initialize such SDKs from within your initialization-completion callback. If you were to initialize these third-party SDKs before the user completes the consent flow, these third-party SDKs would not be able to access relevant identifiers, and you would suffer a material impact on measurement, reporting, and ad revenue.
Do not initialize MAX mediated network SDKs in your initialization callback. MAX performs this initialization automatically.
If you set the user ID in your MMP integration, set it where you set the AppLovin user ID. The code snippets below use Adjust as an example. Please refer to Adjust’s documentation for more information on how to initialize Adjust and set the user ID.
MaxSdkCallbacks.OnSdkInitializedEvent += (MaxSdkBase.SdkConfiguration sdkConfiguration) = { // You can check app transparency tracking authorization in sdkConfiguration.AppTrackingStatus for Unity Editor and iOS targets. // Initialize other third-party SDKs; do not initialize mediated advertising SDKs (MAX does that for you). Not following this step will result in noticeable integration issues. // Initialize the Adjust SDK inside the AppLovin SDK's initialization callback string adjustAppToken = "your_Adjust_app_token"; AdjustEnvironment adjustEnvironment = AdjustEnvironment.Sandbox or AdjustEnvironment.Production; AdjustConfig config = new AdjustConfig(adjustAppToken, adjustEnvironment); Adjust.start(config); // Start loading ads }; MaxSdk.SetSdkKey("your_SDK_key"); MaxSdk.SetUserId("user_ID"); Adjust.addSessionCallbackParameter("your_user_ID_key", "user_ID"); MaxSdk.InitializeSdk();Localizing NSUserTrackingUsageDescription
The AppLovin MAX Unity plugin includes a default set of User Tracking Usage Descriptions. If you wish to override them, check the Override Default User Tracking Usage Description setting in the Integration Manager and enter your desired descriptions.
Show GDPR Flow to Existing Users
AppLovin recommends that you allow existing users in GDPR regions to reenter the GDPR flow. Typically, users can do this in your app’s Settings section via an option to Manage Existing Privacy Settings. In order to determine if a user is within a GDPR region so that you can conditionally show that settings option, you can use the SDK API
MaxSdk.GetSdkConfiguration().ConsentFlowUserGeography(the user is in GDPR region whenConsentFlowUserGeographyreturnsConsentFlowUserGeography.Gdpr).When the user clicks Manage Existing Privacy Settings (or its equivalent), call
MaxSdk.CmpService.ShowCmpForExistingUser(). Note that this resets the user's existing consent information.using UnityEngine; using AppLovinMax.Internal.API; public class MyGame { private void LoadAndShowCmpFlow() { var cmpService = MaxSdk.CmpService; cmpService.ShowCmpForExistingUser(success = { if (success) { // The CMP alert was shown successfully. } }); } }
Testing Google UMP Integration with the Mediation Debugger
Verifying Installation
Under the Privacy section of the MAX Mediation Debugger, the CMP (Consent Management Platform) row displays the name of the Google-certified CMP SDK that you integrated. If you have successfully integrated the Google UMP SDK, it displays “Google consent management solutions” as the name.
Verifying IAB TCF Parameters
If you select the CMP (Consent Management Platform) row, you can inspect the IAB TCF parameters IABTCF_gdprApplies, IABTCF_TCString, and IABTCF_AddtlConsent. For the latter two, you can click on the row to copy or share its value.
Verifying Missing Networks
In the CMP CONFIGURATION section, you can verify which networks are integrated with or are missing from your Google UMP configuration. This is an exhaustive list of all networks that are available to MAX, you can ignore any networks that you did not integrate in your application.
On your CMP flow you must list all of the networks that you integrate in your application. To check if any of those networks are missing, first complete the CMP flow, granting consent to all networks, then open the Mediation Debugger. The Mediation Debugger then parses the TC and AC strings and displays two lists: one of integrated networks you listed on your CMP flow, and the other of networks that are missing which you might need to add (under Configured CMP Networks in the CMP CONFIGURATION section).
If you see any networks in the MISSING ATP NETWORKS or MISSING TCF VENDORS list that you have integrated into your application, return to your CMP’s dashboard and add the missing networks to those covered by the GDPR message (see Customize Ad Partners List for how to do this in Google’s Unified Consent Flow), then restart your app. Repeat the steps to show the Configured CMP Networks list until you verify that all of your networks are correctly included in the CMP flow.
Verifying Mediated Network Consent Statuses
To view the consent statuses of all networks, expand Network Consent Statuses in the Mediation Debugger. The Mediation Debugger parses the TC string and displays the consent statuses of all networks. It also displays the AppLovin consent status parsed from the AC string generated by Google UMP.