User Consent Flow
⚡ Before you start
Make sure you have correctly Privacy Regulations.
- Overview flow
- Add User Tracking usage description
- Automatic consent flow
- Manual consent flow
- Privacy options button
- Debug geography
- Custom Consent Logic
In order for CAS and our ad providers to deliver ads that are more relevant to your users, as a mobile app publisher, you need to collect explicit user consent.
Note
If you implement a CMP that is compliant with IAB TCF v2 (Transparency & Consent Framework) for your user consent flow, the CAS SDK supports sending the TCF v2 consent to networks. In this case, the CAS Consent Flow will not be shown to the user.
Warning
If you integrate your own CMP flow, make sure the flow completes before you initialize the CAS SDK.
1. Opt-in consent for the collection and use of personal data in the regions covered by GDPR, CCPA, LGPD, PIPEDA.
Any businesses established are required to comply with GDPR in Europe, CCPA in California, LGPD in Brazil, PIPEDA in Canada or risk facing heavy fines.
Note
Keep in mind that it’s best to contact qualified legal professionals, if you haven’t done so already, to get more information and be well-prepared for compliance.
Read more about:
With iOS 14.5 and later, you need to receive the user’s permission through the AppTrackingTransparency framework in order to track them or access their device’s advertising identifier. Read more about Asking Permission to Track and AppTrackingTransparency Framework on Apple developer page
Warning
If an app does not present this request, the IDFA will automatically be zeroed out, which may lead to a significant loss in ad revenue.
To display the App Tracking Transparency authorization request for accessing the IDFA, update your Info.plist to add the NSUserTrackingUsageDescription key with a custom message describing your usage. Below is an example description text:
<key>NSUserTrackingUsageDescription</key>
<string>Your data will remain confidential and will only be used to provide you a better and personalised ad experience</string>Some examples include:
- Your data will remain confidential and will only be used to provide you a better and personalised ad experience
- Your data will be used to provide you a better and personalised ad experience
- Your data will be used to create a customized experience tailored to your interests
- Allowing tracking will enable more personalized ads for you
- We try to show ads for apps and products that will be most interesting to you based on the apps you use
- This identifier will be used to deliver personalized ads to you
- This only uses device info for more interesting and relevant ads
Note
Name in Xcode Property List Editor: Privacy - Tracking Usage Description
To optimize performance and to improve the user experience, you can localize the NSUserTrackingUsageDescription string. Please follow the Documentation > Xcode > Localization instructions to learn how to localize your app.
The table below gives you a variety of localizations that you can use at your discretion.
| Locale | Description |
|---|---|
| English (en) | Your data will remain confidential and will only be used to provide you a better and personalised ad experience |
| German (de) | Ihre Daten bleiben vertraulich und werden nur dazu verwendet, Ihnen ein besseres und personalisiertes Werbeerlebnis zu bieten |
| French (fr) | Vos données resteront confidentielles et seront utilisées uniquement pour vous offrir une expérience publicitaire meilleure et personnalisée |
| Spanish (es) | Sus datos permanecerán confidenciales y solo se utilizarán para brindarle una experiencia publicitaria mejor y personalizada |
| Ukrainian (uk) | Ваші дані залишатимуться конфіденційними та використовуватимуться лише для надання вам кращої та персоналізованої реклами |
| Russian (ru) | Ваши данные останутся конфиденциальными и будут использоваться только для предоставления вам более качественной и персонализированной рекламы |
| Portuguese (pt) | Seus dados permanecerão confidenciais e serão usados apenas para lhe proporcionar uma experiência publicitária melhor e personalizada |
| Japanese (ja) | お客様のデータは機密として保持され、より優れたパーソナライズされた広告エクスペリエンスを提供するためにのみ使用されます |
To get consent for collecting personal data of your users, we suggest you use a built-in Consent Flow, comes with a pre-made consent form that you can easily present to your users. That means you no longer need to create your own consent window.
The user will see the consent flow when your app create CAS Manager. When the user completes the flow, the SDK calls your initialization-completion handler.
let builder = CAS.buildManager()
builder.withCompletionHandler{ initialConfig in
// The user completes the flow here
// App transparency tracking authorization can be checked via
// let status = ATTrackingManager.trackingAuthorizationStatus
// Initialize other 3rd-party SDKs
} CAS consent flow is enabled by default. You can disable the consent flow by creating CAS Manager withConsentFlow():
builder.withConsentFlow(
CASConsentFlow(isEnabled: false)
)Don't forget to apply the configuration by calling the builder.create(...) function.
Important
You must wait until the user finishes the consent flow before you initialize third-party SDKs (such as MMPs or analytics SDKs). For this reason, initialize such SDKs from within your initialization-completion callback. If you were to initialize these third-party SDKs before the user completes the consent flow, these third-party SDKs would not be able to access relevant identifiers and you would suffer a material impact on measurement, reporting, and ad revenue.
- Users located in regions that are not covered by information protection
- Users who are subject to COPPA restrictions.
- Users using iOS versions below 14.5
- Users who have indicated that they do not allow apps to ask to track them, by setting Settings > Privacy, Allow Apps to Request to Track
- Users with child accounts, or who are under age 18, who are signed in via their Apple ID
- Users who have already answered so far
- The app does not have a usage tracking description in Info.plist under
NSUserTrackingUsageDescriptionkey
Call presentIfRequired() on the CASConsentFlow class. If the consent is required, the SDK loads a form and immediately presents it .
The withCompletionHandler is called after the form is dismissed. If consent is not required, the withCompletionHandler is called immediately.
CASConsentFlow()
.withCompletionHandler { status in
if status == CASConsentFlowStatus.obtained {
// User consent obtained.
}
}
.withViewControllerToPresent(controller)
.presentIfRequired()| ConsentFlow.Status | Description |
|---|---|
| obtained | User consent obtained. Personalized vs non-personalized undefined. |
| notRequired | User consent not required. |
| unavailable | User consent unavailable. |
| internalError | There was an internal error. |
| networkError | There was an error loading data from the network |
| flowStillShowing | There was an error with another form is still being displayed |
Warning
The cache consent status on your app or a previously saved consent string, could lead to a TCF 3.3 error if consent is expired.
Some consent forms require the user to modify their consent at any time. Adhere to the following steps to implement a privacy options button if required.
- Implement a UI element, such as a button in your app's settings page, that can trigger a privacy options form.
- When a user interacts with your UI element, call
present()to show the form so the user can update their privacy options at any time.
func showPrivacyOptionsForm() {
CASConsentFlow()
.withCompletionHandler { status in
if status == CASConsentFlowStatus.obtained {
// User consent obtained.
}
}
.withViewControllerToPresent(controller)
.present()
}The SDK provides a way to test your app's behavior as though the device was located in the EEA or UK using the WithDebugGeography option.
CASConsentFlow()
.withDebugGeography(ConsentFlow.DebugGeography.EEA)
#if DEBUG
.withForceTesting(true)
#endif
.presentIfRequired();Note
Note that debug geography only work if:
- Active test device defined in
CAS.settings.setTestDevice(ids:). -
withForceTestingvalue is true.
The CAS does not support your handling of CCPA opt-out values for Meta Audience Network, you must work directly with the network to purposes of your obligations for CCPA compliance.
To learn how to implement Meta Audience Network’s “Limited Data Use” flag, read the Additional Meta AudienceNetwork steps.
The following instructions apply if you are using your own or a third-party party consent mechanism.
Important
If you access Google demand through CAS, it’s critical that you review the Google CMP requirements before you start the integration process.
Warning
You must set the privacy options before creating the CAS Manager to disable the automatic CAS consent flow and advertising SDKs are initialized respecting the user's consent.
To present the authorization request, call requestTrackingAuthorizationWithCompletionHandler:. We recommend waiting for the completion callback prior to initialize ads, so that if the user grants the App Tracking Transparency permission, the CAS mediation can use the IDFA in ad requests.
import AppTrackingTransparency
...
func requestIDFA() {
ATTrackingManager.requestTrackingAuthorization(completionHandler: { status in
// Tracking authorization completed.
// Start initialize CAS here.
})
}For a better user experience, we recommend adding a Pre permission pop-up preceding the call to ATTrackingManager.requestTrackingAuthorization to clarify the permission and data usage to users.
CAS shares these set consent values via adapters to supported mediation partners.
If the user consents to interest-based advertising, set the user consent accepted flag:
CAS.settings.userConsent = CASConsentStatus.acceptedObjective-C
CAS.settings.userConsent = CASConsentStatusAccepted;If the user does NOT consent to interest-based advertising, set the user consent denied flag:
CAS.settings.userConsent = CASConsentStatus.deniedObjective-C
CAS.settings.userConsent = CASConsentStatusDenied;Once you set the consent value, CAS will continue to respect that value for the lifetime of your application or until the user consents to interest-based advertising.
California and Virginia laws may require you to display a “Do Not Sell or Share My Personal Information” link or provide other options to users located in those states to opt out of interest-based advertising. You must set a flag that indicates whether users in those states opt out of interest-based advertising or the sale or share of personal information for interest-based advertising.
If a user does NOT opt out of interest-based advertising, set the optInSale flag:
CAS.settings.userCCPAStatus = CASCCPAStatus.optInSaleObjective-C
CAS.settings.userCCPAStatus = CASCCPAStatusOptInSale;If a user does opt out of interest-based advertising, set the optOutSale flag:
CAS.settings.userCCPAStatus = CASCCPAStatus.optOutSaleObjective-C
CAS.settings.userCCPAStatus = CASCCPAStatusOptOutSale;You do not need to set this flag for users who are outside California. If you do set this flag for such users, this will not impact how ads are served to them.
🔗 Done! What’s Next?
- Improve ads targeting with Targeting options