Categories
Apps News Privacy

Android Developers Can Use Google AdMob And Comply With GDPR

Google is asking app developers who publish apps on its play store to obtain consent for data use and for ad personalisation through its AdMob platform. 

Due to the coming GDPR legislation which comes into effect on the 25th of May. Any business based in the EU will need to gain opt-in consent to collect or use any of their user’s personal data. 

This news places the responsibility of obtaining consent for Google’s services that are running in the background (such as AdMob targeting) on the shoulders of the publishers. Android developers are expecting to see some kind of software kit to help them obtain and manage this consent. As of now, and up until the new legislation kicks in, Google has not announced any SDK or toolkit that could solve this headache for Android developers. 

Many developers lacking the time or manpower to create such a kit are weighing up their options ahead of the legislation. Some have even hinted at switching of these third-party services for users int eh EU. 

 

The problem

Breaches of the legislation carry with it the threat of huge fines. User consent has always been an issue for app publishers. Creating a solution for obtaining consent and then managing this consent is no easy feat. Integrating this consent with third-party integrations (such as advertising solutions) adds another layer of complexity. 

For Android developers, the problem is a little more pressing as AdMob revenue is what keeps them afloat. Developers may find themselves stuck between a rock and hard place – turning off AdMob would instantly create a big hole in their revenue. However, keeping it on and exposing themselves to potentially destructive fines doesn’t seem like a viable option either. 

 

So what’s the solution?

With the right toolkit developers wouldn’t have to change their business model too much. Letting users opt out of ads might lose some revenue but it’s a necessary step to take to comply with the changing mood around privacy and transparency. 

Controlling user data in a responsible way makes sense because it builds trust and in the long term it will be beneficial for developers. 

Luckily for developers, there’s a toolkit that is addressing this problem. Via a dedicated SDK app, publishers can continue to use third-party ad integrations, such as AdMob. The toolkit obtains and manages user consent to help developers comply with regulations such as GDPR.

As well as this the toolkit will sync user consent across devices. All consent preferences are stored in a secure audit trail so that developers can call on consent history of their users. The audit trail also contains information on consent preferences that have been replayed to third parties. In the AdMob example when a user opts out of personalised ads in their app the consent SDK will relay this to Google. The audit will register this along with a timestamp and other relevant details.

The SDK provides this functionality for first-party app features as well as third-party integrations. It’s a comprehensive toolkit to take control of your user consent. 

This toolkit doesn’t need to only apply for Admb or even android. A wider conversation about the role of consent in mobile applications needs to be had. Developers should look at how consent is obtained, managed and communicated to third parties. 

Complying with GDPR is a shortsighted approach. Developers need to put their users first and think about how they can put these users back in control of their data.

[mkdf_separator class_name=”” type=”normal” position=”center” color=”#E8E8E8″ border_style=”solid” width=”100%” thickness=”3px” top_margin=”50px” bottom_margin=”20px”]

Get free early access to the consent toolkit 

We’ll get you set up for free as soon as it’s launched. 

[mkdf_button size=”” type=”” text=”Get started” custom_class=”” icon_pack=”font_awesome” fa_icon=”” link=”/contact-app” target=”_self” color=”” hover_color=”” background_color=”” hover_background_color=”” border_color=”” hover_border_color=”” font_size=”” font_weight=”” margin=””]
 
[mkdf_separator class_name=”” type=”normal” position=”center” color=”#E8E8E8″ border_style=”solid” width=”100%” thickness=”3px” top_margin=”20px” bottom_margin=”0px”]
 
Categories
Apps

App GDPR Toolkit – How Developers Can Prepare Apps for GDPR

When GDPR is concerned, developers can’t afford to overlook app user privacy, consent and opt-in preferences. Here’s five tips that will get you compliant.

It’s a huge problem for app publishers. How can you comply with intimidating privacy legislation and maximise the number of users that are opted into your app services?

By some estimates over 50% of current apps are not compliant with the new GDPR legislation.

That’s because apps have multiple third parties and SDKs integrated. Many of these are asking for data on users.

It’s difficult for publishers to keep track of this. But it’s now the law to be in control of this data.

It shouldn’t have to be this difficult to comply with privacy regulation. And it shouldn’t be hard for your users to opt-in and out of individual preferences.

Lucky we think we’ve found a solution for developers to manage, sync and audit consent in their suite of mobile apps. 

 

Asking for consent and getting your users to opt-in

Complying with privacy legislation isn’t the most straightforward process.

And how do you make sure that you don’t spook your users into opting out of all services? User opt-in is important to obtain as it can be a great tool in which to drive engagement and retention, not to mention monetization.

You need to ask user to opt-in at the right time. And you need to be clear that they are in control. We tried to solve this problem by designing our consent toolkit to help developers obtain and manage user consent.

Many apps get opt-in timing wrong. Don’t ask for all permissions the first time that the user opens the app. Explaining the value that users will get in return for opting in for certain permission will mean that the user is better educated about what their data is being used for.

Make sure that your opt-in process is clear and be upfront with your users.

 

Manage user opt-out requests respectfully

Under new legislation is just as important to ensure that users can opt out as it is to obtain consent properly in the first place. To do this publishers must have a system in place that can allow their users to opt out of some or all of the permissions that they have previously opted in for.

This was one of the fundamentals that shaped the way our consent module works. We wanted our toolkit to make it as easy for users to opt-out and it is to opt-in. This needs to be done in a way that doesn’t just put the user in control of their data but allows them to choose which kinds of data is used by publishers.

 

Make sure you can manage consent across devices

Consent and user opt-in management are difficult enough to get right as it is. But this can be made nigh on impossible when you consider the fact that app users are constantly deleting apps and changing devices. 

Syncing user settings are important because if a user has revoked a permission on one device then to continue to use this could be a breach of privacy regulation. Also, if a user requests that all their data be deleted, this is difficult to do unless you can identify everywhere that the user has given access to data.

That’s one of the problems that the consent toolkit was built to solve. By using a series of unique identifiers it’s possible for developers using the toolkit to sync consent preferences. In this way, the consent toolkit manages a users consent and opt-in/opt-out preferences whenever they interact with an app or service.

This is especially useful when a user requests their data be deleted (or in GDPR terms – right to be forgotten). Having a toolkit that syncs across devices allows publishers to remove this data and stop collecting it wherever the user is seen in the future.

Sometimes it’s a messy infrastructure. What happens if a user updates consent preferences in one app, but uses other apps from you? Make sure you can sync this preference across your real-estate.

 

Integrate user consent with third parties

Apps rarely run in isolation. You might have third party services, or other SDKs that have access to our user’s data.

These need to be kept in sync with the user’s opt-in preferences. If your user says no to communication, this needs to be updated with third-party advertisers for example.

At Tamoco, our consent module allows apps to instantly update third parties with new user preferences. If a user asks for all of their historical data to be deleted this information needs to be relayed to third parties.

The consent SDK communicates this to third parties automatically when a user’s preferences are updated.

Information of this is then secured in a secure audit trail. The consent module will automatically ask third parties to confirm that they have received these requests for changes in a users preferences. When this is (or is not) received this is saved in the audit trail, along with timestamps and relevant information.

This means that developers can ensure that their users’ opt-in preferences are respected in third-party integrations. It’s important to be able to follow an audit trail to prove that this information was relayed to third-party partners and integrations such as SDKs.

 

Make sure you have a secure audit trail

With the correct procedure in place, developers don’t need to worry about manually managing consent. But what happens if you ever need to prove that your app has protected user data.

App developers need a way of storing the history of user consent. It should be easy for developers to prove that historical consent has been obtained.

In our consent toolkit we provide developers with an audit trail to do just this. Everytime a user changes their consent preferences then the SDK automatically records this with time stamp.

This ensures that app publishers are always covered. This information is easily viewed and provided for reference. Third-party consent is also stored in the audit trail. All requests for opt-out are sent to third parties and the record of this is then stored in the audit.

[mkdf_separator class_name=”” type=”normal” position=”center” color=”#E8E8E8″ border_style=”solid” width=”100%” thickness=”3px” top_margin=”50px” bottom_margin=”20px”]

The consent toolkit is launching soon, sign up below to get free early access

[mkdf_button size=”” type=”” text=”Get early access” custom_class=”” icon_pack=”font_awesome” fa_icon=”” link=”/contact-app” target=”_self” color=”” hover_color=”” background_color=”” hover_background_color=”” border_color=”” hover_border_color=”” font_size=”” font_weight=”” margin=””]
 
[mkdf_separator class_name=”” type=”normal” position=”center” color=”#E8E8E8″ border_style=”solid” width=”100%” thickness=”3px” top_margin=”20px” bottom_margin=”0px”]
Categories
Apps

GDPR & CCPA For Apps – Tips For Privacy Compliant Apps

Let’s look at GDPR, the CCPA and how you can make sure that your app is ready for the coming changes.

What’s the most important currency around? It’s data. It’s used to fuel everything from your personal virtual assistant to your social media feed. But let me tell you one thing about this data. It’s private, it needs to be safeguarded and soon, fellow app developers, it will be the law for you to ensure this.

Data is so omnipotent in our digital lives. Privacy regulation is set to make data handlers liable for how they collect, protect, store and remove this data. Some have predicted that up to 55% of apps aren’t ready for this change.

But you thought GDPR is only for email marketers. Wrong. Complying with privacy regulations is integral to running a successful mobile app business. As a mobile developer, under the new legislation, you will be responsible for all the personal data from your app.

That’s right – as of the 1st Jan 2020 responsibility will rest with you to ensure that you are in control of user data. But it doesn’t have to be all doom and gloom. The GDPR and CCPA are an opportunity for developers to create effective relationships with their users. It also means that you can offer up a great app experience at the same time.

 

But what is GDPR and CCPA?

GDPR stands for the General Data Protection Regulation and it came into effect on the 25th of May 2018. It is designed to protect data as it is collected and stored. It is also in place to ensure that the user is in control of their data. It seeks to allows the user to easily opt-out and remove their data when they so desire.

The CCPA is similar and will come into play on the 1st of Jan 2020 – the California Consumer Privacy Act is a bill meant to enhance privacy rights and consumer protection for residents of California, United States.

For apps, this means that a proper system for opt-in, data collection and data storage will need to be in place. As well as this the infrastructure to opt-out and be forgotten are essential to comply with the legislation.

There are some key principles to define when looking at the legislation from a developer’s perspective. We will help to explain these next and look at exactly what these principles mean for developers, as well as practical advice for app owners.

[mkdf_separator class_name=”” type=”normal” position=”center” color=”#E8E8E8″ border_style=”solid” width=”100%” thickness=”3px” top_margin=”50px” bottom_margin=”20px”]

The consent toolkit is launching soon, sign up below to get free early access

[mkdf_button size=”” type=”” text=”Get early access” custom_class=”” icon_pack=”font_awesome” fa_icon=”” link=”products-sdk-consent/” target=”_self” color=”” hover_color=”” background_color=”” hover_background_color=”” border_color=”” hover_border_color=”” font_size=”” font_weight=”” margin=””]
 
[mkdf_separator class_name=”” type=”normal” position=”center” color=”#E8E8E8″ border_style=”solid” width=”100%” thickness=”3px” top_margin=”20px” bottom_margin=”0px”]

 

Explicit consent

This is a key requirement for mobile apps. The legislation says that businesses must request and receive consent to collect use and move personal data. Further, this request must be made and given in clear intelligible and easily accessible way. It cannot be confusing. As well as this the user must be able to withdraw consent as quickly as they can give it.

This means that apps will need to communicate better with their users. They must clearly define the type of personal data they collect around users. Developers will need to explain why this data is collected and obtain clear consent to collect this information.

Practically this means that you may wish to ask for certain types of personal data at different points of the user experience. For example, it’s generally a better idea to ask users for data consent at a point where it is relevant to the action that the user is performing.

So don’t ask for every permission under the sun the first time your app is opened. It might be better to wait for the right moment to communicate these to the user.

This also gives you a better opportunity to communicate the value that the user will receive by opting-in for this type of data collection. It also means that you can clearly explain opt-out procedures as well (but more on that later).

For example, we help our partner apps to obtain consent for location permissions by providing a dialogue with the user at the right moment. This could be when the user is looking for nearby venues or searching for local deals.

By clearly explaining to the user at this moment it allows the user to come to an informed decision on how they want to share their personal data with the app. This complies with the ‘explicit consent’ as defined in the GDPR legislation.

Find out more about asking for consent by speaking to our app team.

 

The right to be forgotten

One of the keys focuses of the legislation is the right to be forgotten. This means that app developers will need to create a system of opting-out that allows users to be in control of the data collected through the app.

As previously mentioned this should be as simple for the user as opting-in. Your app users should be able to request that their entire data history is deleted and removed from all records. This includes third parties (yes that means every SDK that you have used in your app that uses personal data).

For developers, this means designing user control into the app so that the user can perform these actions when desired. Apps must be able to process and act upon these user requests and then ensure that all personal data is removed.

This might be in the form of an option to contact you with questions about your data.

Or you can add a data section to your app settings page that allows your users to opt out of different types of data collection. You can also add the option to revoke all data collection.

The aim of GDPR in this area is the put the user in control of their data. If you can design your app to facilitate this control then your app will be compliant and your users will have a better experience when using your app.

 

Privacy by design

This section is all about the proper encryption and data handling procedures.

You might think that this is an obvious approach to take when designing a mobile app. Perhaps you have considered privacy at multiple points in the planning of your app. That’s great – the key points to remember is that GDPR makes this a legal requirement.

So from a project’s inception to every point in the lifecycle privacy and data protection will need to be front and centre. It’s about anticipating, managing and preventing privacy issues. And doing this before a single line of code has been written.

There are fundamentals that app developers will do well to follow once the legislation comes into force:

Privacy must be proactive, not reactive, it must also be preventative not remedial. This means that developers should be thinking about privacy from stage one of the design process all the way through to after the user’s app engagement has ended.

Define the kinds of data that your app will use in the design phase. Assess potential issues that may arise when using this data. Make sure that your app is designed to secure this data by default and has the correct opt-in processes before you do anything with this data.

When processing user data ensure that your systems are designed to secure the data. This might mean pseudonymization of data or even creating a completely secure way of processing personal data.

The basic idea here is that privacy and data control to become a key part of designing any new app feature. By taking this approach you create an app experience that is secure. It provides users with the controls to input personal information in the knowledge that it is secured and that they can have it removed at any time.

 

Consent module and Tamoco’s secure SDK

As mentioned one area where developers need to ensure compliance with GDPR is through the use of third-party SDKs. Many of this access and use user data, and often there is not explicit consent for this from the end user.

If you’ve been paying attention you’ll realise that this is a direct breach of GDPR. As a developer, you’ll need to balance the use of third-party SDKs with user privacy and consent. Partnering with SDKs that place user opt-in front and centre will be a sensible approach once GDPR comes into effect.

At Tamoco we help apps to comply with the new regulation whilst providing a powerful toolkit to boost app engagement and monetization. Our product allows apps to get valuable insights and analytics into their app audiences whilst ensuring GDPR compliance.

[mkdf_separator class_name=”” type=”normal” position=”center” color=”#E8E8E8″ border_style=”solid” width=”100%” thickness=”3px” top_margin=”50px” bottom_margin=”20px”]

Manage consent today – sign up below to get free early access

[mkdf_button size=”” type=”” text=”Get early access” custom_class=”” icon_pack=”font_awesome” fa_icon=”” link=”contact-app/” target=”_self” color=”” hover_color=”” background_color=”” hover_background_color=”” border_color=”” hover_border_color=”” font_size=”” font_weight=”” margin=””]
 
[mkdf_separator class_name=”” type=”normal” position=”center” color=”#E8E8E8″ border_style=”solid” width=”100%” thickness=”3px” top_margin=”20px” bottom_margin=”0px”]