firebase / firebase-unity-sdk

The Firebase SDK for Unity
http://firebase.google.com
Apache License 2.0
236 stars 39 forks source link

[Question] Where is documentation on how to link Google UMP consent results with Firebase consent? #949

Open batteredhedgehog opened 11 months ago

batteredhedgehog commented 11 months ago

[REQUIRED] Please fill in the following fields:

[REQUIRED] Please describe the question here:

I am unable to find documentation on how to configure Firebase to update consent with data coming from google's UMP. Please can you explain how to link the two, or point me to some documentation.

paulinon commented 11 months ago

Hi @batteredhedgehog,

You can use the SetConsent function to set the consent state. You may have to do some preliminary steps to set up consent mode for your app (depending on your platform). You may refer to this example in our quickstart to see how it's being used.

That said, I'll be closing this for now. Let me know if an issue arises so this ticket could be reopened.

Remstam commented 11 months ago

I think @batteredhedgehog wants some kind of conversion function from TCFStrings (which are created after UMP popup choices were made) to Firebase flags for SetConsent function.

I am interested in this too, my current guess is to rely on Tag Behaviour docs. It is possible to take selected purposes string from shared preferences (Android) or NSUserDefaults (iOS) by _IABTCFPurposeConsents key and go on from there.

But I am not sure if that is the right way to get values for SetConsent call, wonder if there are any other opinions.

batteredhedgehog commented 11 months ago

@paulinon - thanks for the info. I do understand how the SetConsent function is intended to work. As @Remstam says, I'm looking for the correct way to extract consent information from TCF strings.

  1. Can you point me to a mapping between purposes and the consent mode v2 flags used in SetConsent ?
  2. Should we be using PurposeConsents?
  3. Do we need to look into google vendor consent purposes?
  4. (edit) I notice that the TCF vendor list only has one entry for google: "755: Google Advertising Products". Does this vendor also cover Firebase Analytics ?

Any assistance would be very helpful. Answers to the above questions would greatly help me to move forward.

cometa93 commented 10 months ago

Bump

OldSlash commented 10 months ago

Any updates?

llfabris commented 10 months ago

up

batteredhedgehog commented 10 months ago

For anyone interested - I did the following:

I dont really know if this is 100% correct - but its a start .
Any guidance from google would be greatly appreciated.

batteredhedgehog commented 10 months ago

And here is some c# code snippets I wrote to help extract consent from the TCF string.

    private const string IABTCF_PurposeConsents = "IABTCF_PurposeConsents";
    private const string IABTCF_PurposeLegitimateInterests = "IABTCF_PurposeLegitimateInterests";
    private const string IABTCF_VendorConsents = "IABTCF_VendorConsents";
    private const string IABTCF_VendorLegitimateInterests = "IABTCF_VendorLegitimateInterests";
    private const string IABTCF_PublisherConsent = "IABTCF_PublisherConsent";
    private const string IABTCF_PublisherLegitimateInterests = "IABTCF_PublisherLegitimateInterests";

    public const int IABTCF_GOOGLE_VENDOR_ID = 755;

    private static bool IsBitSet(int nonZeroBasedBitIndex, string bitString)
    {
        return nonZeroBasedBitIndex > 0 && bitString != null && bitString.Length >= nonZeroBasedBitIndex && bitString[nonZeroBasedBitIndex - 1] == '1';
    }

    public static bool HasConsent(string purposeString, string vendorString, int purposeId, int? vendorId = null)
    {
        return IsBitSet(purposeId, ApplicationPreferences.GetString(purposeString)) && ((!vendorId.HasValue) || IsBitSet(vendorId.Value, ApplicationPreferences.GetString(vendorString)));
    }

    public static bool HasPurposeConsent(int purposeId, int? vendorId = null)
    {
        return HasConsent(IABTCF_PurposeConsents, IABTCF_VendorConsents, purposeId, vendorId);
    }

    public static bool HasLegitimateInterest(int purposeId, int? vendorId = null)
    {
        return HasConsent(IABTCF_PurposeLegitimateInterests, IABTCF_VendorLegitimateInterests, purposeId, vendorId);
    }

    public static bool HasPublisherConsent(int purposeId)
    {
        return HasConsent(IABTCF_PublisherConsent, null, purposeId);
    }

    public static bool HasPublisherLegitimateInterest(int purposeId)
    {
        return HasConsent(IABTCF_PublisherLegitimateInterests, null, purposeId);
    }
binouze commented 9 months ago

Hi,

It seems that since Firebase Android SDK 32.8.0 and Firebase iOS SDK 10.23.0, Firebase Analytics gets a new feature:

Any ETA on when this will be available in the Unity SDK ? Or maybe is it possible to just update the dependencies ?

Remstam commented 9 months ago

Ok, 11.9.0 release gets updates to Android 32.8.1 and iOS 10.24.0 respectively. Does this mean it is no more necessary to manually call SetConsent as Analytics will now itself automatically get the values from TCF string internally?

akshaymoonfrog commented 9 months ago

Bump

binouze commented 9 months ago

Hi,

With the 11.9.0 update is it still necessary to modify the AndroidManifest.xml to add:

<meta-data android:name="google_analytics_default_allow_analytics_storage" android:value="false" />
<meta-data android:name="google_analytics_default_allow_ad_storage" android:value="false" />
<meta-data android:name="google_analytics_default_allow_ad_user_data" android:value="false" />
<meta-data android:name="google_analytics_default_allow_ad_personalization_signals" android:value="false" />
<meta-data android:name="firebase_crashlytics_collection_enabled" android:value="false" />

Or all this is done automatically based on the TCF values ?

How does this work for non UE users ? Will it reactivate it automatically or I need to do it manually ?

What about the values changes, if I show the GoogleUserMessagingPlatform form to the user, is there something to call on FirebaseAnalytics to update the values when the form is closed ?

ismetdegoo commented 8 months ago

Any updates?

WBoda commented 8 months ago

up

argzdev commented 8 months ago

Hi folks, could you kindly add a thumbs up emoji to the author's original post. This will help us keep track of issues under our radar. That said, I'll bring this up to our engineer sync to get some feedback. Thanks!

stergios222 commented 8 months ago

up

Iq51 commented 7 months ago

Bump

batteredhedgehog commented 7 months ago

Bump. Can we please get some guidance on this.

nahrak commented 7 months ago

Bump. Firebase shows a message, which reads "Ads personalization consent signals not detected".

This page describes how to enable consent mode with TCF and says it is automatically enabled: https://developers.google.com/tag-platform/security/guides/implement-TCF-strings#apps

Do we still need to manually set everything else to false in AndroidManifest.xml though?

a-maurice commented 7 months ago

Hey all,

Sorry for the lost wait in a response, with something like this we wanted to make sure we had the correct response, which took a while.

I believe that UMP needs to enable automatic TCF integration by setting the IABTCF_EnableAdvertiserConsentMode bit. This is partially documented on this page, including how to do so for Android and iOS apps: https://developers.google.com/tag-platform/security/guides/implement-TCF-strings#apps By doing so, the Google Analytics SDK will be able to read TCF strings written by UMP, so you shouldn't need to call out all the additional flags, possibly just that one.

batteredhedgehog commented 7 months ago

Thanks for replying, but your answer is a bit vague. Can you please provide us with a real implementation example, remembering that this is a unity sdk question.

Lets say we enable the IABTCF_EnableAdvertiserConsentMode in the AndroidManifest.xml (Android) and/or info.plist (iOS) bit as per the documentation you linked.

Does this mean:

Remstam commented 6 months ago

Lets say we enable the IABTCF_EnableAdvertiserConsentMode in the AndroidManifest.xml (Android) and/or info.plist (iOS) bit as per the documentation you linked.

I guess this manifest/plist setup just allows Firebase not to take TCF strings into consideration:

As @a-maurice wrote IABTCF_EnableAdvertiserConsentMode bit has to be set also for everything to work out. Other CMP platforms state that they put that bit explicitly:

Does UMP set this bit automatically? Probably no.

So the working scenario with UMP as for now looks like this:

  1. Set google analytics tcf data enabled = true in manifest/plist (maybe nothing to do here if true is default value)
  2. UMP popup is being shown, user choose some settings
  3. Set IABTCF_EnableAdvertiserConsentMode bit explicitly via SharedPreferences/NSUserDefaults
  4. Init Firebase Analytics
  5. Firebase Analyitcs reads TCF strings automatically and behaves appropriately
stergios222 commented 6 months ago

the documentation at https://developers.google.com/tag-platform/security/guides/implement-TCF-strings#tcf_integration_behavior mentions the

weakfl commented 6 months ago

So the working scenario with UMP as for now looks like this:

  1. Set google analytics tcf data enabled = true in manifest/plist (maybe nothing to do here if true is default value)
  2. UMP popup is being shown, user choose some settings
  3. Set IABTCF_EnableAdvertiserConsentMode bit explicitly via SharedPreferences/NSUserDefaults
  4. Init Firebase Analytics
  5. Firebase Analyitcs reads TCF strings automatically and behaves appropriately

On iOS, this works to a certain degree only.

If you grant permissions and afterwards revoke them, ad_storage, ad_user_data and ad_personalization are not reset correctly, they are still set to granted. Probably because the UserDefaults.standard.string(forKey: "IABTCF_PurposeConsents") is set to "0" and doesn't include all the required purposes.

So you definitely need to reset all permissions before showing the UMP dialog (again).

ananttheant commented 6 months ago

Guys,

What should be the correct flow for when I only show the UMP after the login?

In the .plist or AndroidManifest, I add them by default as granted and I need to make sure the Firebase is initialised at App start since I'd like to catch issues/crashes. I only show the UMP after the login is done and since the login comes at a later stage is it fine to have those permissions as granted and setConsent after showing the UMP post login? (with an ability to further update consent on the settings panel)??? (Tagging @batteredhedgehog since kind of had a similar situation)

(@paulinon / @a-maurice )

Remstam commented 6 months ago

@a-maurice By the way, if _IABTCFEnableAdvertiserConsentMode approach works and consent is transferred automatically, I would like to know what exactly the flag values are for custom analytics purposes. Could you please consider the idea of adding GetConsent method? It should return current flags state, so we will know, what's been transferred after UMP choices are made.

batteredhedgehog commented 6 months ago

@a-maurice - is there any update on how this really works? the minimal information provided and limited documentation isn't sufficient for us devs to implement firebase analytics with UMP with any confidence that we're satisfying privacy requirements.

From comments above by @weakfl - it isn't clear under which exact circumstances consent mode is reconfigured to respect TCF - which is as frustrating and vague as everything else to do with consent, firebase and admob. I think I'll trust my manual implementation until Google can provide us with definitive info.

ynnob commented 6 months ago

i also wonder how all this works together iwth opt-in option the docs explain. I would lie to initially have Firebase Disabled and then show the UMP to the user. But does that enable my firebase stuff or does this only handle Google Mobile Ad stuff. I am really confused by the amount of different documentations.

Opt-In example:

        <!-- Disable Crashalytics as default -->
        <meta-data
            android:name="firebase_crashlytics_collection_enabled"
            android:value="false" />

        <!-- Disable Firebase Analytics -->
        <meta-data
            android:name="firebase_analytics_collection_enabled"
            android:value="false" />

        <!-- Disable Performance Monitor -->
        <meta-data
            android:name="firebase_performance_collection_enabled"
            android:value="false" />

Then manually i would call: FirebaseCrashlytics.getInstance().setCrashlyticsCollectionEnabled(true);

@ananttheant did you figure out what to do? I think i aim for the same setup. I kinda hate the idea to show multiple popups on first start to get the user consent. One Consent request with UMP would be nice.

ananttheant commented 5 months ago

@ynnob

I used this documentation.

By default, I've set all the consents as granted, and used the eu_consent_policy set as false to initialise the Firebase normally without any change in its flow. After the login, we show the CMP popup, overriding the value for consents.

Then finally you can pass on the consent values to the respective 3rd party SDKs

emfigura commented 5 months ago

Hey @a-maurice - do you have any guidance on how to properly do this? Or if anyone is working on a doc?

ynnob commented 5 months ago

@ananttheant thanks.

i invested a bit more time and decided to split AdMob consent from Firebase because they don't really seem to be connected as thight as i expected them to be.

Also as far as i understood Settings set by UMP will (if a google service uses them) always be more important then the settings in the interface (e.g AdMob default personalized ads / non personalized ads will be overwritten through the UMP Consent selection)

So i opted to seperatly let the user opt-in and out of firebase while also doing the same with AdMob and UMP.

That way i know i did everything to inform the user about the services i use, let them opt-in and out and also use the UMP if firebase at soem point accesses these setting.

batteredhedgehog commented 4 months ago

I think @ynnob is probably correct - its safest to ask for each explicitly - but this is gives a very poor user experience: The app might then have IDFA explainer, ATT popup, UMP consent popup, and finally analytics consent popup... If that happened to me when I installed a game, I'd uninstall it immediately. As it is I have the first three - which is still too many.

On a side note, Using the configuration i mention above - i.e. sets consent mode flags to false and update flags once consent is given - the first_open event is never posted - meaning that the New Users count in Google Analytics is always 0. If anyone can think of a way around when users do give consent - I'm all ears.

ananttheant commented 4 months ago

@ynnob

Well, the easiest way is to show the CMP popup first (before ATT), if the user wants to change the consent for specific things they can do it using manage consent option. (If you see it properly, it has multiple purposes)

In the end, once the consent popup is done, you can fetch all the purposes and pass it on to your ads SDK and firebase.

By checking if the user has declined the use of saving data related to ads you can also avoid showing ATT popup (this was mentioned by Google itself if their QnA)

Be mindful that some SDKs support collection of consent using TCF data, which means it'll collect it automatically but you might have to turn it on for example on Appsflyer. (so you don't have to pass on the consents to those SDKs)

Also, make sure you have provided a way to change consents in your settings panel inside the app, and updating the consents on SDKs if changed.

ananttheant commented 4 days ago

Hey @paulinon / @a-maurice

I have a question regarding this statement

In accordance with the updates to consent mode for traffic in European Economic Area (EEA), a value of eu_consent_policy can be set for ad_user_data and ad_personalization, meaning consent is denied only for users in regions subject to the EU User Consent Policy.

As mentioned #here

This is a bit confusing and I need to understand what exactly this looks like with example:

  1. Does this mean that we can have a key "eu_consent_policy" with a bool value?

    <key>eu_consent_policy</key> <false/>
    <key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_ANALYTICS_STORAGE</key> <true/>
    <key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_STORAGE</key> <true/>
    <key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_USER_DATA</key> <true/>
    <key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_PERSONALIZATION_SIGNALS</key> <true/>
  2. Or does this mean, that we can set values of the following keys as "eu_consent_policy"

    <key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_ANALYTICS_STORAGE</key> <true/>
    <key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_STORAGE</key> <true/>
    <key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_USER_DATA</key> <string>eu_consent_policy</string>
    <key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_PERSONALIZATION_SIGNALS</key> <string>eu_consent_policy</string>
  3. Or does this mean, we can have these keys with the following value "eu_consent_policy"

    <key> ad_user_data</key> <string>eu_consent_policy</string>
    <key> ad_personalization</key> <string>eu_consent_policy</string>
    <key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_ANALYTICS_STORAGE</key> <true/>
    <key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_STORAGE</key> <true/>
    <key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_USER_DATA</key> <true/>
    <key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_PERSONALIZATION_SIGNALS</key> <true/>