Open batteredhedgehog opened 11 months ago
Hi @batteredhedgehog,
You can use the SetConsent
function to set the consent state. You may have to do some preliminary steps to set up consent mode for your app (depending on your platform). You may refer to this example in our quickstart to see how it's being used.
That said, I'll be closing this for now. Let me know if an issue arises so this ticket could be reopened.
I think @batteredhedgehog wants some kind of conversion function from TCFStrings (which are created after UMP popup choices were made) to Firebase flags for SetConsent function.
I am interested in this too, my current guess is to rely on Tag Behaviour docs. It is possible to take selected purposes string from shared preferences (Android) or NSUserDefaults (iOS) by _IABTCFPurposeConsents key and go on from there.
But I am not sure if that is the right way to get values for SetConsent call, wonder if there are any other opinions.
@paulinon - thanks for the info. I do understand how the SetConsent function is intended to work. As @Remstam says, I'm looking for the correct way to extract consent information from TCF strings.
Any assistance would be very helpful. Answers to the above questions would greatly help me to move forward.
Bump
Any updates?
up
For anyone interested - I did the following:
<meta-data android:name="google_analytics_default_allow_analytics_storage" android:value="false" />
<meta-data android:name="google_analytics_default_allow_ad_storage" android:value="false" />
<meta-data android:name="google_analytics_default_allow_ad_user_data" android:value="false" />
<meta-data android:name="google_analytics_default_allow_ad_personalization_signals" android:value="false" />
<meta-data android:name="firebase_crashlytics_collection_enabled" android:value="false" />
Crashlytics.IsCrashlyticsCollectionEnabled = true
if either consent wasn't required (as determined by UMP) or if the consents in the previous step were given.FirebaseAnalytics.SetConsent(...)
if either consent wasn't required - or using the rules described here based on the determined purpose consent status.I dont really know if this is 100% correct - but its a start .
Any guidance from google would be greatly appreciated.
And here is some c# code snippets I wrote to help extract consent from the TCF string.
private const string IABTCF_PurposeConsents = "IABTCF_PurposeConsents";
private const string IABTCF_PurposeLegitimateInterests = "IABTCF_PurposeLegitimateInterests";
private const string IABTCF_VendorConsents = "IABTCF_VendorConsents";
private const string IABTCF_VendorLegitimateInterests = "IABTCF_VendorLegitimateInterests";
private const string IABTCF_PublisherConsent = "IABTCF_PublisherConsent";
private const string IABTCF_PublisherLegitimateInterests = "IABTCF_PublisherLegitimateInterests";
public const int IABTCF_GOOGLE_VENDOR_ID = 755;
private static bool IsBitSet(int nonZeroBasedBitIndex, string bitString)
{
return nonZeroBasedBitIndex > 0 && bitString != null && bitString.Length >= nonZeroBasedBitIndex && bitString[nonZeroBasedBitIndex - 1] == '1';
}
public static bool HasConsent(string purposeString, string vendorString, int purposeId, int? vendorId = null)
{
return IsBitSet(purposeId, ApplicationPreferences.GetString(purposeString)) && ((!vendorId.HasValue) || IsBitSet(vendorId.Value, ApplicationPreferences.GetString(vendorString)));
}
public static bool HasPurposeConsent(int purposeId, int? vendorId = null)
{
return HasConsent(IABTCF_PurposeConsents, IABTCF_VendorConsents, purposeId, vendorId);
}
public static bool HasLegitimateInterest(int purposeId, int? vendorId = null)
{
return HasConsent(IABTCF_PurposeLegitimateInterests, IABTCF_VendorLegitimateInterests, purposeId, vendorId);
}
public static bool HasPublisherConsent(int purposeId)
{
return HasConsent(IABTCF_PublisherConsent, null, purposeId);
}
public static bool HasPublisherLegitimateInterest(int purposeId)
{
return HasConsent(IABTCF_PublisherLegitimateInterests, null, purposeId);
}
Hi,
It seems that since Firebase Android SDK 32.8.0 and Firebase iOS SDK 10.23.0, Firebase Analytics gets a new feature:
Any ETA on when this will be available in the Unity SDK ? Or maybe is it possible to just update the dependencies ?
Ok, 11.9.0 release gets updates to Android 32.8.1 and iOS 10.24.0 respectively. Does this mean it is no more necessary to manually call SetConsent as Analytics will now itself automatically get the values from TCF string internally?
Bump
Hi,
With the 11.9.0 update is it still necessary to modify the AndroidManifest.xml to add:
<meta-data android:name="google_analytics_default_allow_analytics_storage" android:value="false" />
<meta-data android:name="google_analytics_default_allow_ad_storage" android:value="false" />
<meta-data android:name="google_analytics_default_allow_ad_user_data" android:value="false" />
<meta-data android:name="google_analytics_default_allow_ad_personalization_signals" android:value="false" />
<meta-data android:name="firebase_crashlytics_collection_enabled" android:value="false" />
Or all this is done automatically based on the TCF values ?
How does this work for non UE users ? Will it reactivate it automatically or I need to do it manually ?
What about the values changes, if I show the GoogleUserMessagingPlatform form to the user, is there something to call on FirebaseAnalytics to update the values when the form is closed ?
Any updates?
up
Hi folks, could you kindly add a thumbs up emoji to the author's original post. This will help us keep track of issues under our radar. That said, I'll bring this up to our engineer sync to get some feedback. Thanks!
up
Bump
Bump. Can we please get some guidance on this.
Bump. Firebase shows a message, which reads "Ads personalization consent signals not detected".
This page describes how to enable consent mode with TCF and says it is automatically enabled: https://developers.google.com/tag-platform/security/guides/implement-TCF-strings#apps
Do we still need to manually set everything else to false in AndroidManifest.xml though?
Hey all,
Sorry for the lost wait in a response, with something like this we wanted to make sure we had the correct response, which took a while.
I believe that UMP needs to enable automatic TCF integration by setting the IABTCF_EnableAdvertiserConsentMode bit. This is partially documented on this page, including how to do so for Android and iOS apps: https://developers.google.com/tag-platform/security/guides/implement-TCF-strings#apps By doing so, the Google Analytics SDK will be able to read TCF strings written by UMP, so you shouldn't need to call out all the additional flags, possibly just that one.
Thanks for replying, but your answer is a bit vague. Can you please provide us with a real implementation example, remembering that this is a unity sdk question.
Lets say we enable the IABTCF_EnableAdvertiserConsentMode in the AndroidManifest.xml (Android) and/or info.plist (iOS) bit as per the documentation you linked.
Does this mean:
Lets say we enable the IABTCF_EnableAdvertiserConsentMode in the AndroidManifest.xml (Android) and/or info.plist (iOS) bit as per the documentation you linked.
I guess this manifest/plist setup just allows Firebase not to take TCF strings into consideration:
As @a-maurice wrote IABTCF_EnableAdvertiserConsentMode bit has to be set also for everything to work out. Other CMP platforms state that they put that bit explicitly:
Does UMP set this bit automatically? Probably no.
So the working scenario with UMP as for now looks like this:
the documentation at https://developers.google.com/tag-platform/security/guides/implement-TCF-strings#tcf_integration_behavior mentions the
So the working scenario with UMP as for now looks like this:
- Set google analytics tcf data enabled = true in manifest/plist (maybe nothing to do here if true is default value)
- UMP popup is being shown, user choose some settings
- Set IABTCF_EnableAdvertiserConsentMode bit explicitly via SharedPreferences/NSUserDefaults
- Init Firebase Analytics
- Firebase Analyitcs reads TCF strings automatically and behaves appropriately
On iOS, this works to a certain degree only.
If you grant permissions and afterwards revoke them, ad_storage
, ad_user_data
and ad_personalization
are not reset correctly, they are still set to granted
.
Probably because the UserDefaults.standard.string(forKey: "IABTCF_PurposeConsents")
is set to "0" and doesn't include all the required purposes.
So you definitely need to reset all permissions before showing the UMP dialog (again).
Guys,
What should be the correct flow for when I only show the UMP after the login?
In the .plist
or AndroidManifest
, I add them by default as granted
and I need to make sure the Firebase is initialised at App start since I'd like to catch issues/crashes. I only show the UMP after the login is done and since the login comes at a later stage is it fine to have those permissions as granted and setConsent
after showing the UMP post login? (with an ability to further update consent on the settings panel)??? (Tagging @batteredhedgehog since kind of had a similar situation)
(@paulinon / @a-maurice )
@a-maurice By the way, if _IABTCFEnableAdvertiserConsentMode approach works and consent is transferred automatically, I would like to know what exactly the flag values are for custom analytics purposes. Could you please consider the idea of adding GetConsent method? It should return current flags state, so we will know, what's been transferred after UMP choices are made.
@a-maurice - is there any update on how this really works? the minimal information provided and limited documentation isn't sufficient for us devs to implement firebase analytics with UMP with any confidence that we're satisfying privacy requirements.
From comments above by @weakfl - it isn't clear under which exact circumstances consent mode is reconfigured to respect TCF - which is as frustrating and vague as everything else to do with consent, firebase and admob. I think I'll trust my manual implementation until Google can provide us with definitive info.
i also wonder how all this works together iwth opt-in option the docs explain. I would lie to initially have Firebase Disabled and then show the UMP to the user. But does that enable my firebase stuff or does this only handle Google Mobile Ad stuff. I am really confused by the amount of different documentations.
Opt-In example:
<!-- Disable Crashalytics as default -->
<meta-data
android:name="firebase_crashlytics_collection_enabled"
android:value="false" />
<!-- Disable Firebase Analytics -->
<meta-data
android:name="firebase_analytics_collection_enabled"
android:value="false" />
<!-- Disable Performance Monitor -->
<meta-data
android:name="firebase_performance_collection_enabled"
android:value="false" />
Then manually i would call:
FirebaseCrashlytics.getInstance().setCrashlyticsCollectionEnabled(true);
@ananttheant did you figure out what to do? I think i aim for the same setup. I kinda hate the idea to show multiple popups on first start to get the user consent. One Consent request with UMP would be nice.
@ynnob
I used this documentation.
By default, I've set all the consents as granted
, and used the eu_consent_policy
set as false
to initialise the Firebase normally without any change in its flow. After the login, we show the CMP popup, overriding the value for consents.
Then finally you can pass on the consent values to the respective 3rd party SDKs
Hey @a-maurice - do you have any guidance on how to properly do this? Or if anyone is working on a doc?
@ananttheant thanks.
i invested a bit more time and decided to split AdMob consent from Firebase because they don't really seem to be connected as thight as i expected them to be.
Also as far as i understood Settings set by UMP will (if a google service uses them) always be more important then the settings in the interface (e.g AdMob default personalized ads / non personalized ads will be overwritten through the UMP Consent selection)
So i opted to seperatly let the user opt-in and out of firebase while also doing the same with AdMob and UMP.
That way i know i did everything to inform the user about the services i use, let them opt-in and out and also use the UMP if firebase at soem point accesses these setting.
I think @ynnob is probably correct - its safest to ask for each explicitly - but this is gives a very poor user experience: The app might then have IDFA explainer, ATT popup, UMP consent popup, and finally analytics consent popup... If that happened to me when I installed a game, I'd uninstall it immediately. As it is I have the first three - which is still too many.
On a side note, Using the configuration i mention above - i.e. sets consent mode flags to false and update flags once consent is given - the first_open event is never posted - meaning that the New Users count in Google Analytics is always 0. If anyone can think of a way around when users do give consent - I'm all ears.
@ynnob
Well, the easiest way is to show the CMP popup first (before ATT), if the user wants to change the consent for specific things they can do it using manage consent option. (If you see it properly, it has multiple purposes)
In the end, once the consent popup is done, you can fetch all the purposes and pass it on to your ads SDK and firebase.
By checking if the user has declined the use of saving data related to ads you can also avoid showing ATT popup (this was mentioned by Google itself if their QnA)
Be mindful that some SDKs support collection of consent using TCF data, which means it'll collect it automatically but you might have to turn it on for example on Appsflyer. (so you don't have to pass on the consents to those SDKs)
Also, make sure you have provided a way to change consents in your settings panel inside the app, and updating the consents on SDKs if changed.
Hey @paulinon / @a-maurice
I have a question regarding this statement
In accordance with the updates to consent mode for traffic in European Economic Area (EEA), a value of
eu_consent_policy
can be set forad_user_data
andad_personalization
, meaning consent is denied only for users in regions subject to the EU User Consent Policy.
As mentioned #here
This is a bit confusing and I need to understand what exactly this looks like with example:
Does this mean that we can have a key "eu_consent_policy" with a bool value?
<key>eu_consent_policy</key> <false/>
<key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_ANALYTICS_STORAGE</key> <true/>
<key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_STORAGE</key> <true/>
<key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_USER_DATA</key> <true/>
<key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_PERSONALIZATION_SIGNALS</key> <true/>
Or does this mean, that we can set values of the following keys as "eu_consent_policy"
<key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_ANALYTICS_STORAGE</key> <true/>
<key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_STORAGE</key> <true/>
<key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_USER_DATA</key> <string>eu_consent_policy</string>
<key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_PERSONALIZATION_SIGNALS</key> <string>eu_consent_policy</string>
Or does this mean, we can have these keys with the following value "eu_consent_policy"
<key> ad_user_data</key> <string>eu_consent_policy</string>
<key> ad_personalization</key> <string>eu_consent_policy</string>
<key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_ANALYTICS_STORAGE</key> <true/>
<key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_STORAGE</key> <true/>
<key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_USER_DATA</key> <true/>
<key>GOOGLE_ANALYTICS_DEFAULT_ALLOW_AD_PERSONALIZATION_SIGNALS</key> <true/>
[REQUIRED] Please fill in the following fields:
[REQUIRED] Please describe the question here:
I am unable to find documentation on how to configure Firebase to update consent with data coming from google's UMP. Please can you explain how to link the two, or point me to some documentation.