With the recent passing of privacy laws in the EU, it’s imperative that you familiarize yourself with what you need to do to avoid getting penalized. This post contains important information for you to ensure your apps are compliant with GDPR laws. We are still waiting for individual countries to implement the newer copyright laws famously known as “article 17” and “article 13”.

We are committed to ensuring that apps created on our platform comply with the European Union (EU) General Data Protection Regulation (GDPR) which took effect on May 25th, 2018.

We’ve taken the following steps to provide GDPR compliance for your apps:

  • AdMob – Will only serve non-personalized ads for EU users.
  • StartApp – Will only serve non-personalized ads for EU users.
  • AppLovin – Will only serve non-personalized ads for EU users.
  • Others – Disabled the following ad networks for EU users: Amazon, AppBrain, Facebook Audience Network.
  • Analytics – Disabled Andromo & Google analytics for EU users.
  • AirBop – Disabled AirBop for EU users.

Requirements for AdMob, StartApp or AppLovin Ads

If your app includes AdMob, StartApp or AppLovin ads, you must perform the following steps to be compliant:

  1. Enable the “Launch Notice” dialog in your app for EU users. To do this, go to your project’s “Settings” tab, enable the “Show Launch Notice” checkbox and then enable the “European Union countries only (uncheck for Worldwide)” checkbox. The text you provide is up to you, however below is an example of what might be appropriate for your app if you include AdMob:

    We care about your privacy and data security. We keep this app free by showing ads. We’ll partner with Google and use a unique identifier on your device to serve only non-personalized ads.
    For information about how Google uses your mobile identifier please visit:
    https://policies.google.com/technologies/partner-sites

    You should inform users about these ad networks in your Launch Notice text, including links to their privacy policies.

    The privacy policies for StartApp and AppLovin can be found here:

    https://www.applovin.com/privacy
    http://www.startapp.com/policy/privacy-policy/

    Google’s policy page can be found at:
    https://policies.google.com/technologies/partner-sites

  2. Once you’ve made the above changes, increase your app’s version number on the “Settings” tab, and then generate a new build of your app by clicking the “Build My App” button on your project’s “Build” tab. Once the build has completed, test it and publish the new version to all of the app stores you previously published to.

Requirements for All Apps

Even if your app does not contain ads, you’ll need to generate a new build of your app to comply with GDPR. This is also a good time to revisit adding a “cookie notice”. Refer to our KB article “EU User Consent / Privacy Policy” for more info – or read up at https://www.cookiechoices.org/.

To generate a new build, increase your app’s version number on the “Settings” tab, and then go to your project’s “Build” tab and click the “Build My App” button. Once the build has completed, test it and publish the new version to all of the app stores you previously published to.

Further Details…

What is GDPR?

The basics of GDPR state that if you are located in the EU or your app is targeting users in the EU, then you need to obtain explicit consent from the user in order to collect and store “personal information.”

The exact language and wording are much more complicated than written above (specifically concerning what exactly is personal information), but that is the gist of it. You can and should read the official document 2018 reform of EU data protection rules or if you can’t make it through that document, the “simplified version” is available from GDPR Portal. It makes excellent bedtime reading.

Why Should You Care?

At first glance, you might think that your app doesn’t collect personal information so this does not apply to you. However, the definition of personal information is quite broad and extends to IP addresses and mobile device identifiers – not just names, addresses and medical records.

The problem lies with the fact that over the years, all advertising networks have evolved to store that information so that they can track and identify users behavior and serve up what has come to be known as “personalized ads”.

So, while your app itself may never have asked people for their name, email, address, etc., the ad networks and analytics providers are still making use of IP and device identifiers.

What Does it Require of You?

In a nutshell, to be compliant with GDPR your app either needs to obtain explicit consent to collect and store personal information, or it needs to stop storing that info for anyone in the EU.

To obtain explicit consent requires a startup screen that asks users to specifically sign up to be tracked and receive “personalized ads” from each ad network you work with, along with privacy policy information for each one. For context, Google’s AdMob has literally thousands of ad providers enabled by default…

At the moment, the tools and recommendations to deal with explicit consent are simply inadequate to make that realistic.

What we Have Done for Andromo Apps

The safest option right now is to disable anything in your app that stores personal information if the user is located in the EU. That is what we have done in Andromo v5.0.15 so that you can put out a GDPR compliant app today.

Fortunately, several ad networks supported by Andromo have now added the ability to turn off personalized ads and instead serve up only non-personalized ads. Hopefully, more will follow suit in the future.

Additionally, once the tools and procedures to obtain explicit consent for personalized ads solidify, we can revisit and see about making that an option.