Prebid Mobile provides three APIs for app publishers to use with the Framework. These APIs allow you to:
This information will be persisted by Prebid Mobile and will be added to each ad call to the demand partners. Publishers/Consent Management Platforms (CMPs) are free to store these values in an NSUserDefaults/SharedPreferences
interface (as defined by Mobile In-App CMP API v1.0: Transparency & Consent Framework) instead of passing them via the new APIs, and Prebid Mobile will read the values as a fallback. The consent API’s will check for TCF2.0 params (IABTCF_gdprApplies
and IABTCF_TCString
). If the parameters are not available they will fall back to TCF1.1 parameters (IABConsent_SubjectToGDPR
and IABConsent_ConsentString
)
Publishers are responsible for providing notice, transparency and choice and collecting consent from their users in accordance with the Framework policies, either using their own CMP or working with a vendor.
All vendor SDKs (including mediation SDKs) are responsible for looking up approved vendor and consent information on their own.
To ensure proper monetization and relevant targeting, the SDK should be enabled to send the device information. Setting the consentRequired and purposeConsents flag correctly will help ensure proper device information is sent. The table below provides information on:
deviceAccessConsent= true | deviceAccessConsent= false | deviceAccessConsent= undefined | |
---|---|---|---|
consentRequired=false (gdprApplies = false) |
The SDK will read and pass IDFA/AAID info to server. | The SDK will not read and pass IDFA/AAID info to server. | The SDK will read and pass IDFA/AAID info to server. |
consentRequired=true (gdprApplies = true) |
The SDK will read and pass IDFA/AAID info to server. | The SDK will not read and pass IDFA/AAID info to server. | The SDK will not read and pass IDFA/AAID info to server. |
consentRequired=undefined (gdprApplies = undefined) |
The SDK will read and pass IDFA/AAID info to server. | The SDK will not read and pass IDFA/AAID info to server. | The SDK will read and pass IDFA/AAID info to server. |
gdprApplies
in Targeting.shared.subjectToGDPR
and purposeConsent
in Targeting.shared.purposeConsents
.
/** * Set the consentRequired value in the SDK * * @param true if subject to GDPR regulations, false otherwise */ Targeting.shared.subjectToGDPR = false; /** * Set the consent string in the SDK * * @param A valid Base64 encode consent string as per https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework */ Targeting.shared.gdprConsentString = "BOMyQRvOMyQRvABABBAAABAAAAAAEA"; /** * Set the purpose consents in the SDK * * @param A valid Binary String: The '0' or '1' at position n – where n's indexing begins at 0 – indicates the consent status for purpose ID n+1; false and true respectively. eg. '1' at index 0 is consent true for purpose ID 1 */ Targeting.shared.purposeConsents = "100000000000000000000000"; /** * Get the device consent extracted from the purpose1 consent provided * */ let deviceAccessConsent = Targeting.shared.getDeviceAccessConsent();
/** * Set the consentRequired value in the SDK * * @param true if subject to GDPR regulations, false otherwise */ TargetingParams.setSubjectToGDPR(context, true); /** * Set the consent string in the SDK * * @param A valid Base64 encode consent string as per * https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework */ TargetingParams.setGDPRConsentString("BOMyQRvOMyQRvABABBAAABAAAAAAEA"); /** * Set the purpose consents in the SDK * * @param A valid Binary String: The '0' or '1' at position n – where n's indexing begins at 0 – indicates the consent status for purpose ID n+1; false and true respectively. eg. '1' at index 0 is consent true for purpose ID 1 */ TargetingParams.setPurposeConsents("101010001");
Prebid mobile supports the IAB US Privacy signal implementation for CCPA. Publishers will be required perform the following actions:
The job of the Prebid SDK will:
It is worth noting Prebid Server will be a passthrough as well and will not validate format or correctness of US Privacy signal nor strip any user data from the request either, even if the presence of an opt out.