Search Unity

Question How to comply with iOS ATT?

Discussion in 'Unity Mediation' started by topcogllc, Apr 25, 2022.

  1. topcogllc

    topcogllc

    Joined:
    Jan 8, 2018
    Posts:
    11
    I have been using Unity Ads and the following code to comply with ATT on iOS. However, if I attempt to use Unity Mediation, the MetaData class is no longer available (being a part of Unity.Advertisement). What should I be doing instead?

    Code (CSharp):
    1.             var status = ATTrackingStatusBinding.GetAuthorizationTrackingStatus();
    2.             bool ok = true;
    3.  
    4.             if (Application.platform == RuntimePlatform.IPhonePlayer)
    5.             {
    6.                 Version currentVersion = new Version(Device.systemVersion);
    7.                 Version ios14 = new Version("14.5");
    8.                 ok = currentVersion >= ios14;
    9.             }
    10.  
    11.             if (status == ATTrackingStatusBinding.AuthorizationTrackingStatus.NOT_DETERMINED && ok)
    12.             {
    13.                 var contextScreen = GameObject.Instantiate(B.instance.contextScreenView);
    14.                 contextScreen.sentTrackingAuthorizationRequest += () => GameObject.Destroy(contextScreen.gameObject);
    15.  
    16.                 if (ATTrackingStatusBinding.GetAuthorizationTrackingStatus() == ATTrackingStatusBinding.AuthorizationTrackingStatus.AUTHORIZED)
    17.                 {
    18.                     MetaData gdprMetaData = new MetaData("gdpr");
    19.                     gdprMetaData.Set("consent", "true");
    20.                     Advertisement.SetMetaData(gdprMetaData);
    21.                 }
    22.             }
     
  2. jcGrenier

    jcGrenier

    Unity Technologies

    Joined:
    Feb 23, 2021
    Posts:
    145
    Hi @topcogllc ,
    For mediation, you will want to use
    MediationService.Instance.DataPrivacy.GetConsentStatusForLaw
    and
    MediationService.Instance.DataPrivacy.UserGaveConsent
    to manage consent for the various laws (including GDPR).

    Do not hesitate if you have more questions!

    Edit: Apologies I looked at the code below and assumed you were attempting to set GDPR.
    Regarding ATT, I am not sure what the appropriate action would be in your case, I will let someone else answer that.
     
    Last edited: Apr 25, 2022
  3. DeclanMcPartlin

    DeclanMcPartlin

    Unity Technologies

    Joined:
    Nov 19, 2020
    Posts:
    146
    Hello @topcogllc,

    Thanks for reaching out. Regarding how to setup ATT in Unity Mediation, there's a guide how to set it up here.

    After looking at your code, it seems you are mapping consent for ATT directly with GDPR, which are two separate concerns (ATT is a permission enforced by Apple, misuse can lead to a removal from the AppStore or an app being denied from being added to the AppStore for example, GDPR is an EEA jurisdiction law and requires a different form of consent collection). Here is some more information on the topic for example. Due to this, we recommend collecting consent for GDPR and other laws by using a consent collection solution tailored for that given law, just a heads up.

    Once you have that collected consent, you can pass it through the Mediation API like so:

    MediationService.Instance.DataPrivacy.UserGaveConsent


    This consent will then be passed down to other ad network SDKs that support the given law (including Unity Ads and GDPR).

    Let us know if that works for you, thanks!
     
  4. topcogllc

    topcogllc

    Joined:
    Jan 8, 2018
    Posts:
    11
    Ok, that helps a ton. I'll dig into it from there. Thanks! :)
     
  5. amjaliks

    amjaliks

    Joined:
    Jul 11, 2015
    Posts:
    159
    I can't find clear instructions how
    MediationService.Instance.DataPrivacy.UserGaveConsent
    should be used. Should it be called before initialization? Or it doesn't matter?

    Sorry for hijacking the thread! This thread was one of the top result for me, while I was googling for more details about these privacy settings.
     
  6. DeclanMcPartlin

    DeclanMcPartlin

    Unity Technologies

    Joined:
    Nov 19, 2020
    Posts:
    146
    Hey @amjaliks,

    Regarding
    MediationService.Instance.DataPrivacy.UserGaveConsent
    :
    A fair amount of the documentation regarding how to use this API can be found here.

    Currently (v0.4.1), the
    MediationService.Instance
    variable is only available after initialization. So we recommend calling this API post-initialize.

    And no worries for posing this question here, it is still on topic. Thanks for reaching out, let us know if you have any other questions.
     
  7. amjaliks

    amjaliks

    Joined:
    Jul 11, 2015
    Posts:
    159
    Yeah, however, there is nothing said when is should be called.
    My assumption was, it should be called before initialization, so Mediation SDK can pass it to other SDKs, if needed, before initialize them. But it turns out my assumption was wrong.
     
  8. DeclanMcPartlin

    DeclanMcPartlin

    Unity Technologies

    Joined:
    Nov 19, 2020
    Posts:
    146
    Thank you for the feedback @amjaliks, it is true that this is not clear. We will provide this guidance in our next documentation update.
     
  9. Freezy

    Freezy

    Joined:
    Jul 15, 2012
    Posts:
    234
    If only Mediation is used, the analytics plugin is not a dependency, thus the privacy button is not needed?
    The documentation states one-line information a lot, without any context or clarity.

    How should we figure out which laws apply? Do we even care to figure out specifically?
    Ideally this should be solved by the Core Services package in a uniform and compliant way.

    As privacy applies to all these cloud based services, it would make more sense to provide them as their own API within Core, to be called before the rest of the stack is initialized.

    It would be fantastic if it could just determine which laws apply to a user, but personally I prefer the "Consent is Consent" and just apply all consents to all laws.
    Move the privacy button to core, or add it as a privacy plugin service?

    Without consent none of these services should activate, this should be enforced on the API level so that it is always clear.

    If Consent status is known, the services can spin up (or stay inert without errors) accordingly.
    This makes everything clean, clear and opt-in. If it does not run until it is allowed to by user / developer, maximum compliance is reached out of the box.
    Just make a clear note in the documentation

    Ideally something like this:
    1. Create Privacy instance
    2. Check for existing consent, if unknown, raises the AskForConsent callback and waits for async task with the Accept / Decline information
    3. Initialization requires the Privacy instance, this informs all services
    4. On runtime if you offer the user a way to change consent status, changing the consent status in the Privacy instance will also trigger the appropriate callbacks in all the services (it will also unload and load services as allowed by the new consent status)
     
  10. DeclanMcPartlin

    DeclanMcPartlin

    Unity Technologies

    Joined:
    Nov 19, 2020
    Posts:
    146
    Hey @Freezy,

    For clarity, Unity Mediation provides an API to pass privacy consent signals for two reasons:
    1. To provide consent signals for header bidding (a new type of waterfall line item)
    2. To pass consent to the downstream ad network SDKs
    If you do not provide the consent signals, header bidding will default the ads as contextual where jurisdictions have privacy laws enforced. As for the downstream ad network SDKs (MetaAudienceNetwork, Admob, etc), they will collect consent themselves separately. Unity Mediation will still work without these consent signals, but will most likely generate somewhat less revenue.

    With that, to answer your questions:

    To tie in with what I mention above, passing any signals, either with the use of a button or otherwise is not needed, but can be beneficial to revenue.

    Which laws apply is a complex issue that requires a complex solution, which is why we recommend using consent collection solutions, like Funding Choices for example for the time being. We are actively working on providing a consent collection solution that works well with our products as well as inside of the Unity Editor. We really appreciate your feedback, I've shared your thoughts and ideas with the privacy team, and I'll alert this thread once our Privacy product is publicly available.

    Thank you for sharing this.