I'm planning to build an iOS and Android app with custom advertising on some screen. The custom advertising does not use advertising identifier provided by iOS(IDFA) or Android.
my questions are for the app review from both Apple and google,
Should I still need to indicate that my app has advertising?
Is the use of advertising is mandatory in order to provide custom ad that does not use the advertising identifier?
Is it possible that Google or Apple reject the app if i don't use the Advertising identifier but still provide custom ad?
Related
Looking at the Firebase SDK I am trying to understand technically how Google is identifying the devices of users.
In the documentation I read:
Identifying devices The Google Analytics for Firebase SDK library uses
an app-instance identifier to identify a unique installation of the
App.
When using the SDK, an app-instance identifier gets generated at the
app level.
By default, the Firebase SDK collects identifiers for mobile devices
(for example, Android Advertising ID and Advertising Identifier for
iOS) and utilizes technologies similar to cookies.
On iOS, the SDK collects the Advertising Identifier if it is
available. For IDFA to be available, a developer has to link in the
AdSupport.framework library.
If the Advertising Identifier is unavailable, the SDK collects the
Vendor Identifier. If the Advertising Identifier becomes available
after the Vendor Identifier was reported, the SDK stops collecting the
Vendor Identifier.
By default, on Android the SDK collects the Advertising ID.
From this I understand that it uses:
iOS
On iOS, the SDK collects the Advertising Identifier if it is
available. For IDFA to be available, a developer has to link in the
AdSupport.framework library.
And the question becomes:
how does the iOS AdSupport.framework library generate theuser identifier?
is it really anonymous?
Android
How does "Android Advertising ID" library generate the user identifier?
is it really anonymous?
Any help understanding how this works under the hood would be much appreciated.
According to this page, every application submitted to the Play Store must not have the capability to collect both persistent device identifier and Advertising ID. Failure to comply will result in application removal from the Play Store.
Now, I have an application that is collecting persistent device identifier for security purposes, but I still want to use Firebase Crashlytics, as I added the SDK, I noticed that the SDK collects Advertising ID, but I can't find the code that initiate the collection.
So, my question is will the Firebase Crashlytics SDK collect Advertising ID automatically on library inclusion to the app?
If it does, is there any way to disable the collection of Advertising ID?
I have a hypothetical mobile game where players don't necessarily need to create accounts to play. Their data is keyed off of a device identifier like an advertising identifier (IDFA) or Apple's identifierForVendor or Android ID
For GDPR, I need to allow all users to download their data.
Is it safe to use the ID as an authentication secret to uniquely identify a user/device, or are these ID values predictable / published somewhere and easy to spoof?
From Apple's perspective, this is a no-go.
https://developer.apple.com/documentation/adsupport/asidentifiermanager
The ASIdentifierManager class provides apps with access to an
identifier that can be used only for serving advertisements, as well
as a flag that indicates whether a user has limited ad tracking.
Should they find out you are using it for something else, you risk having your app removed and possibly being banned from the App store. YMMV.
Plus, if a user disables ad tracking in the OS, they will return a UUID of all zeroes, which will cause a lot of problems once more people do it since you are guaranteed an ID collision.
I have received an warning from Google Play:
Reason for warning: Violation of Usage of Android Advertising ID
policy and section 4.8 of the Developer Distribution Agreement
I have been checking and app should be sending the Android Advertising ID. It has to be a library because I am not doing it.
I use crashlytics and OneSignal and both could be the problem. But I have found in the documentation of OneSignal that the SDK get it:
https://documentation.onesignal.com/docs/handling-personal-data#section-personal-information-sent-as-data-tags
Some data is automatically collected by the OneSignal SDK. For example, on mobile devices this typically include's the device's advertising id, purchases they have made in your app, the timezone setting of the device, and location data (if your app has location permission).
I am trying to disable the SDK continue collecting the advertising identifier but I don't find how to do it. In addition, the list of collected data is not clear because Advertising identifier does not appear:
https://documentation.onesignal.com/docs/data-collected-by-the-onesignal-sdk
I would need to know how to configure OneSignal SDK for not collecting anymore the Advertising identifier.
Thanks.
Google has started emailing apps that use Advertising Id and do not have a privacy policy to tell them they must add a privacy policy.
You can address this by adding a privacy policy to your Play Store listing and in your app. If you do not already have a privacy policy, there are tools available to create one such as http://www.docracy.com/mobileprivacy (free) or https://www.iubenda.com/en/ ($27/yr)
After speaking a little bit more with JonF, he spoke with OneSignal developers and they said that it is possible to avoid sending the Advertising ID changing some lines in the SDK:
Most of the tracking for Android can be removed from registerUserTask
in
https://github.com/OneSignal/OneSignal-Android-SDK/blob/3a4d4353b1d803852e3b9986b828c9b823801ce5/OneSignalSDK/onesignal/src/main/java/com/onesignal/OneSignal.java#L1180-L1182
The problem is that it is not possible to keep the library integrated with gradle, but at least it is a solution.
I have been thinking to implement the change with Reflection but I don't have much time now for it, it could be another way.
One of my Apps has been removed because not compliant with the new Android Advertising ID policy. This App had a simple AdMob/Google AdSense banner.
I would like to know how to check if my other Apps (using AdMob/Google AdSense) are compliant with the Android Advertising ID policy. How can I do that?
Thanks