Adapting to Privacy Changes: Our Approach to Google’s Transparency Consent Framework and Apple’s Privacy Manifest
Liftoff is working with its partners to ensure compliance with all privacy policy changes happening in the app economy, including Google’s requirements related to the Transparency and Consent Framework (TCF) and Apple’s Privacy Manifest requirements.
GDPR compliance and Google’s Transparency and Consent Framework
Since January 16, 2024, Google started requiring mobile app publishers to implement the Transparency and Consent Framework 2.2 (TCF) user consent for showing ads to users in the EEA and the UK.
Liftoff Monetize will be working alongside the new consent flow via Google’s Additional Consent mode (AC mode). For our Google-mediated publishers, we recommend following these two steps to be well-positioned for the upcoming changes:
- Make sure that you are using the consent management platform (CMP) that supports Google’s Additional Consent (AC) mode. Please reach out to your CMP to confirm this.
- Ensure that you are sending user consent parameters via our GDPR API as described in Option 1 in our documentation. This signal is needed for monetizing EEA and the UK users in compliance with the GDPR. If you have any questions about GDPR API, please feel free to reach out to our Technical Support [email protected].
Xcode 15 & Apple Privacy Manifest
Since Fall 2023, Apple started alerting developers who do not include all requirements for Privacy Manifest for their app and 3rd party SDKs via email. In May 2024, any developer app in violation of these requirements will not be accepted in App Store Connect. You can read more about Apple’s enforcement timeline here.
Upcoming Apple Privacy Manifest changes include:
- Required reasons for APIs: Component that needs to be included in the privacy manifest- certain API types (there are 5) will need to have a defined reason as to why they are being used.
- Data usage categories/dictionary: Apple has asked app developers to add a ‘dictionary’ in the privacy manifest explaining the usage of specific categories of data that their app or third-party SDK collects.
- Preventive blocking: External domains must be declared as “tracking” or “non-tracking”- some may be blocked preemptively until a user provides consent.
Liftoff’s SDK v7.3.1 includes Privacy Manifest support. Please download the latest SDK here and include it in your upcoming app submission. SDK v7.3.1 uses xcode15 to report the two required reason APIs that we use in our own manifest file (Disk Space, User Defaults). This SDK version (or later SDK versions) will be required in your app submissions after May 1, 2024. Adapters will subsequently be certified and released by mediation.