Google transparency consent framework and apple privacy manifest

Adapting to Privacy Changes: Our Approach to Google’s Transparency Consent Framework and Apple’s Privacy Manifest

By Jessica Dibady | January 30, 2024
Liftoff is working with its partners to ensure compliance with all privacy policy changes happening in the app economy, including Google’s requirements related to the Transparency and Consent Framework (TCF) and Apple’s Privacy Manifest requirements.

GDPR compliance and Google’s Transparency and Consent Framework

Since January 16, 2024, Google started requiring mobile app publishers to implement the Transparency and Consent Framework 2.2 (TCF) user consent for showing ads to users in the EEA and the UK.
Liftoff Monetize will be working alongside the new consent flow via Google’s Additional Consent mode (AC mode). For our Google-mediated publishers, we recommend following these two steps to be well-positioned for the upcoming changes:
  1. Make sure that you are using the consent management platform (CMP) that supports Google’s Additional Consent (AC) mode. Please reach out to your CMP to confirm this.
  2. Ensure that you are sending user consent parameters via our GDPR API as described in Option 1 in our documentation. This signal is needed for monetizing EEA and the UK users in compliance with the GDPR. If you have any questions about GDPR API, please feel free to reach out to our Technical Support [email protected].

Xcode 15 & Apple Privacy Manifest

Starting in 2023, Apple started alerting developers who do not include all requirements for Privacy Manifest for their app and 3rd party SDKs via email. In Spring 2024, any developer app in violation of these requirements will not be accepted in App Store Connect. 
Upcoming Apple Privacy Manifest changes include: 
  • Required reasons for APIs: Component that needs to be included in the privacy manifest- certain API types (there are 5) will need to have a defined reason as to why they are being used.
  • Data usage categories/dictionary: Apple has asked app developers to add a ‘dictionary’ in the privacy manifest explaining the usage of specific categories of data that their app or third-party SDK collects.
  • Preventive blocking: External domains must be declared as “tracking” or “non-tracking”- some may be blocked preemptively until a user provides consent.
Liftoff will release a new SDK version (7.2.2) in February 2024 that uses xcode15 to report the two required reason APIs that we use in our own manifest file (Disk Space, User Defaults). Those will have to be included in the app developers’ builds that are submitted to the iOS App Store Connect after Spring 2024. Adapters will subsequently be certified and released by mediation. We will update our developer partners as soon as the SDK and adapters are ready!