Exploring

GDPR compliance for Adsense and AdMob. A lazy approach for Android and PHP

noras noras |

Tags: #Android #GDPR #Java #PHP #privacy

GDPR came with a huge benefit for those who cares about their privacy in the EU. But we can’t deny that it was a huge headache for business owners, bloggers and everyone owning a website or app.
In this article is directed for website or app owners that serve Ads. I will only cover two platforms (Android and PHP). I try to show a lazy approach to identify EU users and serve non personalised ads to these user.

Android

Google already provides a consent library. It’s nice and does it job. However, let’s do this without showing any annoying consent dialog, and without breaking any law at the same time. It’s probably good to mention to publish a privacy policy with your application. You can add that from your play console. If you have no idea how to write your policy or the budget hire someone to do that. You can use this awesome tool that will generate one for you.

Back to the subject and technical stuff. Let’s start by adding the library in our app level gradle file.

compile 'com.google.android.ads.consent:consent-library:1.0.6'

Now, let’s collect if we can show personalized or non personalized ads.

ConsentInformation consentInformation = ConsentInformation.getInstance(getApplicationContext());

        String[] publisherIds = {"YOUR_PUPLISHER_ID"};
        consentInformation.requestConsentInfoUpdate(publisherIds, new ConsentInfoUpdateListener() {
            @Override
            public void onConsentInfoUpdated(ConsentStatus consentStatus) {
                // User's consent status successfully updated.
                boolean collected = ConsentInformation.getInstance(getApplicationContext()).isRequestLocationInEeaOrUnknown();
                AppConfiguration.putSavedBoolean(getApplicationContext(), "show_non_personalized", collected);

            }

            @Override
            public void onFailedToUpdateConsentInfo(String errorDescription) {
                // User's consent status failed to update. Let's ignore this until collected
            }
        });

Finally, serving the ads according to the collected information.

AdView mAdView = findViewById(R.id.adView);
        Bundle extras = new Bundle();
        if (AppConfiguration.getSavedBoolean(getApplicationContext(), "show_non_personalized", true))
            extras.putString("npa", "1");
        else
            extras.putString("npa", "0");
        AdRequest adRequest = new AdRequest.Builder().addNetworkExtrasBundle(AdMobAdapter.class, extras).build();
        mAdView.loadAd(adRequest);

PHP

The approach for php relies on a php plugin calles GeoIP. This plugin is basically a database with ip to country, city and more location information. Most importantly, it’s ability to continent identification which allows us to identify EU users.

Install GeoIP for php on Debian:

wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gunzip GeoLiteCity.dat.gz
sudo mkdir -v /usr/share/GeoIP
sudo mv -v GeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat
sudo apt-get install php7.0-geoip

Using it to identify EU users.

if(geoip_continent_code_by_name($_SERVER['REMOTE_ADDR'])=="EU"){
  // Render some html that shows a popup or modal
}

Some html you can render to collect consent and store it in a cookie. You can store it in local storage or even in a database. This is the laziest way.

<script>

function getCookie(cname) {
    var name = cname + "=";
    var decodedCookie = decodeURIComponent(document.cookie);
    var ca = decodedCookie.split(';');
    for(var i = 0; i <ca.length; i++) {
        var c = ca[i];
        while (c.charAt(0) == ' ') {
            c = c.substring(1);
        }
        if (c.indexOf(name) == 0) {
            return c.substring(name.length, c.length);
        }
    }
    return "";
}


function setCookie(cname, cvalue, exdays) {
    var d = new Date();
    d.setTime(d.getTime() + (exdays*24*60*60*1000));
    var expires = "expires="+ d.toUTCString();
    document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
}


function setConsent(agree){
    if(agree){
        setCookie("consent",true,14);
         $('#consentModal').modal('hide');
    }else{
        setCookie("consent",false,14);
        location.reload();
    }

}


$(document).ready(function() {
     if(getCookie("consent")=="false" || getCookie("consent")=="ture"){
         /*already set*/
     }else{
         $('#consentModal').modal('show');
     }

});

</script>

Finally render Ad request: Only ask for non-personalised ads when consent is set and its 0.

 if(isset($_COOKIE["consent"]) && $_COOKIE["consent"]=="false"){
     echo '(adsbygoogle = window.adsbygoogle || []).requestNonPersonalizedAds = 1;';
 }

About the author

noras

"Senior Software Engineer. MSc in Computer systems and Networks with big interest in security. Loves to play with Android code and does security research for fun and profit. Speaks 4 languages and codes in much more."

Related articles

Tags: #Android #GDPR #Java #PHP #privacy




Copyright © 2019 - nindoda.com