User Messaging Platform SDK is not COPPA compliant

[c0ffeec0der]

Plugin Version

2.3.0

Steps to Reproduce

Follow https://developers.google.com/admob/flutter/targeting section

implement below

await MobileAds.instance.initialize();
await MobileAds.instance.updateRequestConfiguration(RequestConfiguration(
     tagForChildDirectedTreatment: TagForChildDirectedTreatment.yes));

publish to google play

Expected results:

Pass google play

Actual results:

Google play reject aps with below error

Policy Declaration - Data Safety Section: Device Or Other IDs Data Type - Device Or Other IDs (some common examples may include Advertising ID, Android ID, IMEI, BSSID, MAC address)

After removing plugin googleads-mobile-flutter ; it works

[huycozy]

@c0ffeec0der Can you confirm you have filled Data safety and have been approved from Google play console? Please check this SO if it helps: https://stackoverflow.com/a/71234298/5921933

[c0ffeec0der]

COPPA does not allow Ads Id, therefore step
6. go to Device or other IDs and check it then next
in SO for COPPA case is not checked.

By setting

await MobileAds.instance.initialize(); await MobileAds.instance.updateRequestConfiguration(RequestConfiguration( tagForChildDirectedTreatment: TagForChildDirectedTreatment.yes));

The expectation it should pass google play data safety with device id unchecked. But it does not.

This means that all children apps could not use admob for flutter. Because the code above does not work...

[huycozy]

Thanks for the update. Labeling the issue for further insights from the team!

[c0ffeec0der]

@huycozy please hold a bit. I think it might be ump that ask for consent causing this. I'm waiting google play with the check result

[c0ffeec0der]

@huycozy

It is the UMP sdk that send out some id that cause Google play to show error on data safety.

Follow issue #660 for the code

and add in main

await MobileAds.instance.initialize(); await MobileAds.instance.updateRequestConfiguration(RequestConfiguration( tagForChildDirectedTreatment: TagForChildDirectedTreatment.yes));

Add in AndroidManifest.xml to turn off analytics using adid, ssaid and personalization signal

<meta-data android:name="google_analytics_adid_collection_enabled" android:value="false" /> <meta-data android:name="google_analytics_ssaid_collection_enabled" android:value="false" /> <meta-data android:name="google_analytics_default_allow_ad_personalization_signals" android:value="false" />

submit to google play with data safety device id unchecked.

It will not pass. Somehow UMP SDK is sending some id. But I cannot check using devtools network tab (doesn't catch traffic from SDK).

You need a rooted device and follow this guide to use MITM method to catch the traffic. This is where I don't pursue anymore.

Hope this info helps

[huycozy]

@c0ffeec0der thanks for the investigation.
But I just want to confirm this again. Does your project request Consent Info and also set Child-directed? You have configured Consent Info before and then this issue is happening when you send an update with Child-directed?

[c0ffeec0der]

@huycozy Yes correct. The issue also happen when set 'Child-directed' first and then ask 'Consent Info'. However, remove 'Consent Info' and the issue is gone

[huycozy]

/cc @jjliu15 for thoughts

[timothyhoang-google]

It's unclear to me whether the UMP SDK is being used in the steps to reproduce:

await MobileAds.instance.initialize();
await MobileAds.instance.updateRequestConfiguration(RequestConfiguration(
     tagForChildDirectedTreatment: TagForChildDirectedTreatment.yes));

Was the UMP consent form is used to collect the user's consent? If the form was not used, was the user's consent forwarded to the GMA SDK?

[jjliu15]

Can you try passing ConsentRequestParameters(tagForUnderAgeOfConsent: true) as params when calling ConsentInformation.instance.requestConsentInfoUpdate()?

ConsentInformation.instance.requestConsentInfoUpdate(
  ConsentRequestParameters(tagForUnderAgeOfConsent: true))

[c0ffeec0der]

It's unclear to me whether the UMP SDK is being used in the steps to reproduce:

await MobileAds.instance.initialize();
await MobileAds.instance.updateRequestConfiguration(RequestConfiguration(
     tagForChildDirectedTreatment: TagForChildDirectedTreatment.yes));

Was the UMP consent form is used to collect the user's consent? If the form was not used, was the user's consent forwarded to the GMA SDK?

It is in that order with UMP consent form

[c0ffeec0der]

Can you try passing ConsentRequestParameters(tagForUnderAgeOfConsent: true) as params when calling ConsentInformation.instance.requestConsentInfoUpdate()?

ConsentInformation.instance.requestConsentInfoUpdate(
  ConsentRequestParameters(tagForUnderAgeOfConsent: true))

Hello, Updated code as suggested. Issue still persists

SPLIT_BUNDLE 19: Policy Declaration - Data Safety Section: Device Or Other IDs Data Type - Device Or Other IDs (some common examples may include Advertising ID, Android ID, IMEI, BSSID, MAC address)

Can we first have an agreement that UMP sdk is not COPPA compliant? I think its important to acknowledge this first. I don't think there is much to fix/update on the app code but more on the sdk itself..

[jjliu15]

Some additional questions:

• Are you publishing a kids app?
• Did your app previously pass submission while using ads, but just not calling ConsentInformation.instance.requestConsentInfoUpdate()? Or did your app previously not use this plugin at all
• Could you ask the play team to clarify exactly which IDs are in violation?

[c0ffeec0der]

Are you publishing a kids app?
Yes

Did your app previously pass submission while using ads, but just not calling ConsentInformation.instance.requestConsentInfoUpdate()?
Or did your app previously not use this plugin at all

Yes passed submission earlier then not calling ConsentInformation.instance.requestConsentInfoUpdate(). This function is in the same GMA sdk

Could you ask the play team to clarify exactly which IDs are in violation?

I am sorry to say that it's pointless. I once asked why a release hang, appeal that it should pass. Its either a nice respond or release reset.. Probably they have high load

[jjliu15]

Can you try adding this to your AndroidManifest?

<uses-permission android:name="com.google.android.gms.permission.AD_ID" tools:node="remove"/>

[c0ffeec0der]

I got error during bundle build

Error while evaluating property 'namespace' of task ':app:generateProductionReleaseBuildConfig'.
Failed to calculate the value of task ':app:generateProductionReleaseBuildConfig' property 'namespace'.
> Failed to calculate the value of property 'namespace'.
> org.xml.sax.SAXParseException; systemId: file:/[some file name]/AndroidManifest.xml; lineNumber: 5; columnNumber: 97; The prefix "tools" for attribute "tools:node" associated with an element type "uses-permission" is not bound.

[jjliu15]

Do you have xmlns:tools="http://schemas.android.com/tools" in your manifest?

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="your_package"
    xmlns:tools="http://schemas.android.com/tools">
        
    <uses-permission android:name="com.google.android.gms.permission.AD_ID" tools:node="remove"/>

[timothyhoang-google]

We've identified that this issue requires a fix in the Android/iOS UMP SDK. We'll provide an update once the UMP SDK issue has been fixed, which should fix this issue for the Flutter GMA plugin.

[jjliu15]

@c0ffeec0der just want to confirm, did adding the permission to your AndroidManifest.xml fix the issue?

[huycozy]

We’re closing this issue due to inactivity. If you’re still impacted, please create a new issue via the Developer Forum.