sentry-unity
sentry-unity copied to clipboard
getsentry
User consent for mobile (iOS/Android)
What problem could Sentry solve that it doesn't?
We have a Unity mobile app using Sentry that is intended for the iOS and Android platforms and we'd like to make sure we can comply with GDPR. What we're looking to be able to do with Sentry is:
- Control explicit initialization of Sentry AND still be able to use native support. This is currently difficult to do as the C# initialization for Unity is done using a
[RuntimeInitalization]attribute in the Sentry package code and would require locally embedding and customizing the package to do.
- Disable and re-enable Sentry at runtime. Chiefly this would be to support a player enabling or disabling data collection while the app is running. This would also require the ability to initialize a session in the same way as described above.
- When a session is stopped or not initialized we would need to be assured Sentry is not continuing to collect error data and sending it out to the cloud. Even without more explicit PII such as a user ID or email address, device identifiers are still considered an online identifier for the purpose of GDPR. An easy way for us to comply with this is to not send out any data from a player's device where they have disabled data collection.
An easy way for us to comply with this would be to hard-disable Sentry for our production app, but we'd like to leverage Sentry if possible.
What are online identifiers?
The UK GDPR specifically includes the term ‘online identifiers’ within the definition of what constitutes personal data.
These may include information relating to the device that an individual is using, applications, tools or protocols. A non-exhaustive list is included in Recital 30:
- internet protocol (IP) addresses;
- cookie identifiers; and
- other identifiers such as radio frequency identification (RFID) tags.
- Other examples of online identifiers that may be personal data include:
- MAC addresses;
- advertising IDs;
- pixel tags;
- account handles; and
- device fingerprints.
With regards to enable/disable, what you're looking for we plan to add as a feature called User Consent:
- https://github.com/getsentry/team-mobile/issues/24
This way the SDK can be initialized as it currently is, but nothing leaves the device unless consent is given. Consent can also be revoked.
From the list of Ids you mentioned, we don't send any of those except that on iOS, the IP address of the connection is automatically inferred as the user.ip. This can be opt'ed out:
On other platforms, you'd need to check send default PII for the connection IP address to be stored in the event.
There's more info about compliance here: https://docs.sentry.io/product/security/mobile-privacy/
Thanks for the update @bruno-garcia. We would really like to include Sentry with this feature as a part of our production app. Do you have any idea of an ETA for when this would be available in the Unity SDK?
If revoked stop events from being sent again.
Would a user be able to give their consent after revoking it and enable Sentry to start working again?
If revoked stop events from being sent again.
Would a user be able to give their consent after revoking it and enable Sentry to start working again?
Yes. Revoke basically steps data from leaving the device towards Sentry. Re adding consent 'opens the door' again.
Thanks for the update @bruno-garcia. We would really like to include Sentry with this feature as a part of our production app. Do you have any idea of an ETA for when this would be available in the Unity SDK?
Unfortunately we don't have an ETA for this yet. But we'll discuss and try to prioritize but it's in the months rather than weeks timeline as of now.
I've added a new tracking issue, to clearly track the dependencies that must be implemented first before we can go on and implement here in the unity SDK: #1044
