Very first consent request (prior to user giving consent) contains AAID, violating GDPR.

[batteredhedgehog]

Step 0: Are you in the right place?

• For general technical questions, or help with project-specific issues like setting up ads in your app, reach out to our support team on the Developer Forum.

• For assistance with your AdMob account, reach out to AdMob Support.

• For feedback on our documentation, send your feedback by pressing the Send Feedback button at the top right of the documentation page you are on.

• For issues related to the code in this repository, continue filing this GitHub issue.

• Once you've read this section and determined that your issue is appropriate for this repository, please delete this section.

[REQUIRED] Step 1: Describe your environment

• Unity version: _____2022.3.8f1
• Google Mobile Ads Unity plugin version: _____8.5.3
• Platform: _____Android
• Platform OS version: _____ Android 14
• Any specific devices issue occurs on: _____Pixel 6a
• Mediation ad networks used, and their versions: _____none

[REQUIRED] Step 2: Describe the problem

I have configured admob with no mediation. I am calling UMP consent as suggested in the documentation, before I initialize admob. I use charles proxy to look at the packets sent. The very first packet my app sends is a consent request - which includes the AAID .. which violates GDPR. See below image. I do not want to disable personalised ads. How am I supposed to prevent this from happening. I have searched the documentation and cannot find an answer. I have also reached out to the admob google group - and received a nonsensical answer which pointed me to an irrelevant document.

Steps to reproduce:

What happened? How can we make the problem occur? This could be a description, log/console output, etc.

Please share a downloadable sample project that reproduces the bug, if available. This greatly helps us to diagnose and fix the issue faster.

Relevant Code:

// TODO(you): code here to reproduce the problem

[batteredhedgehog]

This is easy to demonstrate with the google provided unity admob HelloWorld sample.

1. Create a unity project.
2. Install and configure the admob plugin.
3. Copy the HelloWorld code from this repository.
4. Install charles proxy on your pc
5. configure charles proxy as an ssl proxy.
6. set your android device to use the charles proxy.
7. Install the charlesproxy unityplugin from this page
8. Set your build platform to android
9. build and run the application on a device.
10. The first call from the app in the charles proxy log contains the adid as shown in the above screen shot.

This is a critical bug that must be fixed.

If a fix is not provided, or a workaround documented - then the UMP violates the GDPR, and violates google's own app publication policy. I expect at least a reply to the bug report in short order.

[LambdaStudiosPH]

i think this is the reason why my app will get removed on december 4. Im using the UMP gdpr consent and suddenly google flagged my app saying its transmitting advertising id(its an offline app with only admob sdk). Please help us fix this. thanks admins.

[NVentimiglia]

@batteredhedgehog

This is fixed in UMP SDK 2.1.0, which is available on Android 22.5.0. You can update your GoogleUmpDependencies.xml file to pull in this dependency explicitly.

[batteredhedgehog]

This is what is already listed in my AndroidResolverDependencies.xml

<dependencies>
  <packages>
    <package>com.google.android.gms:play-services-ads:[22.3.0]</package>
    <package>com.google.android.gms:play-services-base:18.2.0</package>
    <package>com.google.android.ump:user-messaging-platform:2.1.0</package>
    <package>com.google.firebase:firebase-analytics:21.3.0</package>
    <package>com.google.firebase:firebase-analytics-unity:11.6.0</package>
    <package>com.google.firebase:firebase-app-unity:11.6.0</package>
    <package>com.google.firebase:firebase-common:20.3.3</package>
    <package>com.google.firebase:firebase-config:21.4.1</package>
    <package>com.google.firebase:firebase-config-unity:11.6.0</package>
  </packages>
  ...

Notice that it already includes ump 2.1.0. Do you mean I also need to include play-services-ads:22.5.0 ?

If so, according to the release notes that dependency is pinned because of another bug Google Mobile Ads Unity Plugin v8.5.3

I'm not sure where that leaves me..

[batteredhedgehog]

See #2930

[batteredhedgehog]

@NVentimiglia I might be wrong, but you seem to be underestimating the urgency of this issue. Won't anyone who tries to publish an app that uses the google mobile ads unity plugin v8.5.3 likely get rejected from the play store - as possibly evidenced by @LambdaStudiosPH above.

[batteredhedgehog]

@NVentimiglia Updating dependencies to play-services-ads:22.5.0 leads to build failures. My Project Settings -> Player -> Android -> Other Settings -> Target Api Level is set to highest installed. You can try it yourself with your own HelloWorld sample app.

Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF-8
Note: /home/jules/src/AdmobSample/Library/Bee/Android/Prj/IL2CPP/Gradle/unityLibrary/src/main/java/com/unity3d/player/UnityPlayerActivity.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':launcher:checkReleaseAarMetadata'.
> A failure occurred while executing com.android.build.gradle.internal.tasks.CheckAarMetadataWorkAction
   > One or more issues found when checking AAR metadata values:
     
     Dependency 'androidx.privacysandbox.ads:ads-adservices-java:1.0.0-beta05' requires 'compileSdkVersion' to be set to 33 or higher.
     Compilation target for module ':launcher' is 'android-32'
     
     Dependency 'androidx.privacysandbox.ads:ads-adservices:1.0.0-beta05' requires 'compileSdkVersion' to be set to 33 or higher.
     Compilation target for module ':launcher' is 'android-32'

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 7s

UnityEngine.GUIUtility:ProcessEvent (int,intptr,bool&) (at /home/bokken/build/output/unity/unity/Modules/IMGUI/GUIUtility.cs:190)

grepping for compileSdkVersion in the project gives:

$ grep -R compileSdkVersion
Assets/Plugins/Android/mainTemplate.gradle:    compileSdkVersion **APIVERSION**
Library/Bee/Android/Prj/IL2CPP/Gradle/launcher/build.gradle:    compileSdkVersion 32
Library/Bee/Android/Prj/IL2CPP/Gradle/unityLibrary/FirebaseApp.androidlib/build.gradle:    compileSdkVersion 32
Library/Bee/Android/Prj/IL2CPP/Gradle/unityLibrary/build.gradle:    compileSdkVersion 32
Library/Bee/Android/Prj/IL2CPP/Gradle/unityLibrary/GoogleMobileAdsPlugin.androidlib/build.gradle:    compileSdkVersion 32

[batteredhedgehog]

ok.. apologies for the many posts. So I managed to get it to build. I had to manually select 34 as the target API in unity and get it to download the SDK.

Using your HelloWorld code. After I updated the dependency to play-services-ads:22.5.0 and updated the targetAPI level to 34, the build succeeded. Then I set up charles proxy again.. with identical results. The adid and device info are in the first request as in the above screenshot.

I really think you should dedicate some time to testing this yourself.

[s4relok]

I'm having the same issue:

Google Play rejects my updates with the message:

Issue found: Families Data Practices We’ve identified that your app or an SDK in your app transmits device identifier(s) from children or users of unknown age that do not comply with our Families Policy.

For example, the destinations of Android Advertising ID transmission may include, but are not limited to, fundingchoicesmessages.google.com

This request seems to be containing AD_ID.

Using: Google Mobile Ads Unity Plugin v8.5.3 It includes dependency on com.google.android.ump:user-messaging-platform:2.1.0

Also I tried set true to "TagForUnderAgeOfConsent" setting before first call to ConsentInformation.Update:

ConsentRequestParameters request = new ConsentRequestParameters
{
       TagForUnderAgeOfConsent = true,
       ConsentDebugSettings = debugSettings
};

ConsentInformation.Update(request, OnConsentInfoUpdated);

The same result: app rejected.

[batteredhedgehog]

I know I'm being a bit negative but I am baffled that the sdks dont have unit or integration tests that ensure that private ids and data are not sent with UMP consent requests. Its pretty core to the library. I find it extraordinary that it falls to developers who are trying to implement (and believe me I have tried - it has taken me weeks to get to this point) a google policy requirement to find such fundamental flaws.

[pescador07]

I have the same problem :(

[batteredhedgehog]

OK.. seeing as there is no response here, not even to acknowledge the problem - I'll try to do some of the legwork to keep things moving.

@pescador07 , @s4relok , @LambdaStudiosPH - I'm thinking there could be a lot of reasons for app rejection. The specifics of your rejections sound like they may be related to this problem.

Can any of you verify on a real device that you are actually hitting this issue by looking at the data sent from your apps? You'll need to use some sort of SSL proxy. Most people seem to use charles proxy. Its a bit fiddly, but not that hard to set up. It is well documented on the internet for all platforms (Windows, Linux, Macos). Your looking for the "adid" in the request data for the first consent HTTPS request from your app - as shown in the screnshot in my original post.

[NVentimiglia]

@batteredhedgehog @pescador07

I see the issue, we are looking into a fix for the issue.

[NVentimiglia]

We are removing this functionality from UMP 2.2.0.  Please update to the latest UMP SDK when it is released.

[batteredhedgehog]

Thanks @NVentimiglia . I'm sure your realise that policy requirement for using a CMP in admob becomes active in January. Is there a release time frame?
Any suggestions for people who's apps are being rejected now because of this?

[pescador07]

Hello everyone, I have sent a version of the app for review without calling UMP consent and Google says that the ID problem continues, is this normal?

Thanks

[s4relok]

Hello everyone, I have sent a version of the app for review without calling UMP consent and Google says that the ID problem continues, is this normal?

I've tried the same apprach. And yep, still the update was rejected because of AD_ID. It seems that the request to fundingchoicesmessages.google.com happens even without calling it manually.

At this moment I made a radical move and disabled Google Ads in my game at all (switched to Unity Ads). And only after this the update was OK-d.

Now waiting for the new release of the plugin to try again.

[LambdaStudiosPH]

@pescador07 Has your update been approved, but the warning still appears like mine, or was your update completely rejected?

i also removed the code that calls the UMP consent dialogue i even forced all ads to be non-personalized but the warning is still present. Even tho this update has been approved and now live on google play the warning is still present which is weird

this yellow warning is still present on my policy tab on console. it says 20 days before my app will get removed. NOTE: my app is a simple offline app with only admob sdk in it. nothing else

[s4relok]

this yellow warning is still present on my policy tab on console.

I also have the warning on my policy tab on console. Although I don't call the admob at all now.

[pescador07]

@LambdaStudiosPH

The update has been approved, but the warning still appears. I have 18 days left.

[batteredhedgehog]

@s4relok , @pescador07 - the only way to know for sure what data is being transmitted and whether you're still sending the adid is to look yourself with an ssl proxy. Use charles proxy. It will take you maximum 1 hour to set it up and test.
There are other ways to log https traffic - but using an ssl proxy is definitive.

[s4relok]

@pescador07, @LambdaStudiosPH

I contacted to Google Play to ask if I should do something else.

They answered:

I see the changes you've made to your app, which was resubmitted previously and has been approved. Please note that in some instances, the warning may continue to be displayed after the review has been completed. If you successfully resolved the issue, no further action is required and you do not need to contact us about this warning.

@batteredhedgehog

Thank you for the advice. You're right. This warning pushes us into checking it manually. I'm going to try it now.

UPD: Checked all traffic on app launch. Didn't find any "ad id". But I don't use AdMob for now, so I tested only what it sends to unity ads servers.

[Ned11]

@pescador07, @LambdaStudiosPH

I contacted to Google Play to ask if I should do something else.

They answered:

I see the changes you've made to your app, which was resubmitted previously and has been approved. Please note that in some instances, the warning may continue to be displayed after the review has been completed. If you successfully resolved the issue, no further action is required and you do not need to contact us about this warning.

@batteredhedgehog

Thank you for the advice. You're right. This warning pushes us into checking it manually. I'm going to try it now.

UPD: Checked all traffic on app launch. Didn't find any "ad id". But I don't use AdMob for now, so I tested only what it sends to Unity ads servers.

Coincidently, my tale is very similar to yours. My build just got approved, but I still see the warning. Google support sent me the same reply, so I hope it's taken care of. I am not even using UMP, just Admob Mediation, and I still got hit with the violation.

[Ned11]

@pescador07, @LambdaStudiosPH

I contacted to Google Play to ask if I should do something else.

They answered:

I see the changes you've made to your app, which was resubmitted previously and has been approved. Please note that in some instances, the warning may continue to be displayed after the review has been completed. If you successfully resolved the issue, no further action is required and you do not need to contact us about this warning.

@batteredhedgehog

Thank you for the advice. You're right. This warning pushes us into checking it manually. I'm going to try it now.

UPD: Checked all traffic on app launch. Didn't find any "ad id". But I don't use AdMob for now, so I tested only what it sends to unity ads servers.

Update: my build got rejected again, same reason.

[LambdaStudiosPH]

@s4relok @Ned11 @pescador07
How is it going, everyone? Do any of you have any updates regarding this issue? Has anyone here reached the 30-day deadline in the policy center? What was the result? Was your app removed?

I also messaged Google Support, and they also responded, saying, 'Sometimes the yellow warning may continue to be displayed.' However, I'm worried that when the deadline ends, my app will still be removed from Google Play.

[pcwings]

@s4relok @Ned11 @pescador07 How is it going, everyone? Do any of you have any updates regarding this issue? Has anyone here reached the 30-day deadline in the policy center? What was the result? Was your app removed?

I also messaged Google Support, and they also responded, saying, 'Sometimes the yellow warning may continue to be displayed.' However, I'm worried that when the deadline ends, my app will still be removed from Google Play.

I find this insane. How is this a reply?? "You may or may not have your livelihood active in X days, you'll find out which then". How is that a valid reply? Forced to implement something, from Google, used Google's software that gets rejected, by Google and get a response from Google that's vague and rolling a dice with our livelihood? If someone reads this from Google, contact whoever you can and tell them to pick up their game, this really isn't good enough. This cluster needs unwinding.

[NVentimiglia]

Thanks for the feedback everyone. I understand this is frustrating. I will update this thread when 2.2.0 is released.

[niceali]

Hi

Get Outlook for Androidhttps://aka.ms/AAb9ysg

---

From: Nicholas Ventimiglia @.> Sent: Tuesday, November 21, 2023 7:09:09 AM To: googleads/googleads-mobile-unity @.> Cc: Subscribed @.***> Subject: Re: [googleads/googleads-mobile-unity] Very first consent request (prior to user giving consent) contains AAID, violating GDPR. (Issue #3003)

Thanks for the feedback everyone. I understand this is frustrating. I will update this thread when 2.2.0 is released.

— Reply to this email directly, view it on GitHubhttps://github.com/googleads/googleads-mobile-unity/issues/3003#issuecomment-1820099914, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJAHSOF5R5H5245NSRB432LYFQEMLAVCNFSM6AAAAAA7AWVUQ6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRQGA4TSOJRGQ. You are receiving this because you are subscribed to this thread.Message ID: @.***>

[pescador07]

Good morning, the same thing happens to me. Google support answers me "Sometimes the yellow warning may continue to be displayed.". I'm arguing with them because it doesn't seem acceptable to me, but they always answer me the same thing, that I should review the policies and blah blah blah... It seems incredible to me that the warning is displayed even though everything is fine, and they see it as normal. Sorry for my English...

[NVentimiglia]

@pescador07

Thanks for the update. This issue will be fixed in the 2.2.0 release. We expect this to land shortly after the Thanksgiving holiday is complete.