App devs bewildered by last-minute Google GDPR klaxon
Don't worry, regulation still, er, WEEKS away
Android developers are scrambling to change their apps after 11th hour privacy instructions from Google left them waiting on an SDK which still isn't ready.
On 4 May, just three weeks before the deadline for implementing GDPR, Google emailed developers who use its Admob advertising system that a new consent API was being rushed in – but wasn't quite ready yet.
The new API, which allows the app to request opt-in consent from users to view ads, is to be released before 25 May. But developers may have a spot of bother testing the new API before that deadline, as ad serving was "not guaranteed to work correctly", warned Google. In fact the official documentation, seen by us, advised devs not to test the API at all.
"Please do not attempt to use these APIs before May 25, because they may disrupt ad serving on your app," Google said.
Confusion abounded. It wasn't clear when the consent message would appear, or what it would look like. Could the user refuse it? What would this mean for the developer's business model if consent was withheld?
Far from being able to let the ad network take care of it, developers were plunged into legal confusion, chewing over the meaning of "valid" and "explicit" consent.
This week Google clarified things – a bit – with an employee posting on the Admob forum.
At first Google said that if the user doesn't provide the consent, "you should close the app, and again show the consent dialog on the next app launch... There should be no need to let users to continue to use the free version without any ads."
That left most of the big issues unaddressed.
"That doesn't sound like a great user experience to me," one developer told us. "Also who is going to consent to personalised ads above non-personalised ads, given the choice?"
Google returned to the fray. There will be three options on the consent dialog, a rep explained: 1) Personalised ads 2) Non-personalised ads or 3) Ad free.
"The first two constitute consent to show ads to the user (personalized or non-personalized as the case may be)," explained Google's "Sam".
"The third option is up to you. As previously mentioned, a common use case will be to send the user to the store listing for the premium version of your app."
In a statement, a Google spokesperson told us:
We created the Ad Technology Provider controls so that every publisher that uses our ad technology has the ability to select their preferred providers. Publishers decide which providers they want to work with and the number of vendors they want to select. If they decide not to make a selection, we will apply a list of the most commonly used providers based on those that generate the most revenue for publishers.
Devs have told us this is not very helpful.
Google has already been criticised for passing the buck to publishers, with four trade groups accusing Google of creating a "framework more concerned with protecting your existing business model in a manner that would undermine the fundamental purposes of the GDPR and the efforts of publishers to comply with the letter and spirit of the law." ®
Sponsored: Becoming a Pragmatic Security Leader