6

MoPub finally released their SDK for GDPR and I'm following their instructions and their code told me I did not need a consent, which makes sense since I'm in the US. I then switched to a VPN for Germany and it continued telling me the same. So how can I test this?

This is the code I'm using:

          PersonalInfoManager mPersonalInfoManager = MoPub.getPersonalInformationManager();
          boolean gdprApplies = mPersonalInfoManager.gdprApplies();
          boolean shouldShowConsentDialog = mPersonalInfoManager.shouldShowConsentDialog();

Both gdprApplies and shouldShowConsentDialog were false when using the VPN in Germany and I even tried it after clearing data of the app.

casolorz
  • 8,486
  • 19
  • 93
  • 200
  • Hi, I have a similar issue. My management decided that one of the apps we maintain must show our custom consent screen relying on Mopub's shouldShowConsentDilaog() method. But the thing is that we still not sure if its reliable enough because sometimes it can be tricked using VPN and sometimes not. I would really like to know what exact algorithm does Mopub use to detect if user is applicable for GDPR or not. Do they use only IP? Do they use some mix of IP and what they might have gathered on the device previously? It would really help if we knew what they do to detect EEA. – Oleksandr Berdnikov May 20 '18 at 13:16
  • 1
    I have yet to find a way to fool it, so you are way ahead of me there. – casolorz May 21 '18 at 17:51

3 Answers3

2

it might be using your phones region setting and not the network. try setting the region on your phone.

It may also be using the sim country, so start an emulator and run this command to fake your sim region

adb root
adb shell 
setprop gsm.sim.operator.iso-country gb
Tomer Shemesh
  • 10,278
  • 4
  • 21
  • 44
  • Changing the language didn't help. This phone doesn't have a sim and it didn't let me set the property you specified. That doesn't mean your answer is wrong, I just couldn't do it. Is there some other place to change the region on the phone? I tried changing the time zone and that didn't help either. – casolorz May 15 '18 at 20:04
  • the best way is to use adb command. i would suggest just setting up a new simulator through android studio and just use that if you can – Tomer Shemesh May 15 '18 at 20:06
2

I used VPN to get a European IP-address and the EU-consent dialog showed correctly. Maybe you need to clear cache or reinstall your app.

activity
  • 2,653
  • 3
  • 20
  • 44
  • I'm showing my own dialog, so I'm only calling the methods to check if I need to show it. I'll try again later this week to see what happens. Thanks for the info. – casolorz May 21 '18 at 16:22
  • E/Volley: [128418] BasicNetwork.performRequest: Unexpected response code 503 for https://ads.mopub.com/m/gdpr_consent_dialog when i try vpn i get this error (i set vpn location as germany) – Sarath Kumar May 25 '18 at 13:13
1

First of all GDPR does apply outside of US if you are UE citizen. So "spoofing like you are in UE" does not conform anything with regard to GDPR (you can watch explanation also here).

Second of all - it's all in the docs, please read it:

GDPR Applies: If we detect that a user opened a given application for the first time in the European Economic Area, United Kingdom, or Switzerland, as determined by the user’s truncated IP address, MoPub will consider GDPR applying to that user for the lifetime of that application, meaning that MoPub requires the user’s consent before serving personalized ads. As of SDK 5.0, if the user opened the application for the first time in any region outside of the European Economic Area, United Kingdom, and Switzerland, we will always treat the user as having consent.

Marian Paździoch
  • 8,813
  • 10
  • 58
  • 103
  • Your own answer contradicts itself (or at least points out a flaw in MoPub's understanding of GDPR). Their "once-ever" tactic for determining GDPR-applicability means it's impossible for that flag to change after their initial sync of that status. So if you're in the EU when you first open an app with 5.0.0, you will forever be marked as `gdprApplies==true`. Even worse: showing the MoPub Consent Dialog makes an API call to fetch content, and that call is restricted via GeoIP lookup. So if you leave the EU, you won't be able to view the dialog at all, even though gdprApplies==true. – Joe May 30 '18 at 22:24
  • You get me wrong Joe. I meant: 1st - MoPub is wrong with understanding GDPR; 2nd - if you still want to go with MoPub then I gave how they want it to be done. – Marian Paździoch May 31 '18 at 15:54
  • If we consider this true, how shall the EU enforce this upon a private company in Chile or anywhere else? – luben Oct 13 '19 at 19:51
  • @luben - this is the Chile company bussiness to comply with that law; if it wants to really check how "EU enforce this" it just has to violate that law and wait for "fine of up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year"; please share the result with us; list of fines applied -> http://www.enforcementtracker.com/ – Marian Paździoch Oct 14 '19 at 08:36