Terms and privacy policy flow
© 2025 AppLovin. All rights reserved.
[COMPONENT: TestingUMPIntegration]
For MAX consent flow to display the Google GDPR form, you must first create and publish the Google GDPR message on the AdMob dashboard. To do so:
#ffffff).#6e6e6e).In its default GDPR message, Google might not show all your ad network partners. If you fail to include these networks, this could adversely affect your ad revenue. Follow the steps in this section to ensure all your ad partners appear in the GDPR message.
The SDK presents the consent flow when you initialize the SDK. When the user completes the flow, the SDK calls your initialization-completion callback.
You can find your SDK key in the Account > General > Keys section of the AppLovin dashboard.
This page explains how you can use the MAX Terms & Privacy Policy Flow to prompt acceptance of your Terms of Use and Privacy Policy.
The AppLovin MAX SDK automates the integration of Google UMP. You do not need to manually integrate the Google UMP. This is opt-in and AppLovin will provide you instructions on how you can enable this Google UMP integration. Below is a visual representation of the flow:
Under the Privacy section of the MAX Mediation Debugger, the CMP (Consent Management Platform) row displays the name of the Google-certified CMP SDK that you integrated. If you integrated the Google UMP SDK, it displays “Google consent management solutions” as the name.
If you select the CMP (Consent Management Platform) row, you can inspect the IAB TCF parameters IABTCF_gdprApplies, IABTCF_TCString, and IABTCF_AddtlConsent. For the latter two, you can click the row to copy or share its value.
To view the consent statuses of all networks, expand Network Consent Statuses in the Mediation Debugger. The Mediation Debugger parses the TC string and displays the consent statuses of all networks. It also displays the AppLovin consent status that it parses from the AC string that Google UMP generates.
[COMPONENT: Terms1]
[COMPONENT: ATTbug]
AppLovin MAX SDK, when used with Google UMP, complies with TCF v2: The MAX SDK can ingest the consent string and AC string and forward the TCF v2 Consent strings / states to the mediated networks as described in TCF v2 consent.
If you do not use Google UMP as your CMP, either through AppLovin’s automated flow or otherwise, you must ensure that the CMP you choose supports all the mediated networks you integrate.
If you do not use a CMP, you must continue to set AppLovin’s SDK’s binary consent flags as described in Consent and other applicable flags in GDPR and other regions.
[COMPONENT: TermsFlowchart]
[COMPONENT: Terms2]
[COMPONENT: EnablingGoogleUMP]
First, add the dependency for the Google User Messaging Platform SDK to your app’s target.
Do this in your project’s Podfile:
In your app’s Info.plist, create a new key named NSUserTrackingUsageDescription of type String.
This string is how you inform your user why the app requests permission to use data that tracks the user or the device.
AppLovin recommends that you set its value to “This uses device info for more personalized ads and content.”
You can enable the MAX Terms and Privacy Policy Flow programmatically or by adding a settings file to application resources. The sections below explain both of these methods.
When you submit your app to App Store Connect for review, you must notify the reviewer that you enabled the App Tracking Transparency framework permission request for iOS 14.5+ only. Do this in the Review Notes section. If you do not do this, Apple may reject your build.
To enable the MAX Terms and Privacy Policy Flow programmatically, set certain properties of the SDK’s settings object before you initialize the SDK.
The code sample below shows how to do this:
[COMPONENT: SdkKey]
To enable the MAX Terms and Privacy Policy Flow by using your app’s AppLovin-Settings.plist, do the following:
AppLovin-Settings.plist to your project’s main target.AppLovin-Settings.plist, create a new key named ConsentFlowInfo of type Dictionary.
Inside ConsentFlowInfo add the following key/value pairs:
Boolean with the key ConsentFlowEnabled and the value YES.String with the key ConsentFlowPrivacyPolicy and the value of your Privacy Policy URL.String with the key ConsentFlowTermsOfService and the value of your Terms of Service URL.Boolean with the key ConsentFlowShowTermsAndPrivacyPolicyAlertInGDPR and the value YES to show the Terms and Privacy Policy alert in GDPR region before the Google UMP flow.The final result should resemble this:
[COMPONENT: FinishConsentFlow]
If you set the user ID in your MMP integration, set it where you set the AppLovin user ID. The code snippets below use Adjust as an example. Refer to Adjust’s documentation to learn how to initialize Adjust and set the user ID.
The table below gives you an English (base) description and a variety of localizations that you can use at your discretion. Read the Documentation > Xcode > Localization instructions to learn how to localize your app.
| Locale | String |
|---|---|
| English (base) | This uses device info for more personalized ads and content |
| Chinese simplified (ZhHans) | 我们使用设备信息来提供个性化的广告和内容。 |
| Chinese traditional (ZhHant) | 我們使用設備信息來提供個性化的廣告和內容。 |
| French (fr) | Cela permet d’utiliser les informations du téléphone pour afficher des contenus publicitaires plus pertinents. |
| German (de) | Dies benutzt Gerätinformationen für relevantere Werbeinhalte |
| Japan (Ja) | これはユーザーデータをもとに、より関連性の高い広告コンテンツをお客様に提供します |
| Korean (Ko) | 보다 개인화된 광고 및 콘텐츠를 위해 기기 정보를 사용합니다. |
| Spanish (es) | Esto utiliza la información del dispositivo para anuncios y contenido más personalizados |
AppLovin recommends that you allow existing users in GDPR regions to reenter the GDPR flow.
Typically, users do this in your app’s Settings section via an option to Manage Existing Privacy Settings.
You can determine if a user is in a GDPR region with the SDK API ALSdkConfiguration.consentFlowUserGeography.
The user is in GDPR region when consentFlowUserGeography is ALConsentFlowUserGeographyGDPR.
If so, you can conditionally show that settings option to the user.
When the user clicks Manage Existing Privacy Settings (or its equivalent), call -[ALCMPService showCMPForExistingUserWithCompletion].
This resets the user’s existing consent information.
If you want to test the Google CMP outside the GDPR region, set the debug user geography by using one of the techniques shown below:
In the CMP CONFIGURATION section, you can verify which networks integrate with or are missing from your Google UMP configuration. This is an exhaustive list of all networks that are available to MAX. You can ignore any networks that you did not integrate in your application.
On your CMP flow you must list the networks that you integrate in your application. To check if any of those networks are missing, and to fix this problem:
Repeat these steps until you verify that you included all of your networks in the CMP flow.
The flow shows only to new users. If you want to test the flow after you complete the CMP prompt, you must delete and re-install the app.
To set the debug user geography to GDPR use code like the following:
To set the debug user geography, add the ConsentFlowDebugUserGeography key with string value gdpr under the ConsentFlowInfo object:
Due to a bug in iOS 17.4, the App Tracking Transparency (ATT) prompt may prematurely indicate that a user rejected ATT. This causes the AppLovin SDK to initialize your Ad Units with LAT-configured ad networks, even for a user who might consent to ATT. If you use AppLovin’s Unifed Consent Flow, update to the latest iOS SDK (12.3.0+) to mitigate this issue.
Do not check the Close (do not consent) option.
See “Manage GDPR ad partners” at the Google AdMob Help site for the list of ad partners that are GDPR-certified with Google.
You must wait until the user finishes the consent flow before you initialize third-party SDKs (such as MMPs or analytics SDKs). For this reason, initialize such SDKs in your initialization-completion callback. If you initialize third-party SDKs before the user completes the consent flow, these SDKs cannot access relevant identifiers, and you suffer a material impact on measurement, reporting, and ad revenue.
Do not initialize MAX mediated network SDKs in your initialization callback. MAX performs this initialization automatically.
You may use the CMP flow included with the MAX SDK, or you may integrate your own. If you integrate your own CMP flow, make sure that flow completes before you initialize the MAX SDK.
The TCF consent state may be false in either of the following circumstances:
If you access Google demand through MAX, it’s critical that you review the Google CMP requirements before you start the integration process.
