I read in the notes of daily build 2018.3286 that “Corona built apps would not send any personal information about user”. Can Rob or any other Corona member please explain what does this mean?
All our apps are built with a previous Corona version (“2018.3280”). We don’t collect or share any personal or anonymous information through our apps and we want to make sure that nothing is collected in the back stage. With GDPR coming into force on May 25, this is a very important issue. Thank you.
Thanks for the reference Idurniat.
Corona collects basic usage metrics like daily active users (DAU), monthly active users (MAU), number of sessions, etc. Prior to 3286, we included IP address and IDFV (ID for Vendor) and the Google equivalent. Generally speaking most people would not consider that data private, until the EU redefined it as part of the GDPR.
So that Corona is out of the way, starting with 3286 we changed how we collect those metrics to do so without IP address, IDFV etc.
If you want to be GDPR compliant, you have to update with this version or later if you don’t want to include Corona in your privacy policy and any permission dialogs. If you don’t want to update to 3286 or later, you’re still going to have to update your apps, but let your users know that Corona is collecting data in your privacy policy and in your permission dialogs. Regardless, you need to update your apps.
Rob
Thanks for the clarifications Rob, they are very helpful. We updated all our apps after building them with version 3289.
So, just to be sure, now that we built with the GDPR compliant version, do we need to mention anything about Corona in our privacy policy?
Hi, I have some follow-up questions about this all and how this is affecting UA and attribution in our apps… Are IP address, device ID and IDFA still captured now with the latest daily build?
I’ve already updated my apps with the hasUserConsent value for appropriate ad plugins, and we use Tenjin for attribution so I’m sending along the appropriate hasUserConsent value for that too. Guess I’m just curious if even if those values were all set to true, if attribution still would fail because IP or IDFA were missing…
Hi @borderleap.
With the latest daily build, Corona should not be collecting any IP address, device ID or IDFV, etc. But we have no control over what any third-party service is doing. As GDPR friendly ad/analytic plugins that are under our code control get updated GDPR friendly SDK’s to build against, we are updating them. Our documentation should note any GDPR features a plugin supports. But that doesn’t mean they are not using said identifiers. Most have away for you to collect consent and pass that information back to the service. What they do with that consent will vary from service to service.
Rob
Makes perfect sense. Thanks Rob!
Thanks for the reference Idurniat.
Corona collects basic usage metrics like daily active users (DAU), monthly active users (MAU), number of sessions, etc. Prior to 3286, we included IP address and IDFV (ID for Vendor) and the Google equivalent. Generally speaking most people would not consider that data private, until the EU redefined it as part of the GDPR.
So that Corona is out of the way, starting with 3286 we changed how we collect those metrics to do so without IP address, IDFV etc.
If you want to be GDPR compliant, you have to update with this version or later if you don’t want to include Corona in your privacy policy and any permission dialogs. If you don’t want to update to 3286 or later, you’re still going to have to update your apps, but let your users know that Corona is collecting data in your privacy policy and in your permission dialogs. Regardless, you need to update your apps.
Rob
Thanks for the clarifications Rob, they are very helpful. We updated all our apps after building them with version 3289.
So, just to be sure, now that we built with the GDPR compliant version, do we need to mention anything about Corona in our privacy policy?
Hi, I have some follow-up questions about this all and how this is affecting UA and attribution in our apps… Are IP address, device ID and IDFA still captured now with the latest daily build?
I’ve already updated my apps with the hasUserConsent value for appropriate ad plugins, and we use Tenjin for attribution so I’m sending along the appropriate hasUserConsent value for that too. Guess I’m just curious if even if those values were all set to true, if attribution still would fail because IP or IDFA were missing…
Hi @borderleap.
With the latest daily build, Corona should not be collecting any IP address, device ID or IDFV, etc. But we have no control over what any third-party service is doing. As GDPR friendly ad/analytic plugins that are under our code control get updated GDPR friendly SDK’s to build against, we are updating them. Our documentation should note any GDPR features a plugin supports. But that doesn’t mean they are not using said identifiers. Most have away for you to collect consent and pass that information back to the service. What they do with that consent will vary from service to service.
Rob
Makes perfect sense. Thanks Rob!