Child-directed apps—FAQ

At a glance: Get answers to frequently asked questions about apps directed towards children. 

Overview

There are many policies, laws, and regulations on child-directed apps to protect children's privacy. The main ones are COPPA and GDPR. In recent years, platforms such as iOS and Android have implemented policies for improved privacy for children. When creating an app, one of the first things to do is determine whether it’s directed to children only or to a mixed audience (both children and adults). Learn from this guide how to implement a compliant attribution solution for apps directed to children.  

Adding a child-directed app

What steps do I need to take when adding a child-directed app?

  1. Follow the Add app wizard.
  2. For step 2 of the wizard, see instructions about child-directed apps.
  3. After the app is added:

 See more details about implementing compliance tools with ad networks.

When adding a new app, what happens after marking it as directed towards children?

Two weeks after adding the app, you'll get a notification asking you to confirm you've implemented privacy controls for your child-directed apps. After confirming, you'll get a confirmation message. You can always access the confirmation message from the Notification center or see the confirmation details in the Audit log.

Can I change my selection of an app that's directed toward children?

At this stage, once you select whether an app is directed toward children or not, your selection can't be reversed. This option is only possible while adding the app.

How can I see if someone in my team marked an app as directed toward children?

Once confirmed that an app is directed toward children, there are two ways you can see the confirmation:

  • Notification center: From the menu bar, click the notification iconnotificatin center icon.pngand find the confirmation notification.
  • Audit log:
    1. From the menu bar, access the user menu (email address drop-down).
    2. Select Security center.
    3. In the Audit log section, click View audit log.
      You can see the confirmation details under the My apps service.

Implementing AppsFlyer compliance tools

How do I know which tool to use?

When your app is intended for children or a mixed audience (children and adults), you can use any of the recommended tools from this guide that align with the legal requirements. See more SDK resources at the bottom of this page. 

Examples of compliance tools and their use

Tool iOS Android Raw data availability

Strict SDK

Ensures that the IDFA isn't sent to AppsFlyer. This is usually recommended for apps directed toward children.

Available only to advertisers

Standard SDK using the setDisableAdvertisingIdentifiers API:

Ensures that AAID (Google’s Android advertising ID) isn’t sent to AppsFlyer. This is usually recommended for apps directed toward children.

Available only to advertisers

Standard SDK with an age gate using the setSharingFilterForPartners function for specific ad networks: 

Prevents such ad networks from accessing data when users fall below the age gate*.

Limited for specific ad networks

Standard SDK with an age gate using the setSharingFilterForPartners function for all ad networks:

Prevents all ad networks from accessing data when users fall below the age gate*.

Available only to advertisers

SKAN only:

Ensures the advertising ID isn't shared with other ad networks.

Available only to advertisers

SDK-less solutions (less recommended):

Configure your own servers to send data to AppsFlyer as an alternative to sending data via the SDK.

According to your configuration

Aggregated Advanced Privacy framework

Enforces Apple ATT privacy levels, making sure user-level data is unavailable to advertisers or ad networks.

Not available to advertisers or to ad networks

* When applying an age gate block, user-level data that doesn't fall under the age gate is available in raw data reports.

How does using the tools in the guide affect attribution?

The AppsFlyer compliance solution guide offers different tools, each with different levels of control. The impact on attribution varies based on the specific tool you choose to implement.

When using a tool that limits the sending of user data, such as the device ID, other attribution methods are used, such as probabilistic modeling or Install referrer (for Android).

Tools that don’t send user-level data are considered privacy-preserving and enable receiving aggregated campaign data.

I don't know if the ad network I'm working with is compliant, what do I do?

It's often unclear whether ad networks you collaborate with are compliant with relevant laws. You can refer this question to the ad network. If they aren't compliant or you're unsure, you can avoid sharing with them your data. You can use the setSharingFilterForPartners function to specify which ad networks to block from receiving your app data. You can also use this function to block all ad networks. See more example compliance tools

Do I need to implement AppsFlyer compliance tools if the ad network is compliant?

AppsFlyer compliance tools must always be implemented. Which ones are appropriate for your needs depends on the audience of your app. You may use setSharingFilterForPartners function (“MediaSourceName”) if the ad network you're working with has committed to treat the data you've shared with them solely as a data processor for limited purposes allowed under COPPA, GDPR, applicable laws and rules, or other platform rules that require it and with appropriate consent

This applies to each of the ad networks you're working with.

What data am I sharing with ad networks? What control do I have over this?

Ad networks that aren't SRNs receive your data via postbacks. They can define which events to include in the postbacks. Install postbacks are sent by default for attribution, while in-app event postbacks are only sent if you've configured specific events to be sent. As long as postbacks aren't blocked or restricted by the SDK, they may contain user-level data related to app user engagements (installs, in-app events, and re-engagements).

Except for postbacks, ad networks and agencies have limited access to data via the platform.

To find out what data was sent to ad networks via postbacks:

To control what data you're sending:

To control the availability of user-level attribution data for iOS users:

  • Use the Aggregated Advanced Privacy framework to enforce Apple ATT privacy levels. This ensures that user-level data, although used for attribution, isn't available in AppsFlyer to advertisers or ad networks. Aggregated data is available without limitation.

Do I need the SDK if my app is child-directed and all ad networks are blocked?

The SDK records your app events, such as installs, re-engagements, and in-app events. Without the SDK, there's no attribution. You can preserve user privacy with the SDK and show just aggregate data.