ironSource Consent API under the GDPR

Updated: March 7, 2021

When and Why Consent is Required

There are two different legislations in the EU regulating when consent should be obtained from end-users. 

General Data Protection Regulation (GDPR)

The GDPR requires that a controller will establish a legal basis for processing personal data. ironSource’s ad network mostly relies on its legitimate interest to serve ads based on contextual parameters and interactions with our ads. We also use legitimate interest to detect and prevent fraud, and to share device identifiers with attribution companies, so advertisers can attribute to us app installs. 

Other ad networks may serve, in addition to contextual ads, also personalized ads based on the interests and characteristics of end users. Such ad networks would usually rely on consent as their legal basis. If you use ironSource’s mediation, you can choose to communicate to such ad networks (if supported) the consent value, as explained below.

ePrivacy Directive

The ePrivacy Directive, as implemented by EU member states, generally requires consent to be obtained for the purpose of storing, accessing, or transmitting information from an end user’s device. The vast majority of ad networks, including ironSource’s ad network, rely on accessing certain device data in order to perform their basic functionalities. Accordingly, you must make sure that you properly obtain the end user consent for accessing and transmitting its device data prior to initializing any third party SDK, including ironSource mediation, and ironSource ad network. If a consent is not obtained, you should not initialize the ironSource SDK.

Consent Support

ironSource SDK introduced a client-side API to allow publishers to pass consent to our mediation on behalf of their end users. 

Due to a lack of standardization, each ad network has approached consent collection and management differently. Our commitment to providing our publishers with a single transparent interface required us to develop unique and specific integrations for every possible implementation from each ad network.

Below is a list of SDK ad networks which have adapters for ironSource mediation, and the relevant information regarding their approach to GDPR:

Network Solution Comments Reference
AdColony Consent API
Vungle Consent API If consent is not requested, Vungle defaults to displaying  consent on its own
AppLovin Consent API
InMobi Consent API
Chartboost Consent API
UnityAds Consent API
MoPub Consent API
AdMob Consent SDK
Tapjoy Consent API
Facebook Do not require consent Facebook manages users on its own. Advise with your Facebook representative for official information
HyprMX Consent API
Maio Do not support consent Publisher should not target Maio for users who are subject to GDPR
Fyber Consent API
Server Side Sources Consent Macro Work in progress

Mapping of consent integrated adapters versions per network (relevant only once using ironSource SDK V6.7.9 and above):

Network Earliest consent support adapter version
iOS Android Unity
AdMob 4.1.4 (SDK 7.28) 4.1.6 (SDK 12.0.1) 4.1.5
AppLovin 4.1.4 (SDK 5.0.1) 4.1.4 (SDK 8.0.1) 4.1.4
Chartboost 4.1.2 (SDK 7.2.0) 4.1.2 (SDK 7.2.0) 4.1.3
InMobi 4.1.3 (SDK 7.1.1) 4.1.3 (SDK 7.1.0) 4.1.2
UnityAds 4.1.1 (SDK 2.1.1) 4.1.1 (SDK 2.1.1) 4.1.1
Vungle 4.1.5 (SDK 6.2.0) 4.1.3 (SDK 6.3.17) 4.1.5
TapJoy 4.1.1 (SDK 11.12.2) 4.1.1 (SDK11.12.2) 4.1.1
MoPub 4.1.2 – (SDK 5.2.0) 4.1.3 – (SDK 5.2.0) 4.1.4
AdColony 4.1.2 (SDK 3.3.4) 4.1.2 (SDK 3.3.4) 4.1.2 (SDK 3.3.4)
HyprMX 4.1.2 (SDK 5.0) 4.1.2 (SDK 5.0) 4.1.2
Fyber 4.3.1 (SDK 7.4.0) 4.3.1 (SDK 7.3.3) 4.3.1
Facebook All versions
Maio All versions
MediaBrix All versions