Guides mobile consent management for iOS ATT framework, Android permissions, in-app flows, SDK propagation, IDFA/GAID handling, and GDPR/ePrivacy compliance.
npx claudepluginhub mukul975/privacy-data-protection-skills --plugin privacy-skills-completeThis skill uses the workspace's default tool permissions.
Mobile applications present unique consent challenges: platform-level permission systems (Apple ATT, Android runtime permissions), advertising identifiers (IDFA/GAID), SDK-level data collection by third-party libraries, and limited screen real estate for consent interfaces. Compliance requires coordination between GDPR/ePrivacy requirements and platform-specific privacy frameworks.
Conducts multi-round deep research on GitHub repos via API and web searches, generating markdown reports with executive summaries, timelines, metrics, and Mermaid diagrams.
Dynamically discovers and combines enabled skills into cohesive, unexpected delightful experiences like interactive HTML or themed artifacts. Activates on 'surprise me', inspiration, or boredom cues.
Generates images from structured JSON prompts via Python script execution. Supports reference images and aspect ratios for characters, scenes, products, visuals.
Mobile applications present unique consent challenges: platform-level permission systems (Apple ATT, Android runtime permissions), advertising identifiers (IDFA/GAID), SDK-level data collection by third-party libraries, and limited screen real estate for consent interfaces. Compliance requires coordination between GDPR/ePrivacy requirements and platform-specific privacy frameworks.
Apple's ATT framework requires apps to request user permission before tracking across apps and websites owned by other companies. Key aspects:
Purpose String (NSUserTrackingUsageDescription): "CloudVault uses this identifier to measure the effectiveness of our advertising campaigns and provide relevant ads. You can change this in Settings at any time."
Pre-Permission Prompt (shown before ATT dialog): CloudVault SaaS Inc. displays a custom pre-permission screen explaining the value exchange before triggering the system ATT dialog:
"Help us improve CloudVault by allowing measurement of our advertising. This helps us understand which ads brought you here and improve our marketing spend. Your data is never sold. You can change this choice in iOS Settings at any time."
[Continue] → triggers ATTrackingManager.requestTrackingAuthorization()
| ATT Status | Meaning | CloudVault Action |
|---|---|---|
| .notDetermined | User hasn't been asked yet | Show pre-permission screen, then request |
| .authorized | User allowed tracking | Enable IDFA access, attribution SDKs |
| .denied | User denied tracking | Disable IDFA, use SKAdNetwork for attribution |
| .restricted | Tracking restricted by parental controls/MDM | Do not request, use SKAdNetwork |
com.google.android.gms.permission.AD_ID in AndroidManifest.xml to access Google Advertising ID (GAID).Google's Privacy Sandbox for Android introduces:
<!-- AndroidManifest.xml -->
<uses-permission android:name="com.google.android.gms.permission.AD_ID"/>
GAID is only accessed if the user has granted consent for advertising purposes through the in-app consent flow. If consent is not granted, GAID is not read.
App First Launch
│
├─► Step 1: Welcome screen with privacy summary
│ "Welcome to CloudVault. Before you get started,
│ let's set up your privacy preferences."
│ [Set Up Privacy]
│
├─► Step 2: Layered consent screen
│ ├─ Purpose 1: Analytics [Toggle, OFF by default]
│ │ "Help us improve CloudVault by sharing anonymous usage data"
│ │ [Learn More] → detailed Art. 13 information
│ │
│ ├─ Purpose 2: Advertising Measurement [Toggle, OFF by default]
│ │ "Measure which ads brought you to CloudVault"
│ │ [Learn More] → detailed information + ATT context
│ │
│ ├─ Purpose 3: Crash Reporting [Toggle, OFF by default]
│ │ "Share crash reports to help us fix bugs faster"
│ │ [Learn More] → data types, retention
│ │
│ └─ "You can change these at any time in Settings > Privacy"
│
├─► Step 3: Record consent decisions
│ ├─ Per-purpose consent records (standard fields)
│ ├─ Platform: iOS/Android
│ ├─ OS version, app version, device model
│ └─ SDK consent propagation (see below)
│
├─► Step 4: Platform-specific follow-up
│ ├─ iOS: If advertising consent granted → trigger ATT dialog
│ └─ Android: If advertising consent granted → access GAID
│
└─► Step 5: Proceed to app
└─ SDKs initialized based on consent state
Third-party SDKs in the CloudVault mobile app must respect user consent:
| SDK | Purpose | Data Collected | Consent Required | Propagation Method |
|---|---|---|---|---|
| Firebase Analytics | Usage analytics | Events, screen views, device info | pur_analytics_001 | FirebaseAnalytics.setAnalyticsCollectionEnabled(granted) |
| Crashlytics | Crash reporting | Stack traces, device state | pur_crash_003 | FirebaseCrashlytics.setCrashlyticsCollectionEnabled(granted) |
| AppsFlyer | Attribution | IDFA/GAID, install referrer | pur_advertising_002 | AppsFlyerLib.start() only if consented |
| Google AdMob | Advertising | IDFA/GAID, device info | pur_advertising_002 | MobileAds.setRequestConfiguration() with consent |
SDKs must not be initialized before consent is obtained. CloudVault SaaS Inc. implements a "consent gate":
| Identifier | Platform | When to Access | When NOT to Access |
|---|---|---|---|
| IDFA | iOS | ATT status = .authorized AND pur_advertising_002 consented | ATT denied/restricted OR advertising consent not granted |
| GAID | Android | pur_advertising_002 consented AND AD_ID permission declared | Advertising consent not granted OR app targets children |