OneTrust for Pugpig Bolt
Table of Contents
What is OneTrust
OneTrust is a consent management platform (CMP) that is supported in our Pugpig Bolt apps. It provides a way for users to have control over their personal data and how it is used by other services in the app, such as analytics, push notification or ads.
OneTrust can appear in the app as two separate screens: the Consent Banner and Preferences. You can use any using-facing names you'd like within the app for these screens. In a future version of Bolt we'll be revising this down to just the Consent Banner, as the Preferences are directly accessible from that banner.
OneTrust is fully supported as of Bolt iOS and Android 3.23, though a lighter-touch implementation has been available to customers since Bolt iOS and Android 3.12. Full support for Bolt Web will be added in the coming month, but we do have the ability to show the banner via Google Tag Manager on any version of Bolt Web.
OneTrust on first run
Our current implementation of OneTrust in Bolt only supports launching these screens from the settings area or as a deeplink.
As our customer's CMP needs have become clearer and more stringent, we're expanding our implentation to reflect this. In Bolt 3.22 we plan to add the ability to display the Consent Banner as part of the app's first run experience, after the onboarding screens (if there are any). This will require the user to interact with the modal before reading any content in the app.
The choices are then stored as per the TCF 2.2 specification, other SDKs in your app that are TCF 2.2 compliant are expected to pick up these choices and alter their functionality accordingly. The exact way they do this is dependent on the provider themselves, and not able to be altered by Pugpig.
If the user has not seen the consent dialogue and made their choices, the SDKs will not have information to access and will follow the default behaviour described in their documentation. In most cases this means the user will be opted-in.
Additionally, as of Bolt 3.22, these choices are passed to our webviews, such as timelines and the content, so that they can be included in our Google Ad Manager requests, more information on why this is important can be found in the specific documentation on this.
As always, your consent and privacy policies are entirely your choice. Pugpig Bolt aims to give you the tools necessary to implement this policy in your app, but we can't guide you on what you should or should not be doing, this is better left to your legal teams!
Screens
Settings |
Consent banner |
Preferences |
Geolocation rules
OneTrust allows you to set different behaviours by region. This is particularly important for customers with audiences in both GDPR regions and outside of them. In these cases we can enforce interacting with the consent modal on start up where necessary, while for other regions it will only accessible from the settings tab. This is controlled with the “Show banner” flag on the individual Geolocation rules
What is required for OneTrust set up
For us to add OneTrust to your app, we will require the following:
- Mobile App ID
- CDN Location
- Language Code.
These can all be found in your OneTrust account. Under SDK's in the left-hand menu of Mobile App Consent select the app in question, the “Instructions” tab will then display the necessary data. You should provide us the Mobile App ID and CDN Location for the production environment, unless you explicitly want to use the test environment during pre-release.
We currently support one language of the SDK, if your app is predominantly in English this will be EN, otherwise let us know which language code you'd prefer.
You're then free to submit your ipa and apk/aab to OneTrust for scanning, this will identify the different third-parties being used in your app and use those to automatically populate the modal.
For your side of the integration, you'll need to configure everything in the OneTrust console, such as the styling, copy and options.
It's crucial that the version of OneTrust that you have published aligns with the version which is baked into the Bolt/app version you are using! The OneTrust screens will not be displayed if this is not the case (for example, if a different version is subsequently published in the OneTrust dashboard).
On 3.17.5 we baked in OneTrust version 202309.1.0[.0].
In 3.21 we've added the ability to support per-build OneTrust versioning. Where possible we recommend being on the most up-to-date version of the SDK.
Note that we only support OneTrust from Pugpig Bolt 3.14 and onwards.