Mobile app consent with Adobe and OneTrust

I came to the question of how to manage consent on a mobile app, similar to what everyone needs to do on their websites. The difference if implementing tracking into mobile apps makes it impossible to consider user consents the same way you would do it with a tag manager. The reason behind this is simple. Mobile tracking refers to an SDK, the same as consent management, and does not by storing information in the user’s browser.

The following description of how to add a consent-considering implementation for a mobile app is based on the usage of Adobe’s Experience Cloud SDKs (not Experience Cloud Platform, because this would be slightly different) and OneTrust’s consent management SDK for mobile apps. Other consent management tools might also have a mobile app SDK and it will work in the same manner.


The prerequisites are simple. You’ve implemented the Adobe Mobile SDK (iOS and/or Android) in your mobile app with at least the (Adobe Systems) Mobile Core extension. The following extensions are ready to consider opt-ins: Analytics, Audience Manager, Target, Campaign Classic and Campaign Standard. This is how they behave:

The second part is to have the OneTrust SDK implemented with your app too. There is documentation at the OneTrust developer knowledge base. You might need to create an account, but it’s free.

Get and send information about consent changes

The following things have to be done by the app developers.

1. Grab the broadcasting events from the OneTrust SDK

To do this, I’d provide app developers with a description of what happens at the moment consent changes. Documentation is available for iOS and Android.

The developers need to consider every update to the consent settings whenever they appear. Even if a user is changing them at a later point in the app settings. There are different detail levels of querying consent. For our purpose, it might be enough to query consent for categories, but you could also query for specific vendors, which wouldn’t make sense, due to the fact that we can just opt in or opt out for all Adobe extensions at once.

When consent is given to a category (or vendor) the value returned is “1”, if not it is “0”. “-1” exists in case the consent has not been collected, but that should only happen if the OneTrust SDK is not initialized or does not exist.

ℹ️ You can keep your Adobe products/extensions in their appropriate categories, but you can only fire them all or none.

2. Pass the information to the Adobe Mobile Core extension

Now that the developer knows about the consent status of a category or vendor, he needs to “translate” this information for the Adobe Mobile Core extension. The extension has limited functionality to either set (all)OPTIN or (all)OPTOUT. So, if you’re using more than one of the mentioned Adobe products/extensions, all of their OneTrust categories need to be at “1”.

What does the developer need to so now?

Given the case you have Adobe Analytics installed only and Adobe Analytics is part of the OneTrust category C0002. The developer has to request the consent status of C0002 and he then needs take one of the following options.

C0002Set iOSSet Android

There is a detailed description and examples for both operating systems from Adobe.

Things to consider

You might want to hand over the given consent to your web views. This is OneTrust SDK side only, while I assume your website does consider consent by using the OneTrust active groups JavaScript variable or the OneTrust Cookie. You should share information about how to do this for iOS and Android with your app developers.

Related Posts
Leave a Reply

Your email address will not be published.Required fields are marked *