Consent Management Platforms (CMPs) are supported in Pugpig Bolt through native SDKs.

Out of the box Pugpig Bolt supports:

• Google's User Management Platform (Google UMP)
• OneTrust

These providers follow IAB's GDPR Transparency and Consent Framework. This framework does not apply to anyone outside of the EU, EEA or the UK.

These CMP SDKs generate a pop-up on first app open to get the user's consent. The UI is managed through the admin consoles of these providers (Google Ad Manager in the case of UMP). They then save these values in a designated spot in the native app, according to IAB TCF v2.2 In App spec.

Interaction with other native SDKs

Other native SDKs, such as push notification or analytics tools, look in these exact locations to read the consent. They should then take appropriate steps to function adequately while still abiding by the consent choices. This isn't directly controlled by Pugpig.

Content

For HTML content Pugpig acts as an intermediary for the CMP. It reads the values from the native device as described above and serves them to the content as if it were a website CMP or cookie banner. This is served according to IAB TCF v2.2 API spec. 

Any JS library or service can register a callback that will receive the consent from the app. Vendors like Google Ad Manager then access the consent as normal. For a list of all vendors who support TCF v2.2 see here.

Custom Webviews

Custom webviews work the same as content webviews except you will be required to add the Pugpig CMP scripts into your HTML, to ensure a user is not asked to consent twice (once via the native app CMP screen, and again by your website within the webview). These scripts can be found at:

• [https://yourappdomain.com]/pp-scripts/cmp/stub.js
• [https://yourappdomain.com]/pp-scripts/cmp/api.js

The Stub script needs to be included as high as possible in the head of the HTML and before any other JS code runs. The API script can be added to the footer.

If there is an existing CMP on your HTML page, as long as the stub linked above is loaded first and the CMP follows the TCF v2.2 spec, then only the Pugpig CMP script will run and no cookie banner will appear. For a list of CMPs that support TCF v2.2 see here.