Google AdMob Unity: Privacy Compliance Guide
Learn how to integrate Google AdMob in Unity games while meeting GDPR, COPPA, and app store privacy requirements.
Google AdMob Unity integration is one of the most common monetization choices for mobile game developers, but it introduces significant privacy compliance obligations. Every ad request through AdMob involves collecting personal data from your players, which means privacy laws apply to your game from the moment you add the SDK.
This guide walks through the privacy requirements for using Google AdMob for Unity, covering GDPR consent, COPPA compliance, app store rules, and the privacy policy disclosures you need. This is educational content, not legal advice. Consult a qualified attorney for guidance specific to your game.
What Google AdMob Collects in Unity Games
Before addressing compliance, you need to understand what data AdMob actually collects when integrated into a Unity project. The Google AdMob SDK gathers:
- Device identifiers: Advertising ID on Android, IDFA on iOS (requires App Tracking Transparency prompt)
- IP address: Used for approximate geolocation and ad targeting
- App usage data: Session duration, screen views, and in-app events
- Ad interaction data: Impressions, clicks, video completion rates
- Device information: Model, OS version, screen resolution, language setting
- Crash and performance diagnostics: If enabled through Firebase integration
This data qualifies as personal data under Article 4(1) of the GDPR and as personal information under the CCPA. Your privacy policy must disclose every category, and your consent mechanism must account for it before ads load.
GDPR Consent for Google AdMob in Unity
If your Unity game has players in the EU or UK, you must obtain valid consent before serving personalized ads through AdMob. Article 6(1)(a) of the GDPR requires freely given, specific, informed, and unambiguous consent for processing personal data for advertising purposes.
Implementing the UMP SDK
Google provides the User Messaging Platform (UMP) SDK specifically for managing consent in AdMob-enabled apps. Here is the compliance workflow:
- Add the Google Mobile Ads Unity plugin and UMP SDK to your Unity project
- Call
ConsentInformation.Update()at app launch to check the user's consent status - If consent is required, display the consent form using
ConsentForm.LoadAndShowConsentFormIfRequired() - Check
ConsentInformation.CanRequestAds()before initializing AdMob - Only call
MobileAds.Initialize()after confirming consent status allows ad requests
Consent Status Handling
The UMP SDK returns one of four statuses that your Unity code must handle:
- OBTAINED: User consented. You may serve personalized ads.
- NOT_REQUIRED: User is in a region where GDPR consent is not required. Proceed normally.
- REQUIRED: Consent is needed but not yet obtained. Show the consent form.
- UNKNOWN: Status could not be determined. Treat as REQUIRED and show the form.
Never initialize AdMob or request ads when the consent status is REQUIRED or UNKNOWN. Doing so violates the GDPR and Google's own AdMob policies.
Non-Personalized Ads as a Fallback
If a player declines consent, you can still serve non-personalized ads. Set the request configuration in your Unity script:
- Create an
AdRequestwith theExtrasdictionary containing"npa" = "1" - Non-personalized ads do not use the advertising identifier for targeting
- Revenue per impression is typically lower, but you maintain compliance and keep your ad revenue flowing
Apple App Tracking Transparency and AdMob
Since iOS 14.5, Apple requires apps to request permission through the App Tracking Transparency (ATT) framework before accessing the IDFA. This applies to every Unity game using AdMob on iOS.
ATT Implementation Steps
- Add the ATT description string to your Unity iOS build settings (
NSUserTrackingUsageDescriptionin Info.plist) - Present the ATT prompt before initializing AdMob using
ATTrackingManager.RequestTrackingAuthorization() - Coordinate ATT with the UMP consent flow. Best practice is to show the UMP consent form first, then the ATT prompt
- If the player denies tracking, configure AdMob to serve non-personalized ads only
Apple reviews ATT compliance during app review. A missing or misleading tracking description string will result in rejection.
COPPA Compliance for Children's Games Using AdMob
If your Unity game targets children under 13, or if you know a segment of your audience is under 13, COPPA (Children's Online Privacy Protection Act) applies. The GDPR also has stricter rules for children's data under Article 8.
Requirements for Child-Directed Games
- Tag all ad requests as child-directed using
RequestConfiguration.TagForChildDirectedTreatment - Serve only non-personalized, age-appropriate ads
- Do not collect or transmit the advertising identifier for children under 13
- Do not use interest-based advertising or remarketing
- Do not integrate any SDK that performs behavioral tracking for users you know are children
Mixed-Audience Games
If your game appeals to both children and adults, implement an age gate or age verification screen. Route players under 13 to a child-safe ad configuration and players 13 and older to the standard consent flow.
COPPA penalties are enforced by the FTC and can reach $50,349 per violation as of 2024. The Google Play Store and Apple App Store both require accurate age ratings and enforce their own policies on children's content.
Privacy Policy Requirements for AdMob Unity Games
Both Google and the app stores require a privacy policy for any app that uses AdMob. Your policy must cover specific disclosures that go beyond a generic template.
What to Disclose
Your privacy policy must include:
- The types of data collected by AdMob (device IDs, IP address, usage data, ad interactions)
- The purpose of data collection (serving ads, measuring ad performance, frequency capping)
- That data is shared with Google and potentially with ad network partners
- How users can opt out of personalized advertising (OS-level ad settings, in-app controls)
- Your policy on children's data, if applicable
- Data retention periods or criteria
- Contact information for privacy inquiries
- Rights available under applicable laws (GDPR access and deletion, CCPA opt-out)
A privacy policy generator can create the foundation, but you must add AdMob-specific disclosures about the SDK, its data collection, and the ad networks involved.
Where to Publish Your Privacy Policy
Make your privacy policy accessible from multiple locations:
- Google Play Store listing (required field)
- Apple App Store listing (required field)
- In-game settings or menu screen
- Your game's website or landing page
- The consent form displayed by the UMP SDK
TermsBox hosts privacy policies at clean URLs (for example, termsbox.com/your-studio/privacy-policy), which you can link from app store listings, in-game menus, and your studio website.
Privacy Policy Generator
Create a comprehensive privacy policy for your website or app. Create yours in minutes with TermsBox.
Generate NowConfiguring AdMob for Privacy Compliance in Unity
Beyond consent, several AdMob configuration options affect your compliance posture. Set these in your Unity project before release.
Ad Content Rating
Use RequestConfiguration.MaxAdContentRating to control the maturity level of ads shown in your game. Options include G (general), PG, T (teen), and MA (mature). Match this to your app store age rating.
Test Device Configuration
During development, register your devices as test devices to avoid generating invalid impressions. This is a Google policy requirement, not just a best practice. Serving live ads to your own devices during testing violates AdMob terms.
Mediation Partners
If you use AdMob mediation to serve ads from multiple networks (Unity Ads, ironSource, AppLovin, Meta Audience Network), each network has its own data collection practices. Your privacy policy must disclose all mediation partners, and your consent mechanism must cover data sharing with each network.
List every mediation adapter in your privacy policy. When adding or removing a network, update your disclosures. A compliance scanner can help you track which third-party SDKs are active in your build.
Ad Placement and User Experience
Regulators and app stores both scrutinize ad placement. Avoid:
- Ads that appear during loading screens where users might accidentally click
- Interstitial ads that lack a clear close button
- Rewarded ads that punish users for not watching
- Any ad format that could be considered deceptive, especially in children's games
Handling Data Subject Requests for AdMob Data
Under Article 15 of the GDPR, players can request access to their personal data. Under Article 17, they can request deletion. You need a process for handling these requests even though AdMob data is processed by Google.
Your Responsibilities
- Provide a contact method (email address or in-app form) for data requests
- Respond within one month per Article 12(3) of the GDPR
- For data held by Google, direct the user to Google's privacy controls and account settings
- For data you store independently (analytics events, user accounts, purchase records), fulfill the request directly
- Document each request and your response for accountability purposes
Google's Role
Google acts as an independent controller for some AdMob data and as a processor for other data, depending on the configuration. Review the Google Ads Data Processing Terms to understand the split. You must reference this arrangement in your privacy policy.
App Store Compliance Checklist for AdMob Unity Games
Use this checklist before submitting your Unity game to the app stores:
- Implement the UMP SDK and verify the consent flow works in all regions
- Add the ATT prompt for iOS builds with a clear usage description
- Configure child-directed treatment if your game targets or reaches children
- Set the appropriate max ad content rating
- Publish a privacy policy that discloses AdMob data collection, sharing, and user controls
- Link the privacy policy in both app store listings and in the game itself
- Complete the Google Play data safety section accurately, listing all data types collected by AdMob
- Complete the Apple App Store privacy nutrition labels, including data linked to the user by AdMob
- Test the consent flow on both Android and iOS devices before submission
- Verify that ads do not load before consent is obtained in GDPR regions
A privacy policy generator paired with a terms of service generator covers the legal documents, but the technical implementation in your Unity project requires manual configuration and testing.
Frequently Asked Questions
Does my Unity game need a privacy policy if I use AdMob?
Yes. Google requires a privacy policy for any app using AdMob. Both the Google Play Store and Apple App Store also mandate a privacy policy when your app collects or shares personal data through ad SDKs.
How do I implement GDPR consent for AdMob in Unity?
Use Google's User Messaging Platform (UMP) SDK alongside the AdMob Unity plugin. Initialize the consent form before requesting ads, and only serve personalized ads after the user grants consent.
Can I use AdMob in a children's game built with Unity?
Yes, but you must tag your ad requests as child-directed, serve only non-personalized ads, and comply with COPPA and any applicable children's privacy laws. You cannot collect advertising identifiers from children under 13.
What data does Google AdMob collect from Unity games?
AdMob collects device identifiers (Advertising ID or IDFA), IP addresses, app usage data, crash diagnostics, and ad interaction data. The exact data depends on your configuration and whether you serve personalized or non-personalized ads.