Configure data privacy settings for mobile applications

For many companies, ensuring the privacy of their customers' personal data is an important component of the digital business success. Dynatrace provides numerous privacy enhancements that you can use to configure the data privacy settings of your apps. When you properly set up these settings, this helps to protect your customers' personal data and to ensure your organization's compliance with the General Data Protection Regulation (GDPR), data disclosure requirements of app stores, and other data protection laws and regulations.

While Dynatrace offers numerous data privacy settings configurable both on the environment and application levels, it's only your responsibility to properly set up these settings and take precautions that protect your customers' personal data.

User opt-in mode

Enable the user opt-in mode to secure your end user's permission to capture their personal data and receive crash reports from their mobile devices.

By default, crash reporting is deactivated and no monitoring data is captured.

Data collection levels

The privacy API methods allow you to dynamically activate and deactivate crash reporting and change the data collection level.

The table below describes the available data collection levels and shows whether user tags and custom user actions, events, values, and errors are reported for a particular level.

Level	Description	User tags, custom events, and custom values	Custom user actions and errors
Off Monitoring data is not sent	No personal data is sent; all identifiers are randomized on every launch.¹
Performance Only performance, automatically captured data is sent	No personal data is sent; all identifiers are randomized on every launch.
User behavior Performance data and user data is sent	Personal data is sent; OneAgent recognizes and reports users who revisit in the future.²

Level

Description

User tags, custom events, and custom values

Custom user actions and errors

Off

Monitoring data is not sent

No personal data is sent; all identifiers are randomized on every launch.¹

Performance

Only performance, automatically captured data is sent

No personal data is sent; all identifiers are randomized on every launch.

User behavior

Performance data and user data is sent

Personal data is sent; OneAgent recognizes and reports users who revisit in the future.²

A single Loading <App> event is sent to track the number of users that opted out.

If you haven't configured user tagging and custom event or value reporting, the User behavior level works similarly to the Performance level.

Possible flow for user opt-in mode

The following steps describe the standard workflow for setting up the user opt-in mode for your mobile apps:

You enable the user opt-in mode and instrument your app.
At startup, OneAgent for Mobile checks the end user's settings.
By default, the data collection level is set to Off and crash reporting is disabled so that, upon the first launch of your app, no data is shared with Dynatrace.
Your app checks if the user has agreed to your privacy policy. If not, a dialog is displayed (see example below) asking for the user's permission to capture the performance data, report crashes, and include their personal data in the information reported to Dynatrace.
When the user confirms their settings, you use the API calls to store the user's preferences.
Upon the next startup of your app, OneAgent for Mobile applies the new settings and reports only as much data as the user has agreed to share with Dynatrace.

User opt in mode mobile

Enable opt-in mode

To activate the opt-in mode for mobile apps in the Dynatrace web UI

In the Dynatrace menu, go to Mobile.
Select the mobile application that you want to configure.
Select More (…) > Edit in the upper-right corner of the tile with your application name.
From the application settings, select General > Data privacy.
Turn on Enable user opt-in mode.

OS-specific instructions

Check the sections below for detailed instructions on how to enable the mobile user opt-in mode and change the data collection level for your apps.

User tracking

OneAgent for Mobile uses the x-dynatrace header for tagging HTTP requests. Dynatrace uses this header to link the mobile part of the web request to the service part captured by another OneAgent.

For hybrid applications, the dtAdk cookie allows to join a session from OneAgent for Mobile and a session from the RUM JavaScript so that these sessions appear as a single session, while the dtAdkSettings cookie is used for syncing settings between OneAgent for Mobile and the RUM JavaScript.

User action masking

If you want to avoid capturing personal information for all user actions in your mobile app, check the related sections on user action masking for Android or iOS.

After you enable user action masking for your mobile app, OneAgent replaces all Touch on <control title> action names with the class name or type of the control that the user touched. For example, Touch on Account 123456 is changed to Touch on Button.

Data privacy questionnaire in app stores

To learn what data OneAgent captures and complete the data privacy questionnaire in Google Play Console or App Store Connect, see the following pages: