Configure data privacy settings for mobile applications

For many companies, ensuring the privacy of their customers' personal data is an important component of the digital business success. Dynatrace provides numerous privacy enhancements that you can use to configure the data privacy settings of your apps. When you properly set up these settings, this helps to protect your customers' personal data and to ensure your organization's compliance with the General Data Protection Regulation (GDPR), data disclosure requirements of app stores, and other data protection laws and regulations.

While Dynatrace offers numerous data privacy settings configurable both on the environment and application levels, it's only your responsibility to properly set up these settings and take precautions that protect your customers' personal data.

User opt-in mode

With opt-in mode, each user of your application can set their data privacy preferences and decide whether they want or don't want to share their information. They can choose exactly what types of information they are willing to share. For example, one user might allow you only to report crashes, while the other might permit you also to capture performance and user data.

Possible flow for user opt-in mode

The following steps describe the standard workflow for setting up the user opt-in mode for your mobile applications.

  1. You enable user opt-in mode via a special flag or key and re-instrument your application.

  2. At startup, OneAgent checks whether a user has already configured their data privacy preferences.

    By default, the following default data privacy preferences are used for all users who haven't yet set their data privacy preferences:

    • Data collection level: Off (monitoring data is not sent to Dynatrace)
    • Crash reporting: Off (crash reports are not sent to Dynatrace)

    Thanks to that, upon the first launch of your app, no data is shared with Dynatrace.

  3. If the user hasn't configured their data privacy preferences, you show a dialog (see example below) asking for the user's permission to capture the performance data (corresponds to the Performance data collection level), include their personal data in the information reported to Dynatrace (corresponds to the User behavior data collection level), and report crashes.

    Don’t forget to create and show users the dialog with the data privacy settings. The users of your application will use this dialog to set their data privacy settings.

  4. The user sets their data privacy preferences; you use the API calls to store the user's data privacy preferences.

  5. Upon the next startup of your application, OneAgent applies the new data privacy preferences and reports only as much data as the particular user has agreed to share with Dynatrace.

User opt in mode mobile

Enable opt-in mode

To activate the opt-in mode for mobile applications

  1. Go to Mobile.

  2. Select the mobile application that you want to configure.

  3. Select More () > Edit in the upper-right corner of the tile with your application name.

  4. From the application settings, select General > Data privacy.

  5. Turn on Enable user opt-in mode.

  6. Update your application's configuration file (build file for Android, Info.plist for iOS, and dynatrace.config.<extension> for cross-platform frameworks) by adding a special flag or key that enables opt-in mode.

    Check the instrumentation wizard for the updated configuration code snippet.

  7. Rebuild your application so that the new configuration takes effect.

Check the sections below for detailed instructions on how to set up the mobile user opt-in mode for your applications.

Data collection levels

The table below describes the available data collection levels and shows whether user tags and custom user actions, events, values, and errors are reported for a particular level.

Level

Description

User tags, custom events, and custom values

Custom user actions and errors

Off

Monitoring data is not sent

No personal data is sent; all identifiers are randomized on every launch.1

Not applicable

Not applicable

Performance

Only performance, automatically captured data is sent

No personal data is sent; all identifiers are randomized on every launch.

Not applicable

Applicable

User behavior

Performance data and user data is sent

Personal data is sent; OneAgent recognizes and reports users who revisit in the future.2

Applicable

Applicable

1

A single Loading <App> event is sent to track the number of users that opted out.

2

If you haven't configured user tagging and custom event or value reporting, the User behavior level works similarly to the Performance level.

User tracking

OneAgent for Mobile uses the x-dynatrace header for tagging HTTP requests. Dynatrace uses this header to link the mobile part of the web request to the service part captured by another OneAgent.

For hybrid applications, the dtAdk cookie allows to join a session from OneAgent for Mobile and a session from the RUM JavaScript so that these sessions appear as a single session, while the dtAdkSettings cookie is used for syncing settings between OneAgent for Mobile and the RUM JavaScript.

User action masking

If you want to avoid capturing personal information for all user actions in your mobile app, check the related sections on user action masking for Android or iOS.

After you enable user action masking for your mobile app, OneAgent replaces all Touch on <control title> action names with the class name or type of the control that the user touched. For example, Touch on Account 123456 is changed to Touch on Button.

Data privacy questionnaire in app stores

To learn what data OneAgent captures and complete the data privacy questionnaire in Google Play Console or App Store Connect, see the following pages:

Related topics