Serve ads on apps securely over HTTPS
For most countries, HTTPS is now the default for app ad serving, and almost all Ad Manager app ads are automatically served through HTTPS (there may be minor discrepancies because of other factors that currently prevent HTTPS in a few situations). Most app publishers don’t need to do the steps described in this article.
However, there are a few exceptions where HTTPS is optional, in which case you need to do the following to activate HTTPS app ad serving.
App developers can now serve ads over HTTPS to significantly improve privacy and security for users. Ads pass through information that can be used to track a user session for advertising purposes. Passing this information through HTTPS makes that tracking more secure; it prevents third parties (such as ISPs) from:
Intercepting the data.
Profiling a user based on the data.
Modifying the headers that are passed through, which affects Google’s ability to serve ads appropriately.
Read the following to learn when ads will be served over HTTPS, how to set up HTTPS serving, and some things to be aware of when serving ads over HTTPS.
Ads that will be served over HTTPS
Ads will be served over HTTPS if the inventory comes directly from Ad Manager, is backfilled from Ad Manager to Ad Exchange, or is backfilled from Ad Manager to AdMob. If apps make requests to more than one network, make sure each network has the same settings (either enabled or disabled in all networks) to prevent undesirable behavior. This table provides more details.
|Setup||Result / recommendation|
|Ad Manager direct||HTTPS is controlled by the Ad Manager UI setting.|
|App makes requests to more than one Ad Manager network||HTTPS is controlled by the Ad Manager UI setting. Make sure each Ad Manager network has the same HTTPS setting (either all enabled or all disabled) to prevent issues such as switching between HTTP and HTTPS.|
|Ad Manager backfill to Ad Exchange||HTTPS is controlled by the Ad Manager UI setting.|
|Ad Manager backfill to AdMob||All AdMob inventory will be served over HTTPS based on the Ad Manager UI setting. The AdMob account HTTPS settings will be ignored.|
|App uses both Ad Manager and AdMob||Make sure the HTTPS settings for Ad Manager and AdMob are the same (either both enabled or both disabled) to prevent issues such as switching between HTTP and HTTPS.|
Set up HTTPS serving
- Sign in to Google Ad Manager.
- Click Admin Global settings.
- Select Enable HTTPS for apps.
This will enable HTTPS for all eligible app requests made to this Ad Manager network.
HTTPS can only be enabled for ad requests from apps using the following Google Mobile Ads SDK versions and above:
- iOS: version 6.12.0
- Android: version 6.1.11
If your app is integrated with Google Play Services for Android, you don’t need to download the latest Google Mobile Ads SDK and redistribute your app to make it eligible for HTTPS. It gets auto-updated regularly with the latest functionality.
Ad Manager scans creatives for HTTPS compliance. If a creative is not HTTPS-compliant (e.g., it has mixed content with some HTTP references), it should still fully display on the app, but there will be an entry in the internal logs. However, some features in Ad Manager require creative-level HTTPS compliance, such as the Ad Manager macro for passing IDFA/AdID. Learn more about HTTPS on Ad Manager.