CCPA: how to detect the californian users ? (concerned by the CCPA)

Question

The new CCPA guidelines require to have a specific app behaviour for the 'californian users'. By the way, I wonder if the CCPA applies to all californian citiziens (even if they are not physically present in California when the launch the app) or to all the persons present in California (event if they are not californian citizens).

So, I wonder how I can do technically in order to know if a user is concerned by the CCPA law, in order to know if I must implement a CCPA-specific behaviour for him/her.

My question is about both iOS and Android.

Thanks !

Answer 1

from my understanding, CCPA applies to californian residents only (not travelers)... That being said and as we could expect some kind of generalization of the CCPA later for all US citizens, one can use a conjunction of :

1. MCC code to identify the country (312 to 316)
2. Any kind of IP to region code service to check for "user is present in California"

MCC CODE

With such a code, we know if the user is has a SIM card associated with an US subscription. On Android we can use getResources().getConfiguration().mcc or put a flag in lacalized config file under values-mccXXX resource directory :

<resources>
    <bool name="is_us_subscriber">true</string>
</resources>

With a default to false. Works offline but requires a SIM based device (which excludes some tablets...), for non-SIM based devices there's no seamless way to check for country of residence... Best effort will be to use IP-to-ADDRESS unless you have additionnal information coming from facebook login or whatever...

IP TO ADDRESS

Using one of (or combination of) :

• https://developers.google.com/maps/documentation/geolocation/intro
• your own server implementation
• https://developer.android.com/reference/android/location/Geocoder
• other webservice

You can get US State (eg: California) from user IP address. On Android, use webservice to get user latitude and longitude and then call Geocoder to check for Address#getCountry() and Address#getAdminArea() which returns :

the administrative area name of the address, for example, "CA", or null if it is unknown.

But it will only allow you to know that user is in California... And not user is a Californian resident.

MY OPINION

• Use of external webservices is not reliable (no connection, VPN, proxy, ...)
• Use of external webservice could be expensive
• We lack information regarding user residence with location based services

I would recommend use MCC only since there's a high probability to see some kind of CCPA generalization in the US sooner or later...