Redact device.ifa when p4 is not consented #14600
Description
Description
Currently, Prebid.js handles the redaction of User First Party Data (UFPD) when TCF Purpose 4 (Personalized Ads) consent is not granted. However, the current implementation in src/activities/redactor.ts only targets the user object (e.g., user.keywords, user.gender).
In mobile App/Web-view environments, the device.ifa (Identifier for Advertisers) is frequently passed into the bid request. While Prebid Server already redacts this field, Prebid.js currently allows it to leak through even when Purpose 4 consent is missing.
Supporting Documentation
According to the Prebid Support for Enforcing TCF 2 official requirement document:
- Prebid.js Functional Requirements (13.3) : Outlines the removal of UFPD fields but currently only specifies
user.*paths. - Prebid Server Functional Requirements (16.3): Explicitly lists
device.ifaas a UFPD field that must be removed if Purpose 4 is enforced and consent is missing.
The Problem
In many modern integrations where Prebid.js runs inside a mobile Web-view, device.ifa is populated. Because device.ifa is not included in the ORTB_UFPD_PATHS constant within redactor.ts, it bypasses the transmitUfpd activity check. This results in a privacy inconsistency where user.keywords are redacted, but a unique hardware/OS identifier (ifa) is transmitted to bidders without consent.
Proposed Solution
Add device.ifa (and potentially other hardware IDs like dpidsha1) to the ORTB_UFPD_PATHS array in src/activities/redactor.ts.
Expected Behavior
When the transmitUfpd activity is denied (due to lack of Purpose 4 consent), the redactor should strip device.ifa from the outgoing bid request, ensuring parity with Prebid Server and full compliance with TCF 2.2 privacy requirements.