- GTAF: Google Traffic Application Function. A Google service that implements the Data Plan Sharing API and interacts with DPAs on behalf of Google applications. Google applications can query GTAF for the user's data plan information. Alternatively, if the Google applications register with GTAF, GTAF can send updates about the user's data plan.
- MSISDN: Mobile Station International Subscriber Directory Number, a number uniquely identifying a subscription in a mobile network. More commonly known as phone number.
- CPID Endpoint: A service implemented by mobile network operators that generates a carrier plan identifier (CPID) that can be used to look up the user's data plan information. CPID allows an application to query for details of a user's data plan without accessing the user's MSISDN. We describe the procedure for generating CPIDs below.
- User Key: User key is a string that can be used to identify a user's data plan. This can be either the CPID or MSISDN for applications which have access to the MSISDN.
- DPA: Data Plan Agent, a service implemented by mobile network operators that shares user data plan information with GTAF. The DPA can share information with GTAF by using a combination of sending data using Google Mobile Data Plan Sharing API and implementing the Data Plan Agent API. The DPA can optionally act as the CPID endpoint as well.
- UE: User Equipment, device used by the user.
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in these guides are to be interpreted as described in RFC 2119.
Mobile Data Plan Sharing
At a high level, the Mobile Data Plan Sharing comprises three parts:
- Mechanism to establish and update a carrier plan identifier (CPID) which can be used as user key. Applications that have access to MSISDN, MSISDN can use it as user key.
- A Google Mobile Data Plan Sharing API which allows the DPA to send information about a user's data plan to Google. For example, if the DPA wants to notify the user of an offer, it can notify GTAF which in turn notifies the user.
- A Data Plan Agent API implemented by the DPA which allows GTAF to query the DPA for information about the user's data plan. For example, if an application wants to display current data plan balance to the user, it can query GTAF which in turn queries the DPA.
The rest of this page introduces data plan terminology and details how to establish a CPID. Google Mobile Data Plan Sharing API and the Data Plan Agent API Specification follow next.
The operator SHALL take all necessary precautions to protect the private information of their subscribers. Specifically, to minimize exposure of the subscribers’ phone numbers the CPID endpoint SHOULD be inside your security perimeter. Moreover, for cases where the operator employs DPI, the operator SHOULD encrypt the MSISDN before injecting it to the HTTP request. If the CPID endpoint is not your security perimeter (e.g., when the CPID endpoint is deployed on a public cloud) the operator SHOULD not transmit the MSISDN over the public Internet in the clear. The operator can establish a VPN between the DPI and the CPID endpoint (see Figure 1) or encrypt the MSISDN before injecting it in the header. The latter approach assumes that the CPID endpoint can decrypt the injected header to recover the MSISDN before generating the CPID. Furthermore, the operator SHALL guard the secret key used to generate the CPID and rotate this key according to operator security policies.