You have to tell users if you collect Advertising IDs, Analytics Data, etc. This is declared in the Policy section of your Google Play app (at the bottom of menu list in google play console). There are questionaires to fill in so users can read how your app behaves.
The biggest issue I found with GDPR, COPPA is the user tracking via the “Advertising ID” which is unique to a user on a mobile device. It’s a code that uniquely identifies a user, so advertising can identify them between apps. If it is enabled you will get more advertising revenue, but children should not have it enabled, and others should be asked first for privacy reasons. On Android 14+ and IOS it is all zeros (unidentifiable) unless the app requests it via user permission. Your Google app needs com.google.android.gms.permission.AD_ID added to the manifest - this is automatic when using Admob i believe.
I use the following rules: Children under 13 should not be tracked using advertising ID. Anyone older should be asked if they give permission to be tracked.
In our games, at first run, we have screens asking a user what age they are (it must be neutral, i.e. not pre-filled with a date). If they are under 13 we do not request the tracking ID. If over 13 we ask if they are OK with tracking (on IOS this triggers the native tracking permission request)
The results of these questions are passed to the Advertising SDK during initialization (Unity Ads you need a seperate App entry for Children with no Adult Ads, Admob you can pass an age range.)
Regarding analytics, we get the user to accept our terms and conditions, which in turn allows analytics (but technically this was already declared in Google play before they downloaded the APP). We don’t track unique users anyway.
We actually have an assett which shows age screens, etc (we use it in our own apps).
As for analytics, we use Firebase which integrates nicely into Google Play and Google Ads. Unity Analytics is free as long as you are on the free Unity tier I believe.