Author/Suzanne Frey, VP, Product, Android Security and Privacy
We work closely with developers to make Google Play a safe and trusted place to deliver the latest Android app experiences to billions of users. Now, we will introduce a security module in Google Play to help users understand the data the app collects or shares, whether that data is protected, and other details that affect privacy and security.
Developers accept that users deserve transparency and control over their data. At the same time, developers need a clear and understandable way to communicate app security to users so they have enough information to make decisions about how their data will be used. We’ve also heard from developers that they want to provide users with additional background information about how data is used and how security practices affect the application experience. Therefore, in addition to presenting the data collected or shared by the application, we will highlight the following:
- Whether the application employs security practices, such as data encryption
- Does the application comply with our family policy
- Whether the application needs this data to run, or whether users can choose to share this data
- Whether the application’s security module has been verified by an independent third party
- If the user decides to uninstall the application, whether the application provides the user with a method to delete its data
- Develop apps and games for children and families
This is going to be a major change, so we’ll be sharing our progress with developers ahead of time and building the module with you.
What the security module will cover
We will ask developers to provide:
- Types of data collected and stored: such as approximate or precise location, contact information, personal information (name, email address, etc.), photos and videos, audio files, and storage files
- Use of data: such as application functionality and personalization
Similar to app details such as screenshots and instructions, developers are responsible for the information disclosed in their security modules. Google Play will introduce a policy requiring developers to provide accurate information. If we find that the information provided by the developer is incorrect and violates our policy, we will ask the developer to fix it. Applications that do not meet compliance requirements will be subject to policy violations.
Future plans
All apps on Google Play, including those published by Google itself, must share this information and provide a privacy policy.
We work to ensure that developers have enough time to prepare. This summer, we will share new policy requirements and resources, including detailed guidance on app privacy policies. Starting from the second quarter of 2022, such information must be provided when submitting new apps and app updates for approval.
△ Target schedule (date or as appropriate)
We will continue to provide new ways for users to simplify this control and provide more automation support for developers.
The resources
In the meantime, please refer to the following resources to help you design secure and privacy-friendly apps:
-
Audit the data you collect, send to the server, or share with third parties
- Know how to audit and interpret data access to SDKS and development libraries
-
Learn how to build privacy-friendly apps:
- Privacy best practices
- Application Success Academy: Design for Privacy and security
-
Learn how to build more secure applications:
- Security best Practices
- More secure processing of data
We look forward to working with developers to make Google Play a trusted platform for all.