Author: Suzanne Frey, VP, Product, Android Security and Privacy
With our close collaboration with developers, Google Play has become a safe and trusted place to bring the latest Android app experiences to billions of users. We are now introducing a security module in Google Play that will help users understand the data collected or shared by an app, whether it is protected, and other details that affect privacy and security.
Developers accept that users deserve transparency and control over their data. At the same time, developers need to communicate application security to users in a straightforward way so that users have the information to make decisions about how their data should be used. We’ve also heard from developers that they want to provide users with additional background information on what the data is used for and how security practices affect the app experience. Therefore, in addition to presenting the data collected or shared by the application, we will highlight the following:
- Is the application using security practices, such as data encryption
- Whether the application is in compliance with our family policy
- Whether the application needs this data to run, or whether the user can choose to share this data
- Has the security module of the application been verified by an independent third party
- If the user decides to uninstall the application, does the application provide the user with a way to delete their data
- Develop apps and games for children and families
This is going to be a major change, so we’ll share the progress with the developers ahead of time and build the module with you.
What the security module will cover
We will ask developers to provide:
- Types of data collected and stored: such as approximate or precise location, contact information, personal information (name, email address, etc.), photos and videos, audio files, and storage files
- Use of the data: for example, application functionality and personalization
Similar to application details such as screenshots and instructions, developers are responsible for the information disclosed in their security modules. Google Play will introduce a policy requiring developers to provide accurate information. If we find that the information provided by the developer is incorrect and violates the policy, we will ask the developer to fix it. Apps that do not meet compliance requirements will be subject to policy violations.
Future plans
All apps on Google Play, including those published by Google itself, must share this information and provide a privacy policy.
We are committed to ensuring that developers have enough time to prepare. This summer, we will be sharing new policy requirements and resources, including detailed guidance on app privacy policies. Starting in the second quarter of 2022, this information will have to be provided when submitting new apps and app updates to get approval.
△ Target Timetable (Date or as appropriate)
We will continue to provide new ways for users to simplify this control and provide more automation support for developers.
The resources
In the meantime, check out the following resources to help you design secure and privacy-friendly applications:
-
Review the data that you collect, send to the server, or share with third parties
- Learn how to audit and interpret data access to the SDK and development libraries
-
Learn how to build privacy-friendly applications:
- Privacy best practices
- The Academy of Applied Success: Privacy and Security by Design
-
Learn how to build more secure applications:
- Security best practices
- Handling data more securely
We look forward to working with developers to make Google Play a platform that everyone can trust.