Personal and Sensitive Information
Personal and sensitive user data includes, but isn't limited to, personally identifiable information, financial and payment information, authentication information, phonebook, contacts, device location, SMS and call related data, inventory of other apps on the device, microphone, camera, and other sensitive device or usage data. If your app handles sensitive user data, then you must:
- Limit your access, collection, use, and sharing of personal or sensitive data acquired through the app to purposes directly related to providing and improving the features of the app (e.g., user anticipated functionality that is documented and promoted in the app's description in the Play Store). Apps that extend usage of this data for serving advertising must be in compliance with our Ads Policy.
- Handle all personal or sensitive user data securely, including transmitting it using modern cryptography (for example, over HTTPS).
- Use a runtime permissions request whenever available, prior to accessing data gated by Android permissions.
- Not sell personal or sensitive user data.
Prominent Disclosure & Consent Requirement
In cases where users may not reasonably expect that their personal or sensitive user data will be required to provide or improve the policy compliant features or functionality within your app (e.g., data collection occurs in the background of your app), you must meet the following requirements:
You must provide an in-app disclosure of your data access, collection, use, and sharing. The in-app disclosure:
- Must be within the app itself, not only in the app description or on a website;
- Must be displayed in the normal usage of the app and not require the user to navigate into a menu or settings;
- Must describe the data being accessed or collected;
- Must explain how the data will be used and/or shared;
- Cannot be included with other disclosures unrelated to personal or sensitive data collection.
Your in-app disclosure must accompany and immediately precede a request for user consent and, where available, an associated runtime permission. You may not access or collect any personal or sensitive data until the user consents. The app's request for consent:
- Must present the consent dialog clearly and unambiguously;
- Must require affirmative user action (e.g., tap to accept, tick a check-box);
- Must not interpret navigation away from the disclosure (including tapping away or pressing the back or home button) as consent; and
- Must not use auto-dismissing or expiring messages as a means of obtaining user consent.
Examples of common violations
- An app that records a user’s screen and doesn't treat this data as personal or sensitive data subject to this policy.
- An app that collects device location and does not comprehensively disclose its use and obtain consent in accordance with the above requirements
- An app that collects restricted permissions in the background of the app including for tracking, research, or marketing purposes and does not comprehensively disclose its use and obtain consent in accordance with the above requirements.
Restrictions for Sensitive Data Access
In addition to the requirements above, the table below describes requirements for specific activities.
|Your app handles financial or payment information or government identification numbers
||Your app must never publicly disclose any personal or sensitive user data related to financial or payment activities or any government identification numbers.
|Your app handles non-public phonebook or contact information
||We don't allow unauthorized publishing or disclosure of people's non-public contacts.
|Your app contains anti-virus or security functionality, such as anti-virus, anti-malware, or security-related features