Apps which include children in their target audience should not transmit the following from children or users of unknown age:
- Android advertising ID (AAID)
- SIM serial
- Build serial
Apps that solely target children should never transmit these identifiers. Apps that target children and older age groups may only transmit these identifiers from users that they know are adults.
Transmit means to send data through the network to any off-device destination, including the developer’s own server as well as destinations not controlled by the developer. In addition, apps targeting children should not request the device phone number from the TelephonyManager API.
As part of the Google Play services update in 2022, apps with a target API level set to 33 or above can use a new Google Play services permission to control access to Android advertising ID (AAID). To help with compliance, developers with apps that solely target children can use this mechanism to ensure that AAID access is disabled. Details can be found in the AAID section below.
For analytics, developers are encouraged to use app set ID.
How to comply with Families data practices for SIM serial, build serial, BSSID, MAC, SSID, IMEI, IMSI and phone number
To comply with Families data practices for SIM serial, build serial, BSSID, MAC, SSID, IMEI, IMSI and phone number, all apps:
- can have a target API level of at least 29 (Android 10) to help prevent these identifiers from being transmitted by your app.
- should not transmit these identifiers from children or users of unknown age, or use SDKs that transmit these identifiers from children or users of unknown age.
- should not request or collect the phone number from the TelephonyManager API.
Apps that solely target children
Apps that solely target children can comply with Families data practices for AAID in two ways:
- If your app is updated to target API level 33 (Android 13), ensure that your app or a library included in your app does not declare the new AAID permission, or that AAID is disabled. For more information on this permission and how to include or disable AAID, see this article. By updating to target API level 33 and not including the permission, AAID will automatically be disabled (set to a string of zeros).
- You must ensure that your app code and SDK calls are configured correctly such as to not transmit AAID. This may require doing one or more of the following:
- Modifying the SDK configuration settings inside your code or your app config file.
- Modifying individual calls to the SDK, such as including a tag in an ad request that indicates that the user is under the age of consent.
- Updating global app settings on the SDK website or configuration portal. For example, turning on a global child-directed setting on the SDK configuration portal.
- It is possible that certain SDKs may not have the ability to function without transmitting AAID. In this case, you must remove these SDKs from your app.
As a reminder, apps that solely target children must only use SDKs that have self-certified their compliance with Google Play’s families ads programme requirements to show ads and should only use SDKs that are approved for use in child-directed services.
Apps that target children and adults
To comply with Families data practices for AAID, apps that target children and adults:
- Must make sure that AAID is transmitted only when it's known that the user is not a child:
- Ensure that, by default, app code and SDKs do not transmit AAID. For example, apps that target children as one of their target audiences shouldn’t transmit AAID at initial startup of the app.
- Only after determining that the user is not a child, adjust code, SDK settings and SDK calls such that AAID may be transmitted. For example, once you have determined that the user is an adult, you may remove a tag from an ad request that indicates that the user is under the age of consent.
As a reminder:
- Only use SDKs that have self-certified their compliance with Play’s families ads programme requirements to display ads to children or users of unknown age
- Apps that target both children and older audiences must not implement APIs or SDKs that are not approved for use in child-directed services unless they are used behind a neutral age screen or implemented in a way that does not result in the collection of data from children. Apps that target both children and older audiences must not require users to sign in or access app content through an API or SDK that is not approved for use in child-directed services (see Families policy requirements).