This article describes best practices for providing prominent disclosure and consent requests to your app's users.
As indicated in Google Play’s user data policy, a prominent disclosure should be presented in cases where users may not reasonably expect their personal and sensitive user data to be required for policy-compliant features or functionality within an app. An example of this could be an app that collects browser history to detect and block a child from sensitive content using Accessibility Service APIs. If there is a valid functionality for this collection, a prominent disclosure will help users understand why the app might be collecting this information.
For Permissions and sensitive APIs requiring prominent disclosure and consent such as the Accessibility Service APIs, the background location permission or the package (app) visibility permission, you must provide a separate in-app disclosure indicating the use of the permission or sensitive API to users. This will help ensure that users are aware and provide appropriate consent before the deployment of any permission or sensitive API.
We recommend using the best practices listed below as guidelines for your prominent disclosure. For the relevant policy requirements, refer to the 'Prominent disclosure and consent requirement' section in the user data policy.
Click on the sections below to expand or collapse them.User experience
- Present the disclosure to the user in the app, directly before requesting the permission or capability. The message cannot be in the app description or website. The ideal location would be in the user flow where users are informed of the steps to grant the permission in Android settings.
- Give the user an option to decline providing consent. Always provide an option to cancel the flow related to permissions.
- If the user denies or revokes a permission that a feature needs, gracefully degrade your app while enabling your user to continue using your app. Consider disabling the feature that requires the permission or use of the relevant data.
- Require the user's explicit consent using clear and friendly language, such as 'Agree' rather than 'Allow access' (this can sound intimidating and unclear) or 'Got it' (this is too casual).
- Use at least two options: one option to allow the user to grant the permission and the second option to allow the user to choose not to grant consent at that time, but be able to grant consent at a later time. Using 'Not now' or 'Skip' may allow you to repeat the request for consent at a later time.
- Don't use disclosure prompts that are similar to Android system UI notifications and requests, as this may confuse users.
- Consider matching the disclosure prompt background colour to your app's styles and themes instead of white so that consumers perceive that this message is from your app.
- Your prominent disclosure can be a window prompt, or it can be a part of the flow in the app UI. For example, If you have a conversational UI, you can present the prominent disclosure and consent text in the conversational UI and still meet Play requirements.
- If you need to show the consent again at a later time, be mindful of user fatigue. Respect user choice if the user has declined the in-app consent a few times.
- Why: Describe why the capability is needed by the app, describing the core purpose requiring this feature. This must be the primary purpose of the disclosure. We have found that users are more likely to uninstall apps when they don’t understand why an app is asking for permissions.
- What: If any data is collected using this capability, disclose all types of data involved.
- How: If any data is collected using this capability, describe how the data is used in context of the core features.
- Verbosity: Provide a clear explanation even if it may increase in length. Clarity and comprehension is more important than brevity.
- Clarity: All text must be clear and easy to understand at age 13 reading level.
- Tip: Use clear and simple language that has a meaningful value proposition, such as 'supporting content free of charge'. Avoid jargon that people do not understand.
When completing the Permissions declaration form in Play Console, you can provide a link to a short video to help Google evaluate your app’s prominent disclosure. A YouTube link is the preferred video format, but Google Drive storage links to an mp4 or other common video file formats are also supported.
Guidance for the video showcasing your app’s prominent disclosure
The video that you provide as part of the declaration must include the following:
- The opening of your app on the device.
- The user flows to get to the prominent disclosure and consent screen.
- Make sure that the video includes the full disclosure. If it requires scrolling, make sure that you slowly scroll so that all text is visible in the video.
- The user flow when the user consents.
- The user flow when the user does not consent, including the process when the user triggers the prominent disclosure and consent screen again.
- A core feature in your app that uses the capabilities declared in the prominent disclosure. If it isn't obvious from the user interface how the services are being used in your app, provide a voice-over or captions to help explain.
For more information, you can also watch our Play Academy video on 'Declared permissions and in-app disclosures'.