Photos and videos on a user’s device are considered Personal and Sensitive User Data and should be treated with utmost privacy best practices. This sensitive information leaves users vulnerable to leaks or targets of exploitation, so minimizing this access helps avoid the burden on developers of handling such sensitive data. To further support protecting users’ privacy, we are limiting the scope of how broad access to photos and videos can be acquired on Google Play. Only apps with a need for broad access to photos will be allowed to maintain the READ_MEDIA_IMAGES and READ_MEDIA_VIDEO permissions. Apps with a one-time or limited use of photo and video files are requested to use a system picker such as Android photo picker.
Last year, with users in mind, Android launched a new privacy-preserving photos experience: the Android photo picker. The picker integrates into your app without requiring you to acquire additional storage permissions and is the optimal way to keep your users and app safe. The photo picker library is also backported to Android 4.4, making it very simple to give this simplified experience to all of your users. Utilizing the photo picker is a built-in way for users to grant your app access to only selected images and videos, instead of their entire media library. To learn more on how to implement the picker, see Photo picker developer guide.
Overview
The Play Photo and Video Permissions policy requires the following:
- Apps that have a one-time or infrequent need to access these files are requested to use a system picker such as Android photo picker.
- Apps requiring broad access to photo and video files located in shared storage on devices must successfully pass an appropriate access review and demonstrate a core use case that requires persistent or frequent photo, image, or video access of files.
Make sure to read the policy in full and ensure you understand and comply. Developers who are not in compliance by the deadline may be subject to enforcement actions.
Timeline information
We anticipate the following timeline for the rollout of the Photo and Video Permissions policy. Note that this is subject to change; updates will be posted in this article.
- October 2023: We announced the new Photos and Video Permissions policy.
-
Mid 2024: Apps with one-time or infrequent use of photos requested to use a system photo picker and remove
READ_MEDIA_IMAGESandREAD_MEDIA_VIDEOpermissions from their app manifest. - Early 2025: Only apps with broad access core functionality can use
READ_MEDIA_IMAGESandREAD_MEDIA_VIDEOpermissions.
Frequently asked questions
What does it mean to have a one-time or infrequent use of photos or video files?Examples of one-time or infrequent use of photos or video files include, but are not limited to, uploading a profile picture, uploading an image for a playlist, or uploading a photo of a check for banking purposes. Infrequent use infers that your app does not have a photo or video use case as its core functionality. If your app has a one-time or infrequent use case for photo or video files, you may not use the READ_MEDIA_IMAGES or READ_MEDIA_VIDEO permission, and we urge you to instead use a system picker to preserve user privacy.
Apps whose core functionality revolves around broad access to photos and videos may use the permissions above. Apps that are photo or video managers and gallery apps are the most commonly eligible apps to use these permissions.
We consider core functionality to be the main purpose of an app. This means that the feature that you document in your app description is central to your app working and without it, your app won’t function.
In addition to complying with all other relevant Google Play policies, the app must demonstrate a core use case that requires persistent or frequent photo or video access of files located in shared storage.
Apps whose core function includes editing, managing, and maintaining photo or video galleries would need broad access to photos and videos on a user’s device. These apps are commonly known as "gallery apps."
Permanently private and enterprise device management apps are exempt from this policy requirement.
Yes, in order to be compliant with this policy, if your app does not need broad access to photos and videos via a supported core use case, the media access permissions must be removed from the app by the effective policy date.
Broad access to media files on shared storage is a vector for abuse and can harm both users and developers. A picker experience is elegant and efficient, and it helps developers avoid unnecessary access to sensitive data. By minimizing data access, the chance of being victims of leaks or targets of exploits is also minimized. It provides a consistent user experience, satisfies user expectations of privacy while using your app, and helps further maintain a safe and trusted Google Play experience.
Integrating Android photo picker in your app is easy and the tool updates automatically, offering expanded functionality to your app’s users over time without requiring any code changes. To simplify photo picker integration, include version 1.7.0 or higher of the androidx.activity library.
The photo picker is available on devices that run Android 11 (API level 30) or higher and receive changes to Modular System Components through Google System Updates. Older devices that run Android 4.4 (API level 19) through Android 10 (API level 29) and Android Go devices running Android 11 or 12 that support Google Play services can install a backported version of the photo picker.
You are not required to use the Android photo picker and can integrate other system pickers per your preference as needed.
In accordance with the Restricted Permissions policy, you must make a reasonable effort to accommodate users who do not grant broad access to media files on their device. This includes facilitating a more transactional method (for example, via a system picker) where users can still enjoy the feature or functionality of your app. This could also include gracefully facilitating a modified app experience where users can still enjoy the applicable functionality of your app.