Declare permissions for your app

Permission requests are evaluated during the release process after adding your APKs or App Bundles. If your app requests the use of high risk or sensitive permissions (e.g., SMS or Call Log), you may be required to complete the Permissions Declaration Form and receive approval from Google Play.

About the process

The Permissions Declaration Form is displayed during the release process if the app includes an APK or App bundle that requests permissions for which a Permissions Declaration has not been provided to Google Play.

If you have active APKs or App Bundles that require a Permissions Declaration, including releases on the Open, Closed, or Internal test tracks, an alert is displayed on the left menu under Release Management > App Releases. You cannot publish any changes to your app, including changes to your Store Presence (e.g. Store Listing, Pricing & Distribution) until you address this alert by creating a release that includes a Permissions Declaration or removes the permissions.

Consider deactivating any Open, Closed, or Internal testing tracks that are not currently in use if they are not compliant with this policy.

If you publish apps using the Google Play Developer Publishing API, consult these special instructions.

Complete the Permissions Declaration Form

 

Step 1: Evaluate requested permissions

You will find a history of previously declared permissions (if applicable), as well as newly requested permissions in an expandable list under the "Declare sensitive permissions" section of the "Prepare release" page.

  • Permissions with a checkmark have been declared in previous releases.

  • Permissions with an alert are newly added. These permission requests will be included in your declaration form for review by the Google Play team and evaluated against the published guidelines.
If you see permissions requested in the newly requested permissions list that you don't plan to include in your Permissions Declaration Form, you should remove that APK or App Bundle and upload a new APK or App Bundle with the proper set of permissions requested before proceeding.

 

Step 2: Specify your app's core functionality

You must specify your app's core functionality from the list of supported use cases. Select all checkboxes that apply to your app's core functionality.

Use cases not listed on this page are not allowed. If your app's core functionality requires a new use case, select Report new use case to inform the Google Play team of your use case. The Google Play team will review your use case and respond to your submission with any additional information.

Step 3: Provide instructions for app review

Once you submit your Permissions Declaration Form, the Google Play team reviews your app's core functionality to ensure the permissions requested are required for a supported use case. 
If specific instructions are required to demonstrate this core functionality, you may include those instructions in this section.

Step 4: Provide a video demonstration of your app

You may provide a video demonstration so the Google Play review team can more easily evaluate your app's core functionality.

Supported video formats: YouTube link (preferred), cloud storage link to an mp4 or other common video file format

Step 5: Provide instructions for accessing restricted app content

If your app's core functionality is restricted to signed in users, you must provide instructions to access that restricted content. The Google Play review team will use these instructions to evaluate the restricted functionality.

If your app requires sign in, select All or some functionality is restricted and provide a valid test username or phone number, and password, and any other instructions necessary for accessing the restricted app content.

Only provide account credentials specifically used for testing. Do not provide any production user's credentials.
Otherwise, select All functionality is available without special access to proceed without providing test credentials.

Step 6: (Multi-APK only) Request an exception for old APKs 

This field will only appear if you use a multi-apk configuration for your releases and one of the APK variants requests permission to use Call Log or SMS data.
You can file an exception in circumstances where your multi-APK configuration uses old APKs that you can no longer make code changes to. Consult the requirements for this exception before proceeding. Any APKs that don't meet the requirements must be deactivated to be compliant with the Permissions policy.
If you qualify for this exception, enter the version code(s), separated by commas, in the APK Exceptions field. 

Step 7: Confirm your declaration

Select the corresponding checkboxes to confirm that the details of your declaration are accurate, and that you agree to the terms of appropriate use of the declared permissions.

Prepare & roll out your release

Once you've completed all required steps of the Permissions Declaration Form, complete the remaining steps to prepare and roll out your release.

Permissions review process

When you complete the Permissions Declaration Form and roll out your release, your app will be subject to an extended review by the Google Play team. Your request may require up to several weeks to process. During this time your new app or app update will be in a pending publication status until your request is reviewed. Your app will also be subject to the standard compliance review against Google Play's Developer Program Policies.

If you override your pending publication with a new release, you may see additional delays to the review process. If you need to urgently release an app update, you must remove the high risk or sensitive permissions from your APK or App Bundle and roll out a new release. This new release would only be reviewed for standard compliance with policies, and be published within several hours.

If your app is not compliant with the Permissions policy, the Google Play team will send an email with the results of the review to the Account Owner and Contact email address on your developer account. If your request was approved and your app is compliant with the Developer Program policies, your new app or update will automatically be published to Google Play.

Special instructions for Google Play Developer Publishing API users

If you roll out a release using the Google Play Developer Publishing API and Google Play has not previously approved your APK or App Bundle's use of high risk or sensitive permissions, you will receive an error.

To continue managing releases using the Publishing API, you must either remove any high risk or sensitive permission requests from your app and create a new release with the revised APK or App Bundle or prepare and roll out your release using the Play Console web UI, following these steps:

  1. Upload your APK or App Bundle with high risk or sensitive permissions requested

  2. Complete the Permissions Declaration Form as above

  3. Complete the rollout of the release using the Play Console web UI

Once your Permission Declaration has been approved and your app has been approved for policy compliance, your release will be published and you can once again use the Publishing API to manage your releases.  Otherwise, the Google Play team will notify you if your Permissions Declaration request has been rejected and provide any additional information.

Whenever your app requests any new permissions, you will be required to use the UI to complete a revised Permissions Declaration Form specifically addressing the newly requested permissions.

Was this helpful?
How can we improve it?