- Good Examples of Android App Privacy Policies on Google Play
Let’s go over what those requirements look like in more detail.
Just like you and I, Google also needs to follow data privacy laws, so to prevent themselves from being held liable for an app developer who violates those laws, they require all Android apps on their Play Store to post an agreement.
Google’s definition of personal information includes but is not limited to:
- Personally identifiable information
- Financial or payment information
- Authentication information
- Phonebook details
- Device location
- Inventory of other apps
- Microphone, camera, and other sensitive devices or usage data
It’s important to note that personal data is any information that relates to an identified or identifiable living individual, as defined by the General Data Protection Regulation (GDPR).
- Developer details and a point of contact or mechanism to submit inquiries
- The types of personal and sensitive information your Android app accesses, collects, uses, and shares, including any third parties you share the information with, as well as clear explanations of the purposes for which it is utilized
- Your secure handling processes for keeping personal information safe
- Your data retention and deletion policy
It must also be available on a publicly accessible, non-editable, and non-geofenced URL, meaning no PDFs.
- Be clear and unambiguous
- Require affirmative user action
- Be granted by the user before your app collects the personal information
But some changes are coming (let’s be honest, aren’t they always?). Google plans to implement updates to their User Data guidelines, effective in December 2023.
Those changes include mandating that any apps that let users create accounts also allow their users to request to delete those accounts. Additionally, all app developers review their Data Safety Forms.
What’s a Data Safety Form, you ask? Let’s cover it in the next section.
Google Play Store Data Safety Form
According to Google, all apps on the Google Play Store must complete a Data Safety Form detailing how your app collects, uses, and processes personal information. The provided information is then used to fill out parts of your app’s listing on Google Play.
This form also helps remove some liabilities from Google’s plate if an app developer violates data privacy laws or regulations. It removes the responsibility from Google’s plate and places it back on the app owner.
I cannot stress to you enough that Google stipulates that it’s your responsibility to determine which data privacy laws apply to your app and to provide accurate information for compliance.
Your Data Safety From gets reviewed by folks at Google as part of the review process before determining if it can go live on the Play Store.
Google also recently updated its policy for sensitive permissions and Android apps.
Specifically, the new policy states that any application programming interface or API that requests to collect sensitive information from users must make sense to the user and is subject to stricter guidelines.
The collection of sensitive data must also be necessary to implement the current features or services your Android app promotes.
Sensitive information includes more vulnerable data about users.
- Information that can identify someone, like their username, email address, and name
- Financial and payment information (such as credit cards)
- Device location
- SMS data
- Phone book information such as mobile numbers
- Authentication information
This data is also subject to stricter storage and consent guidelines under the different data privacy laws.
Child Safety and Google Play
If you designed an Android app meant for children, you must meet all requirements outlined by the Google Play Families Policies.
The policy outlines several guidelines you must meet regarding:
- App content
- App functionality
- Play Console answers
- APIs and SDKs
- Augmented reality
- Social apps and features
- Legal requirements
Here’s a screenshot of the rules surrounding your data practices and Android apps for children:
You must also follow specific laws and regulations to legally process any personal information from children.
For example, in the U.S., you must meet all guidelines outlined by the Children’s Online Privacy Protection Act (COPPA). Plus, data privacy laws have strict requirements for entities that want to process data from young app users.
International Law Requirements
These laws usually have an extraterritorial scope, meaning that you may still need to follow their guidelines even if you’re located outside of the specific country with the regulation in place (especially if your app attracts users from those locations).
Some of the laws with the broadest scope include the following:
- General Data Protection Regulation (GDPR): You must inform users about who is processing their information, why it’s being collected, if the collected information gets shared with third parties, and how the user can follow through on their rights, like requesting to delete information or withdraw their consent.
- Using a managed solution
- Downloading a free template
- Doing it yourself
I’ll explain each method in greater detail in the next section.
When you use our generator, it asks you simple questions about your app and makes a complaint, properly formatted policy for you in minutes. It removes all the hassles, stress, and complications of writing your own agreement.
See a screenshot of our generator below.
Templates take a little more work on your part, but I don’t want that to scare you away. You just need to manually fill out each section with details about your app and business.
These are a great option if you’re on a tight budget because templates already have the formatting and some of the basic writing completed for you.
If you take this DIY approach, ensure you meet all obligations required by any privacy laws that may apply to your Android app. If you leave something out, whether unintentional or accidental, it can have legal and financial implications.
The law still holds you responsible for any shortcomings which may result in significant consequences.
There are some clauses found in all privacy policies — like an introductory clause and contact information — but in this section, I’ll quickly cover the clauses that are relevant to Android apps.
What Data You Collect
I recommend using a bullet list or table to format this information in a way that’s easy to read and understand.
Why You Collect the Data
You must also explain why you collect personal data in order to comply with data privacy laws, like the GDPR, and meet Google’s developer terms.
This is also referred to as your legal basis for data processing.
See how the video communications company Zoom approaches this clause in the screenshot example below.
How You Use the Data
This is also an aspect of several data privacy laws, like the GDPR and the CCPA.
If You Share or Sell the Data With Third-Parties
Not only does Google require this as part of their developer terms, but it’s also a requirement under most data privacy laws.
Children’s Privacy Rights
Plus, laws like the GDPR outline additional requirements, like obtaining consent from their legal guardian to process the data.
If you don’t target your app at children, you must say so in a clause in your policy.
See how Zoom writes this part of their privacy agreement for their Android app below.
Explanation of the Privacy Rights of Your Consumer
Google requires this explanation for the Play Store, and privacy laws like the GDPR, CCPA, and the Virginia CDPA mandate it.
If you fall under multiple different laws, you should list out the rights for users in each locations covered by the applicable law.
Data Retention Policy
Below, see a sample of how Zoom writes this clause in their privacy agreement.
Mechanism To Submit Inquiries
Below, see how Zoom handles this clause in their privacy notice.
Good Examples of Android App Privacy Policies on Google Play
I like looking at what other businesses are doing to achieve data privacy compliance; it can often lead to new ideas and great inspiration for implementing your own best practices.
So, let’s look at some real-life examples of good Android app privacy policies currently on the Google Play Store.
It makes sense to me to start by looking at the YouTube Android app listing on the Google Play Store — Google owns YouTube, so they should have no problems following the app store privacy guidelines they developed.
The listing page also features a Data safety section for each app, and I provided a screenshot for you below.
See a screenshot of it below.
If your Android app is meant for children, you must follow additional laws and guidelines to process their personal information legally.
See what I mean in the screenshot below.
As you can see from these examples, you’re expected to know what laws apply to your Android app and include all relevant information.
Google doesn’t take responsibility for your data privacy errors. Instead, the liability falls on you and your app.
- The app’s website
- The app’s Google Play Store listing
This not only builds trust with your users but also helps you comply with privacy laws.
Once you successfully host your policy on a website page, follow these easy steps to put it on your store listing:
- Go to play.google.com/apps
- Log in to your Play Store account
- Select your app and go to the “Store Listing” section on the left side