If you’re an Android developer who publishes their apps to the Google Play Store, you are likely being warned by Google “Warning of Google Play Developer policy violation: Action Required *Policy issue*” and asked to take steps to fix the violation.

The good news up front: you’ve come to the right place. iubenda helps app and website owners create beautiful and professional privacy policies. These privacy policies are fully responsive and work perfectly in the Android ecosystem.

Note: If you are looking for more information about a Prominent Disclosure requirements policy violation, then you’ll find more information in the post linked here.

Try the mobile privacy policy generator now

What’s currently happening?

You’re likely reading this post because you’ve received a warning just like the following:

“Warning of Google Play Developer policy violation: Action Required *Policy issue*: Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. Your app requests sensitive permissions (e.g. camera, microphone, accounts, contacts, or phone) or user data, but does not include a valid privacy policy.
*Action required:* Include a link to a valid privacy policy on your app’s Store Listing page and within your app. You can find more information in our help center.”

This means one of two things. Either you have a privacy policy but that privacy policy is not good enough, or you do not have a privacy policy at all. Both problems can be fixed easily using iubenda.

Summary of what’s wrong and how you can fix your problem (as presented by Google itself)

1- If your app requests user data or makes sensitive permissions requests such as Phone, Accounts, Contacts, Camera, or Microphone, you’ll need to add a valid privacy policy in two places: your app’s Store Listing page (instructions below) and within your app.

2- As a second option, you can remove any requests for user data or sensitive permissions. For example, you would need to remove the potentially sensitive permissons from the manifest. You will not need to add a privacy policy if you remove these requests.

3- If you cannot complete steps 1 or 2, you’ll need to unpublish the app from the Play Store. If your app is already unpublished, you don’t need to take action unless you re-publish the app in the future.

The issue needs to be resolved by March 15, 2017 in order for you to continue operating the concerned apps. From this date on, the outlined rules will be enforced into the future. Google says it will either significantly impact the visibility of the affected apps or remove them altogether. 

If your app requests sensitive permissions

If you request any of the sensitive permissions in your app, Google is being quite forward about how to fix your “problem”. You need to make sure that you disclose your use of one of the following “dangerous” group permissions in your current or updated privacy policy:

  • CALENDAR
  • CAMERA
  • CONTACTS
  • LOCATION
  • MICROPHONE
  • PHONE
  • SENSORS
  • SMS
  • STORAGE

Takeaway: disclose your use of any of the permissions that belong to the sensitive categories mentioned above and in the Google documentation

Read on to understand how to add a valid privacy policy.

How to add a privacy policy to the app

You need to make sure you add your privacy policy to the app AND the Play Store page. 

Add your privacy policy to the Play Store

policy to the Play Store includes the following steps:

  1. Go to your Google Play Developer Console.
  2. Select an app.
  3. Select Store Listing.
  4. Under “Privacy Policy,” enter the URL where you have the privacy policy hosted online.
  5. Select Save draft (new apps) or Submit update (existing apps).”

Add your privacy policy to your app

Your privacy policy needs to be linked in your app, or show in an app view directly. Do not hide it, ideally have it on the same level as your main menu items.

An Android example from Twitter:

What you can take away from this screenshot by Twitter is: it could be done better. Instead of hiding it in the about version 6.34.0 part, make it an actual heading on the level of Data usage, Location and proxy and About version 6.34.0.

An Android example from Instagram:

This example from Instagram is better. As you can see the privacy policy is implemented on the highest level of the menu and therefore easily visible.

Bonus: how to *actually* add the privacy policy to the app

The privacy policy needs to be added to the Play Store. There isn’t really a question about how that should be done. You need to host your privacy policy somewhere, you need a link, and that link needs to be added to the Play Store url form in the Developer Console (as seen under “Add your privacy policy to the Play Store” above).

Some people will host this privacy policy on Github, others on their website (iubenda does all of the hosting for you out of the box). 

However, within the app you have the option of adding a link to the privacy policy that is hosted remotely, or embed it as simple text in an app view. Just so you know, some data protection authorities will ask for this text to be viewable offline as well.

If you want to link to a privacy policy hosted remotely you can do so in Android:

// opening a URL in a Browser in Android:
Intent browserIntent = new Intent(Intent.ACTION_VIEW, Uri.parse(“your iubenda link?"));
startActivity(browserIntent);

What to write in your Play Store privacy policy

Now that you know where and how to add a privacy policy on the Play Store, you need to know how to implement the permissions. Adding a valid privacy policy comes down to disclosing the requested dangerous permissions in your privacy policy:

  1. Outline which dangerous/sensitive permissions you request
  2. Outline any other user data you collect, for instance advertisement services!
  3. Describe what purpose they serve and use them only for that purpose

In order to make this point more clear, let us look at what a disclosure like that might look like next.

What a disclosure might look like

Assuming that you make use of the android.permission-group.CAMERA you might use Google’s description of what this permission allows you to do. Then you’ll add in simple terms what this means for the user and what purpose this ultimately serves in your app


Privacy-relevant Android permissions requested by this app

CAMERA
Used for permissions that are associated with accessing camera or capturing images/video from the device.
This permission allows this application to capture the user’s selfies in order for them to be viewed in a timeline within this application.

or

PHONE
Used for permissions that are associated telephony features.
Allows, for instance, read only access to phone state, including the phone number of the device, current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. This, more specifically, allows this application to play audio and be muted when a phone call is incoming.

If you don’t want to write your privacy policy from scratch and want to profit from the other features iubenda offers its users, you can go ahead and use our mobile app privacy policy generator. This is the simple process you need to go through:

Android permissions on iubenda

  • Use our generator for mobile apps;
  • Add our service called “Device permissions for Personal Data access”
  • Choose all the other services you need for your app, add them to your privacy policy, then:
    1. Embed the privacy policy into your app or link to it from the app;
    2. Link to it from the Play Store page;
    3. Possibly link to it from your marketing website;

Congratulations you are done. Resubmit your app or privacy policy!

Generate a privacy policy for your Android app

P.s. if you’re interested you may read our more general post about privacy policy for Android apps. It contains additional information about how to structure and write a privacy policy from scratch.


Bonus: what Google says about adding a privacy policy

If you want to read up the statements by Google in their documentation and terms, you can find them below following the links or by reading the excerpts shown.

Exhibit A

  • “Adding a privacy policy to your app’s store listing helps provide transparency about how you treat sensitive user and device data. For apps that request access to sensitive permissions or data (as defined in the user data policies): You must link to a privacy policy on your app’s store listing page and within your app. Make sure your privacy policy is available on an active URL, applies to your app, and specifically covers user privacy.
  • For apps in the Designed for Families program: You must link to a privacy policy on your app’s store listing page and within your app, regardless of your app’s access to sensitive permissions or data. Make sure your privacy policy is available on an active URL, applies to your app, and specifically covers user privacy. For other apps: You’re not required to post a privacy policy.

Add a privacy policy to your store listing

  1. Go to your Google Play Developer Console.
  2. Select an app.
  3. Select Store Listing.
  4. Under “Privacy Policy,” enter the URL where you have the privacy policy hosted online.
  5. Select Save draft (new apps) or Submit update (existing apps).”

Exhibit B (Developer Program Policies – Privacy Policy)

If your app handles personal or sensitive user data (including personally identifiable information, financial and payment information, authentication information, phonebook or contact data, microphone and camera sensor data, and sensitive device data) then your app must:

  • Post a privacy policy in both the designated field in the Play Developer Console and from within the Play distributed app itself.
  • Handle the user data securely, including transmitting it using modern cryptography (for example, over HTTPS).

Exhibit C (Developer Program Policies – Prominent Disclosure Requirement)

If your app collects and transmits personal or sensitive user data unrelated to functionality described prominently in the app’s listing on Google Play or in the app interface, then prior to the collection and transmission, it must prominently highlight how the user data will be used and have the user provide affirmative consent for such use.



Google Analytics Remarketing Privacy PolicyApple Developer Blog: Including a Privacy Policy in Your AppsPrivacy Policy for Android Apps

About Us

iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app
www.iubenda.com

Generate a privacy policy now

Ready in a few steps and built to meet the needs of both website and mobile app owners

Generate your privacy policy now
RSS FEED

Sometimes the best choice is to "just give it a try"

iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app

Generate your privacy policy now