Documentation

How to Add Android and iOS Mobile Permissions for Device Data

Contents

  1. Introduction to mobile permissions
  2. Getting started with iubenda
  3. Android permissions in particular
  4. iOS permissions in particular
  5. App store Integration tips

1. Introduction to mobile permissions

Both the Android and iOS ecosystem have permissions for device data that the user needs to grant before apps can access that data. In particular the Android/Google Play world needs those permissions to be shown in a privacy policy in an app, and, in addition, on the Play Store page.

Below you’ll find the explanation of how you can easily integrate these permissions into your privacy policy.

Since iubenda is platform agnostic (functions across various platforms), the mobile permissions service describes mobile permissions in general and therefore also has permissions coming from the iOS world like HomeKit, Reminder, Motion Sensors etc. This is also useful if you create an app on both platforms.

2. Getting started with iubenda

To adapt your Android/iOS app to the requirements of the App Store/Google Play Store, you need to prepare a privacy policy stating in detail which personal data are collected and managed from the app, including any information relating to the collection of data from the device.

Begin to generate your own privacy policy for your mobile app by clicking on “Start Generating > Mobile App”:

start generating policies for mobile apps

Next, click “generate now” under Privacy and Cookie policy, then begin selecting all services used by your app (eg. Google Analytics, AdMob, Contact form etc.). For more information, see this guide on how to generate a policy (which includes information on choosing services).

How to add services for your mobile app

List the permissions requested by your app

In addition to the other services added above, now’s the time to also enable the clause “Device permissions for Personal Data access”.

This service will allow you to select and list the possible permissions that your application may request from the user in your privacy policy, such as access to the camera, microphone, contact list, geolocation, calendar etc.

3. Android permissions in particular

Android permissions are the ones described in the Android/Google documentation as being “dangerous” permissions. Since requesting sub-permissions like GET_ACCOUNTS is part of the granted group permission like CONTACTS, that’s what our disclosure focuses on.

There is one exception to the rule here: You will find 4 different location disclosures with self-explanatory titles:

  • Precise location permission (continuous)
  • Precise location permission (non-continuous)
  • Approximate location permission (continuous)
  • Approximate location permission (non-continuous)

Following this example, look for the group permission names within the generator and then check if the disclosure printed out in the privacy policy follows your actual data handling. Here’s the table from the Google permission documentation for you:

Permission Group Permissions
CALENDAR READ_CALENDAR
WRITE_CALENDAR
CAMERA CAMERA
CONTACTS READ_CONTACTS
WRITE_CONTACTS
GET_ACCOUNTS
LOCATION ACCESS_FINE_LOCATION
ACCESS_COARSE_LOCATION
MICROPHONE RECORD_AUDIO
PHONE READ_PHONE_STATE
CALL_PHONE
READ_CALL_LOG
WRITE_CALL_LOG
ADD_VOICEMAIL
USE_SIP
PROCESS_OUTGOING_CALLS
SENSORS BODY_SENSORS
SMS SEND_SMS
RECEIVE_SMS
READ_SMS
RECEIVE_WAP_PUSH
RECEIVE_MMS
STORAGE READ_EXTERNAL_STORAGE
WRITE_EXTERNAL_STORAGE

4. iOS permissions in particular

For iOS permissions you can use the same disclosures as above found under 3. Android, in addition to these Apple has certain permissions that aren’t currently part of Android:

  • Reminders permission
  • HomeKit permission
  • Motion sensors permission
  • Bluetooth sharing permission
  • Social media accounts permission

5. Integration

Once the privacy policy has been generated, remember to comply with the platform (Google or Apple) and data protection authority guidelines.

Google requires:

  • a link to the privacy policy directly from within the app;
  • that you also link to the policy from the Play Store page and also link to your marketing website (if you have one).

Apple specifically requires:

  • a link to the privacy policy in the App Store Connect metadata field;
  • an easily accessible link to your policy from within the app.

Remember: If your app processes user data while offline, be sure to provide users with an in-app offline method of accessing the privacy policy in order to be legally compliant.

In regards to iubenda’s mobile app integration methods, the direct link or direct text embedding methods are best. Whichever embed method you choose, remember that you’re legally required to choose a location that is easily accessible and visible to users. Check out the guide devoted to our integration methods for more information on how to integrate your privacy policy into your app.

Consent

With recent updates in data protection regulations, in particular, the GDPR, if you process user data based on consent, you are legally required to maintain legitimate records of consent. Click here to get a quick idea of what this entails and how our Consent Solution can help you to be compliant. Otherwise, for a more detailed explanation, you can read the section on valid “Records of consent” in our GDPR guide here.

Does your app target children? If so, you should read this guide as under the major global legislations, special conditions apply to the processing of personal data belonging to children.

See also

For further details on privacy policies for Android/iOS apps on the app stores and its requirements, please refer to our guides here:

Still have questions?

Visit our support forum Email us