How to Add Android and iOS Mobile Permissions for Device Data


  1. Introduction to mobile permissions
  2. Getting started with iubenda
  3. Android permissions in particular
  4. iOS permissions in particular
  5. App store Integration tips

1. Introduction to mobile permissions

Both the Android and iOS ecosystem have permissions for device data that the user needs to grant before apps can access that data. In particular the Android/Google Play world needs those permissions to be shown in a privacy policy in an app, and, in addition, on the Play Store page.

Below you’ll find the explanation of how you can easily integrate these permissions into your privacy policy.

Since iubenda is platform agnostic, the mobile permissions service describes mobile permissions in general and therefore also has permissions coming from the iOS world like HomeKit, Reminder, Motion Sensors etc. This is also useful if you create an app on both platforms.

2. Getting started with iubenda

To adapt your Android/iOS app to the requirements of the App Store/Google Play Store, you need to prepare a privacy policy stating in detail which personal data are collected and managed from the app, including any information relating to the collection of data from the device.

Begin to generate your own privacy policy for your mobile app by selecting all services used by your app (eg. Google Analytics, AdMob, Contact form etc.). For more information, see the guide dedicated to the addition of services.

List the permissions requested by your app

In addition to the other services added above, now’s the time to also enable the clause “Device permissions for Personal Data access”.

This service will allow you to select and list the possible permissions that your application may request from the user in your privacy policy, such as access to the camera, microphone, contact list, geolocation, calendar etc.

3. Android permissions in particular

Android permissions are the ones described in the Android/Google documentation as being “dangerous” permissions. Since requesting sub-permissions like GET_ACCOUNTS is part of the granted group permission like CONTACTS, that’s what our disclosure focuses on.

There is one exception to the rule here: You will find 4 different location disclosures with self-explanatory titles:

  • Precise location permission (continuous)
  • Precise location permission (non-continuous)
  • Approximate location permission (continuous)
  • Approximate location permission (non-continuous)

Following this example, look for the group permission names within the generator and then check if the disclosure printed out in the privacy policy follows your actual data handling. Here’s the table from the Google permission documentation for you:

Permission Group Permissions

4. iOS permissions in particular

For iOS permissions you can use the same disclosures as above found under 3) Android, in addition to these Apple has certain permissions that aren’t currently part of Android:

  • Reminders permission
  • HomeKit permission
  • Motion sensors permission
  • Bluetooth sharing permission
  • Social media accounts permission

5. Integration

Once the privacy policy has been generated, remember to comply with the Google guidelines in the following way (and data protection authority guidelines):

  • add a link to the privacy policy directly from within the app;
  • add the link to the policy also to the Play Store page and if you have one, to the marketing website.

Check out the guide devoted to our integration methods for more information on how to integrate your privacy policy into your app.

Further information

For further details on privacy policies for Android/iOS apps on the app stores and its requirements, please refer to our guides here:

Still have questions?

Visit our support forum Email us