Privacy, security and deception

Privacy, security and deception

We’re committed to protecting user privacy and providing a safe and secure environment for our users. Apps that are deceptive, malicious, or intended to abuse or misuse any network, device or personal data are strictly prohibited.

User Data

You must be transparent in how you handle user data (e.g. information collected from or about a user, including device information). That means disclosing the collection, use and sharing of the data, and limiting the use of the data to the purposes disclosed, and the consent provided by the user. In addition, if your app handles personal or sensitive user data, please also refer to the additional requirements in the 'Personal and Sensitive Information' section below. These Google Play requirements are in addition to any requirements prescribed by applicable privacy or data protection laws.

  • expand_more Personal and Sensitive Information

    Personal and sensitive user data includes, but isn't limited to, personally identifiable information, financial and payment information, authentication information, phone book contacts, SMS and call-related data, microphone and camera sensor data, and sensitive device or usage data. If your app handles sensitive user data, then you must:

    • Limit your collection and use of this data to purposes directly related to providing and improving the features of the app (e.g. user-anticipated functionality that is documented and promoted in the app's description).
    • Post a privacy policy in both the designated field in the Play Console and within the app itself. The privacy policy must, together with any in-app disclosures, comprehensively disclose how your app collects, uses and shares user data. Your privacy policy must disclose the type of parties to which any personal or sensitive user data is shared.
    • Handle all personal or sensitive user data securely, including transmitting it using modern cryptography (for example, over HTTPS).
    Prominent Disclosure Requirement

    In cases where users may not expect that their personal or sensitive user data will be required to provide or improve the features of your app, you must meet the following requirements:

    Your app must provide an in-app disclosure of your data collection and use. The in-app disclosure:

    • Must be within the app itself, not only in the Play listing or a website;
    • Must be displayed in the normal usage of the app and not require the user to navigate into a menu or settings;
    • Must describe the data being collected;
    • Must explain how the data will be used;
    • Cannot only be placed in a privacy policy or Terms of Service; and
    • Cannot be included with other disclosures unrelated to personal or sensitive data collection.

    Your app's in-app disclosure must include a request for user consent. The app's request for consent:

    • Must present the consent dialogue in a clear and unambiguous way;
    • Must require affirmative user action (e.g. tap to accept, tick a tick-box, a verbal command, etc.) in order to accept;
    • Must not begin personal or sensitive data collection prior to obtaining affirmative consent;
    • Must not consider navigation away from the disclosure (including tapping away or pressing the back or home button) as consent; and
    • Must not utilise auto-dismissing or expiring messages.

    Here are some examples of common violations:

    • An app that accesses a user's inventory of installed apps and doesn't treat this data as personal or sensitive data subject to the Privacy Policy, Secure Transmission and Prominent Disclosure requirements.
    • An app that accesses a user's phone or contact book data and doesn't treat this data as personal or sensitive data subject to the Privacy Policy, Secure Transmission and Prominent Disclosure requirements.

    Specific Restrictions for Sensitive Data Access

    In addition to the requirements above, the table below describes requirements for specific activities.

    Activity Requirement
    Your app handles financial or payment information or government identification numbers Your app must never publicly disclose any personal or sensitive user data related to financial or payment activities or any government identification numbers.
    Your app handles non-public phone book or contact information We don't allow unauthorised publishing or disclosure of people's non-public contacts.
    Your app contains anti-virus or security functionality, such as anti-virus, anti-malware or security-related features Your app must post a privacy policy that, together with any in-app disclosures, explain what user data your app collects and transmits, how it's used and the type of parties with whom it's shared.
  • expand_more EU-US Privacy Shield

    Privacy Shield

    If you access, use or process personal information made available by Google that directly or indirectly identifies an individual, and that originated in the European Union or Switzerland ('EU Personal Information'), then you must:

    • comply with all applicable privacy, data security and data protection laws, directives, regulations and rules;
    • access, use or process EU Personal Information only for purposes that are consistent with the consent obtained from the individual to whom the EU Personal Information relates;
    • implement appropriate organisational and technical measures to protect EU Personal Information against loss, misuse and unauthorised or unlawful access, disclosure, alteration and destruction; and
    • provide the same level of protection as is required by the Privacy Shield Principles.

    You must monitor your compliance with these conditions on a regular basis. If, at any time, you cannot meet these conditions (or if there is a significant risk that you will not be able to meet them), you must immediately notify us by email to and immediately either stop processing EU Personal Information or take reasonable and appropriate steps to restore an adequate level of protection.

Was this article helpful?

Thank you for your answer!