22 December 2020
More likely than not, your Android app is required to have a Privacy Policy. There are three main reasons for this:
If your Android app collects any personal information from users - that is, information that could be used to identify an individual - you need a Privacy Policy. Some examples of personal information include:
If your app collects this information, a number of laws and regulations that aim to protect consumers will apply to your app and require it to have a Privacy Policy.
Our Privacy Policy Generator makes it easy to create a Privacy Policy for your website. Just follow these steps:
Enter your email address where you'd like your policy sent, select translation versions and click "Generate."
You'll be able to instantly access and download your new Privacy Policy.
United States
In the US, the California Online Privacy Protection Act (CalOPPA) requires that any website or mobile app that collects personal information from users in the state of California must have a Privacy Policy in place that lets users know that their data is being collected, how it is being collected and used, and for what purposes.
Australia
The Australian Privacy Act of 1988 lists 13 Privacy Principles that companies that collect personal information must adhere to.
The very first principle is that companies need to have an up-to-date Privacy Policy in place.
In the UK
The Data Protection Act of 1998 from the UK has 8 principles that call for fair and minimal collection and use of personal information.
Data should only be collected for legitimate business reasons, and should only be collected in non-intrusive ways.
Transparency on collection practices is called for, as well as giving users notice about your practices. This is accomplished by including a Privacy Policy.
In the EU
The Data Protection Directive and ePrivacy Directive require that any app company that operates from the EU must have a Privacy Policy in place.
The new GDPR Directive may change some of these requirements as it comes into place.
The Google Play Developer Policy requires that all Android apps that collect and handle personal or sensitive user data have a Privacy Policy in place. The Privacy Policy must be posted in the Play Developer Console, as well as from within the app itself.
The content of the Privacy Policy must disclose "how your app collects, uses and shares user data, including the types of parties with whom it's shared."
Google makes it so easy to add your Privacy Policy URL to your Google Play Store listing. Follow these steps to stay compliant:
Find the field labeled Privacy Policy and enter the URL for where you host your policy. Note: Your policy must be hosted on your website.
You can use our Privacy Policy Generator to create a Privacy Policy. TermsFeed will host the policy for free.
Here's how Pinterest's Privacy Policy URL is displayed on its listing in the Google Play Store:
The Privacy Policy is also a part of the regular app and can be accessed by users at any time from within the app.
Google takes their Privacy Policy requirement seriously enough that they sent out an email to owners of apps that were in violation of the requirement.
Any apps that requested dangerous permissions and didn't have an adequate Privacy Policy in place by March of 2017 were to be removed from the Google Play Store if action wasn't taken before that deadline.
The Android platform requires that any apps that request user data or make sensitive permissions requests, such as a request by an app to access a user's "Camera" or "Microphone," will need a valid Privacy Policy both in the app store listing, and within the app itself.
Normal permissions cover areas where there are very few if any risks to the privacy of the user.
Dangerous or sensitive permissions cover the areas where the app requests data or access to resources that involve private user information, and could potentially affect the personal data stored on the user's device.
If your app requests permission to access any of the following "dangerous" or sensitive permission areas of a phone, you will need a Privacy Policy:
If your app will be accessing multiple sensitive areas of a user's Android device, you'll need to request permission for each area.
For example, Hangouts app asks for permission to record audio, and then it must also request separate permission to send and view SMS messages.
The Facebook Android app presents users with a permissions screen that helps summarize and explain that the app wants to access the Camera so that pictures can be taken while inside the app.
The app also wants to access the device's "Storage" so that the app can "store and access information like photos on your phone and its SD card."
After this main request screen, individual permissions to take pictures and record video are presented:
As well as access to photos, media and files on the device are asked by the app:
The Firefox Browser for Android requests multiple permissions at once, but each has a separate spot on the list with a drop-down arrow where a user can find out more information about each sensitive area.
Here's how the Firefox Privacy Policy is linked to its listing in the Google Play Store as required by Google:
You can also include a link in your permissions request box where users can find out more information before deciding to allow or deny the request.
This "Find Out More" link can link back to your Privacy Policy where users will be informed about your data collection and use practices.
Requesting permission to access sensitive areas of a mobile device isn't only for Androids.
It's used across platforms to stay compliant with privacy laws. Here's how Path requests permission to access the contacts on a user's iOS device:
The more permissions your app requests, the more likely it is that you'll be dealing with sensitive information and that your permissions will be deemed dangerous.
Include a Privacy Policy even if you do not collect personal data
Even if your Android app doesn't request any dangerous permissions, remember that you'll still need a Privacy Policy in place if your app collects any personal information from users.
Even if you don't collect any personal information and aren't required to have a Privacy Policy, it can never hurt to include one anyway that lets users know that their data won't be touched.
Users appreciate the transparency and clarity, and it can help keep you compliant with privacy laws as they grow and change with the digital world.
Here's how Ecquire does it:
To recap, your Android app will need a Privacy Policy in place if it:
This Privacy Policy must be linked:
These easy steps will keep you compliant with international laws, Google's policies, and Android's platform requirements. It will also give your app users the transparency they want when it comes to knowing how their personal information and personal mobile devices are used by you and your app.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.