First and last names,
Financial information (bank account number, credit card number, etc.),
Shipping and billing addresses,
Social security numbers
The Australian Privacy Act of 1988 lists 13 Privacy Principles that companies that collect personal information must adhere to.
In the UK
The Data Protection Act of 1998 from the UK has 8 principles that call for fair and minimal collection and use of personal information.
Data should only be collected for legitimate business reasons, and should only be collected in non-intrusive ways.
The new GDPR Directive may change some of these requirements as it comes into place.
Required by Google Play
Normal permissions cover areas where there are very few if any risks to the privacy of the user.
Dangerous or sensitive permissions cover the areas where the app requests data or access to resources that involve private user information, and could potentially affect the personal data stored on the user's device.
Camera - If an app can access a camera, it may be able to turn on the camera and record video without a user's consent. This can obviously be a huge violation of the user's privacy.
Microphone - Recording audio is a sensitive permission because it will require use of the device's microphone, which raises issues of user privacy. Here's how Google Hangouts requests permission for the Hangouts app to record audio.
If your app will be accessing multiple sensitive areas of a user's Android device, you'll need to request permission for each area.
For example, Hangouts app asks for permission to record audio, and then it must also request separate permission to send and view SMS messages.
The Facebook Android app presents users with a permissions screen that helps summarize and explain that the app wants to access the Camera so that pictures can be taken while inside the app.
The app also wants to access the device's "Storage" so that the app can "store and access information like photos on your phone and its SD card."
After this main request screen, individual permissions to take pictures and record video are presented:
As well as access to photos, media and files on the device are asked by the app:
The Firefox Browser for Android requests multiple permissions at once, but each has a separate spot on the list with a drop-down arrow where a user can find out more information about each sensitive area.
You can also include a link in your permissions request box where users can find out more information before deciding to allow or deny the request.
Requesting permission to access sensitive areas of a mobile device isn't only for Androids.
It's used across platforms to stay compliant with privacy laws. Here's how Path requests permission to access the contacts on a user's iOS device:
The more permissions your app requests, the more likely it is that you'll be dealing with sensitive information and that your permissions will be deemed dangerous.
Users appreciate the transparency and clarity, and it can help keep you compliant with privacy laws as they grow and change with the digital world.
Collects any personal information from or about users via the app, or
Requests permission to access sensitive areas of the mobile device.
To your app's listing page in the Google Play Store, and
Within your app itself.
These easy steps will keep you compliant with international laws, Google's policies, and Android's platform requirements. It will also give your app users the transparency they want when it comes to knowing how their personal information and personal mobile devices are used by you and your app.