My app uses Admob ads and Google Analytics. Do these collect any sensitive information for which prominent disclosure needs to be provided?
Is it necessary to show an age gate at app start to make sure the user is at least 13 years old?
You need to look at both to determine what kind of data they collect from your users.
AdMob and Google Analytics collects data that can serve behavioral marketing (remarketing) and you're required to disclose this to users and provide them with information how to opt-out of Google's remarketing:
https://support.google.com/admob/answer/2753860?hl=en&ref_topic=2745287
https://developers.google.com/analytics/devguides/collection/
Just doing some quick googling, I found this page that gives some information on admob and COPPA requirements. I want to say that I've never seen an app that uses admob give me some coppa notice, and google analytics would generally only be data you collect from users on who is using your app (general, like age, gender, location, etc) and how. Unless you are specifically targeting ages <13, imo you should be fine.
Related
I am about to submit an app to the Apple AppStore built in Swift that uses Crashlytics to capture crash information. As users of Crashlytics know, some information about usage, duration, crashes, etc. is captured and stored on the Crashlytics servers. My application does not ask for, store or attempt to capture any user data.
My question is about the privacy policy for my application. Since I don't capture any user data, I want to state that in my privacy policy but I'm not sure that's factual since I am using Crashlytics. Any feedback on people that have used Crashlytics in their app and have an actual privacy policy?
Thanks
--Vinny
Quick answer: yes, you need that privacy policy. There are ways to get it done fast, too.
Longer answer:
Third parties (here Crashlytics)
When dealing with a third party service like this, often a quick look into their legal documents will help (for Crashlytics in this case as described in your question).
(...) At all times during the term of this Agreement, Developer shall
maintain a privacy policy (a) that is readily accessible to users from
its website or within its online service (as applicable), (b) that
fully and accurately discloses to its users what information is
collected about its users and (c) that states that such information is
disclosed to and processed by third party providers like Crashlytics
in the manner contemplated by the Services, including, without
limitation, disclosure of the use of technology to track users’
activity and otherwise collect information from users. (...)
And
Developer shall at all times comply with all applicable laws, rules
and regulations relating to data collection, privacy and security,
including, without limitation, the Children’s Online Privacy
Protection Act (“COPPA”). Crashlytics may, at its sole discretion from
time to time during the Term of this Agreement, audit Developer Data
to verify compliance.
Crashlytics is actually being unusually vocal about this topic.
The App Store
At the time of writing (and since iOS8) Apple requires privacy policies for 5 categories:
Kids Category, HomeKit, HealthKit, Apple Pay, and Keyboard Extentions. Also they require privacy policies for user registrations (more). I can't tell if any of the above for your app is true. Apple still says in their App Store Review Guidelines that you need to be compliant with all applicable laws. This brings us to the third and most important reason.
Privacy related regulations
All of the above is just there because of global privacy regulations, these companies would most likely not care otherwise. As soon as you work with User data you are mostly under an obligation to disclose these facts. It's personal data like names, addresses or the tracking of user behaviour. It's been written at length why analytics services need privacy policies. All of it is more important as soon as you share data and use third party services for it. Mostly the disclosure or some kind of consent is the condition for it's compliant usage.
If you are interested in reading more about the matter in the context of mobile apps I'd suggest any of these documents:
ICO UK
Ireland
USA/California
Canada
Australia
Hope this helps.
(For proper disclosure: I do some work for iubenda, a tool that helps creating privacy policies for apps and websites)
Vinny, I think it's not mandatory (I've seen apps using Crashlytics wihtout a privacy policy), but it's recommended to have transparency in the communications with your users.
Crashlytics already has a privacy policy so you can just use that policy and add a statement informing that you are not collecting any sensitive information from the user, such as email or phone number.
The Firebase Analytics dashboard shows a card for demographics, including age and gender.
According to https://support.google.com/firebase/answer/6317486?hl=en Firebase should be automatically collecting age and gender. Can anyone explain how it collects that information, and if anything else needs to be done in order to provide it?
In my dashboard, I'm seeing no age or gender data. I also haven't found any public API in the firebase-analytics SDK that would allow for setting the age or gender of the user.
If it comes from the advertiser id, does that mean we must also integrate with AdMob in order to get that data -- and if we don't use AdMob, then age and gender are impossible to gather? And does AdMob then also have to be linked with the Firebase project before it can start populating that data?
On Android, this data is derived from the Advertising Id, which is automatically collected on devices with Google Play Services installed. On iOS, this data is derived from the Advertising Identifier (IDFA) when available (i.e. when your app links to the Ad Support Framework). AdMob is not a prerequisite for Age, Gender or Interests on either platform.
Clarifying note from comments: Firebase Analytics demographic reports is thresholded for privacy reasons. Once you have enough data -- at least 10 users per age/gender bracket -- data for that bracket will be shown.
In case someone else stumbles upon this, make sure that you have the google signals enabled in the admin console. This is not part of the firebase analytics onboarding process as far as I remember, and it's off by default.
You can find how to do it here:
https://support.google.com/analytics/answer/9445345?hl=en
Joe, if you are building iOS app and you have no access to IDFA you will not see demographics data for your users. You need to link to ad support framework. Please read the Apple developer documentation on when its okay to use ad support framework in your app.
I was trying to add a logic in my application so that I can stop or avoid my application from Piracy \ Copied
I don't own a google play developer's account and I am curious to know that is google provide any kind of information about user who had downloaded my application ? An email id of user maybe?
Anything which can be used to authenticate any user ?
Apologies for the off-topic question.
That's a good question !
I search a little and the answer is in the Developer Distribution Agreement for Android.
It's says in the 9th point that personal data, including store and devices utilisation data can be use (As well as others data, but no mentions of them...) respecting the Google Privacy Policy.
9.1 In order to continually innovate and improve the Store, Google may collect >certain usage statistics from the Store and Devices, including but not limited >to, information on how the Store and Devices are being used.
9.2 The data collected is examined in the aggregate to improve the Store for >users and Developers and is maintained in accordance with Google's Privacy >Policy. To ensure the improvement of Products, limited aggregate data may be >available to you upon written request.
BUT e-mail informations and other sensible data like this must be wrote down. So don't worry
I am using AdMob in my android application. Do i need to create a Privacy Policy in my application to inform users about cookies that Google uses?
If yes where do i need to put it?
Do i must write it in descriptions on Google Play? Or on fist run do I must show a fragment window? Or can I write the Privacy Policy just in section "About App"?
What do I write?
I read the Google Documents, but i didn't understand clearly.
https://support.google.com/googleplay/android-developer/answer/2519872?hl=en
To clarify for anyone who is finding this question:
The answer is yes, you need a privacy policy for your app if you are using AdMob. Refer to: AdMob Help (bottom of the page).
... Additionally, your app's privacy policy may need to be updated to reflect the use of personalized advertising (formerly known as interest-based advertising) served via the Google Mobile Ads SDK. Please take a moment to review your app's privacy policies and ensure that they are up-to-date. Because publisher pages and laws vary across countries, we're unable to suggest specific privacy policy language...
They essentially want you to inform users about the use of targeted advertising. They don't explicitly tell you what to write though.
Personally I think it should be enough to write something about that you use AdMob to serve ads and that AdMob uses the devices advertising id to serve personalized ads based on the users interests (which includes collecting and analyzing user data). A link to the Google page to opt-out of personalized advertising and to Googles Privacy Policies (here and here) can't hurt.
This also suggests that you need to have at least a link to your privacy policy in your app and on the store page. But maybe AdMob doesn't count as handling sensitive data, so maybe the link to the policy on the store page is optional in this case.
As a side note: If you use any Google Services (e.g. Location, Firebase, Places Api) you probably need a privacy policy
Things changed in 2017 (even without AdMob):
AdMob is another subject: I talk about any app event without AdMob (my case for example)
Google threatens to remove my open source app JSAir just for http://android.permission.READ _PHONE_STATE (for UX: I need to check connection is active or not = that's all).
I had the surprise of receiving a mail from Google who wants me to create a privacy policy website now (I did not have before).
I will have to say something like:
This application stores/send/read nothing apart javascript air website information!!! So there is no better privacy conscious application.
I made a public gist and posted the url here is the gist
you can check here
play store
is there any way to give access to the statistics of a specific app on my google play developer account to a 3rd person?
I have various apps, one of them is developed for a customer and he asks access to the downloads and rest statistics.
At present, Google Play does not provide mechanism to enable access to a specific app alone, although you could give access to your whole Developer Console. The only thing you can restrict is the financial information. I hope this is not what you want.
In your case, you could provide screenshots if that is acceptable.
I ended up to use a google api to retrieve the statistics and create my web front end to show them to my customer.
You can find at http://code.google.com/p/android-market-api/ a php version of the backend.
kudos to this post too: Is there an API to get statictics on Google Play developer console?
As far as I concerned, there is now way to give access to statistics only to 3-rd person, besides giving him your account information. For my personal usage, I developed a widget for tracking some statistics of my application and eventually I released it on the market. So I think it will be helpful to you as well Applications Tracker Widget is the app which will help you