Google Play has notified me to publish a Privacy Policy for my app. I have created a website to host this information. I am planning to update the website link from the developer console shortly.
As per the new policy, Google is asking that we should also update our app to have a link to the privacy policy. Unfortunately I cannot do this anymore as I lost my keystore in a hard-disk crash. Is this step optional? Will Google Play allow my app to be listed with just a privacy policy website link in the Store listing, without the app itself not having the privacy policy details?
Thanks
Balaji
1) You absolutely need your privacy policy on the Play Store page PLUS within the app
This is what Google says:
If your app requests user data or makes sensitive permissions requests
such as Phone, Accounts, Contacts, Camera, or Microphone, you'll need
to add a valid privacy policy in two places: your app's Store Listing
page (instructions below) and within your app.
I'd also like to add some more insight why that is the case. If you are into privacy law theory, then I suggest you read this pdf by a Pan-European privacy body, otherwise I just suggest to read the summary here:
The essential scope of information about data processing 1) must be
available to the users before app installation, via the app store.
Secondly, the relevant information about the data processing 2) must
also be accessible from within the app, after installation.
You can see - in theory - this is absolutely requested and required and you should strive to get that done. Hope this helps. p.s. I work for a startup that helps with privacy policies. (link)
Related
I did not know what to link as my privacy policy page for my app submission for the android play store and so I looked on the internet for answers and apparently I can use any random privacy policy page and my app can still be approved. This is the page that I linked as my privacy policy page, I'm not even sure if its going to get approved so can someone tell me if this is an acceptable privacy policy page or will it get rejected? If it is not then can someone link me something that will work for any type of app.
Unlikely that Google will approve any apps without a specific Privacy Policy.
To get the app approved:
Have a descriptive Privacy Policy that discloses your collection and use of images from users
Complete the Data Safety form to match your Privacy Policy disclosures
If you do not collect any data (including through use of third-party SDKs), simply state so in a Privacy Policy.
my app got rejected from the google play store due to the following reason:
APK REQUIRES PROMINENT DISCLOSURE
Your app is uploading users' [Installed packages] information to [https://app-measurement.com/a] without a prominent disclosure. Prior to the collection and transmission, it must prominently highlight how the user data will be used, describe the type of data being collected and have the user provide affirmative consent for such use.
as I know, app-measurement.com is firebase analytics end point and we do use it, but we most definitly do not upload the users "installed packages".
my guess is that one of our 3rd party packages might be doing that, but I have no idea how to find out, and the notice I got from google does not give away any more details.
help will be much appriciated!
You need to write a privacy policy outlining what data you collect and who you share it with. You then have to add it to your store listing on the Google Play Console. In your app you will have to add a consent screen which shows the privacy policy and requires the user to press an "Accept Privacy Policy" button.
If your application comes under any of these headings you will have to submit a privacy policy notice to any user:
If your app collects personal data from users under the age of 13, you'll need to comply with COPPA or Data Protection Act etc depending on your country
If your app collects personal data from minors (under the age of 18), comply with the Content Eraser law.
If you collect personal data from students, comply with the SOPIPA law
If you are using remarketing/retargeting tracking code with Google AdWords or AdRoll or any other third-party, you'll need to update the
the Privacy Policy to inform users about this practice.
If you do fall under this, then you will have to create a policy.
to do this:
Follow these steps to add the Privacy Policy URL to your Google Play Store app listing:
Log into your Google Play Developer Console. If you don't have an account, create one first.
Select All Applications
Select the application
Click Store Listing
Go to the Privacy Policy field
Enter the URL where you host the policy. You must host the policy on your website.
Click Save
There may be multiple reasons for it. I am explaining as per my experience.
1. Check other tracks: Apart from the production track, check into other tracks as well.
i.e: Internal / Closed / Open testing track or any custom track you created. Each track must comply with the policy. In our case, there was an abandoned old Closed Testing track. I created a release for that track and it worked. Please note: We can not delete the "Internal / Closed / Open testing track". It's not fair but we have no option to delete it and we have to keep that track updated.
Google response:
2. Fix the policy issues: Your privacy policy page must clearly explain how user's each data is collected or shared by the application. Especially phone number, email, name, etc. For example, you can find the privacy policy page in the "Developer contact" section of our application.
3. Insert privacy policy: Provide proper and valid privacy policy URL in play store console.
Play store Console > Select your app > Policy and programs > App content > Privacy policy
4. Adequate prominent disclosure:
Apart from privacy policy, there should be prominent disclosure before using any of the user's data. Information should be simple, readable, and clear. For more information, have a look at Best practices for prominent disclosure and consent.
Prominent disclosure example:
:OTHER POSSIBLE REJECTION REASON:
5. Data safety:
Play store Console > Select your app > Policy and programs > App content > Data safety
Need to declare each data type collected or shared by the application.
6. Cardinal Mobile SDK usage: Application or any dependencies must use an updated version of Cardinal Mobile SDK. In our case paypal-android-checkout-sdk was using the Cardinal mobile SDK. We just updated it to the latest version.
Google response:
7. Action requested: Declare your Ad ID permission:
For more information, you can have a look at this S.O. answer.
I get the following email from google play team:
Hello Google Play Developer,
Our records show that your app, XXXX , with package
name com.XXX.XXX, currently violates our User Data policy
regarding Personal and Sensitive Information.
Policy issue: Google Play requires developers to provide a valid
privacy policy when the app requests or handles sensitive user or
device information. Your app requests sensitive permissions (e.g.
camera, microphone, accounts, contacts, or phone) or user data, but
does not include a valid privacy policy.
Action required: Include a link to a valid privacy policy on your
app's Store Listing page and within your app. You can find more
information in our help center.
Alternatively, you may opt-out of this requirement by removing any
requests for sensitive permissions or user data.
If you have additional apps in your catalog, please make sure they are
compliant with our Prominent Disclosure requirements.
Please resolve this issue by March 15, 2017, or administrative action
will be taken to limit the visibility of your app, up to and including
removal from the Play Store. Thanks for helping us provide a clear and
transparent experience for Google Play users.
Regards,
The Google Play Team
What is the meaning of Valid Privacy Policy, I get away to add URL privacy policy to Store Listing from
Warning of Google Play Developer policy violation: Action Required
, but Is enough to add a link for privacy policy page on Store Listing ? Is play store accept any privacy policy URL? and how I can add valid policy to my app? because on another email from google play team, They Said I need to add a privacy policy in two places not just Store Listing:
If your app requests user data or makes sensitive permissions requests
such as Phone, Accounts, Contacts, Camera, or Microphone, you'll need
to add a valid privacy policy in two places: your app's Store Listing
page (instructions below) and within your app.
I think I'm qualified to give you a more detailed answer. I have two apps on the App Store (iOS) and I've worked on a mobile privacy policy generator for years. I'v e also recently written quite a few words about the above issue.
1) You absolutely need your privacy policy on the Play Store page PLUS within the app
This is what Google says:
If your app requests user data or makes sensitive permissions requests
such as Phone, Accounts, Contacts, Camera, or Microphone, you'll need
to add a valid privacy policy in two places: your app's Store Listing
page (instructions below) and within your app.
I'd also like to add some more insight why that is the case. If you are into privacy law theory, then I suggest you read this pdf by a Pan-European privacy body, otherwise I just suggest to read the summary here:
The essential scope of information about data processing 1) must be
available to the users before app installation, via the app store.
Secondly, the relevant information about the data processing 2) must
also be accessible from within the app, after installation.
And here is some bonus information Google doesn't talk about.
The Working Party recommends that information about personal data
processing is also available, and easy to locate, such as within the
app store 3) and preferably on the regular websites of the app
developer responsible for the app. It is unacceptable that the users
be placed in a position where they would have to search the web for
information on the app data processing policies instead of being
informed directly by the app developer or other data controller.
2) Adding a VALID privacy policy (link)
Now for the question of the vailidity of your privacy policy. You need to outline which sensitive permissions/user data you process and for what purpose.
I'm seeing a lot of advice saying that you just need to say that you access the camera but that isn't enough.
Say you access the camera
Say what purpose that serves
Say whatever else user data you process (name, email address, etc. etc)
This should help :)
Adding Privacy Policy to Web Site
Find a policy from an app. There are lots of apps that have privacy
policy in them. I, here, clearly state how
and why i use users permission and personal info.
If you have a web site put it your web site. If you don't have one
create one free from Google Sites.
Adding Privacy Policy to Application
There are 3 ways i've sen so far how it's displayed to users
Menu button on NavigationView.
Inside an AlertDialog after user accepted Runtime Permissions
Inside a section of Settings activity or fragment
You must also add Privacy Policy Url to your app as Google states. They don't check it for now, but if they do in the future, you can be sorry if you didn't. I add it to Navigation View and open url when user touches it.
Do I have to put a copy of Privacy Policy inside the app itself, or should i only put the url to it inside google play without even mentioning it inside my app.
Both as much as possible.
A public URL would most likely be required for that Privacy Policy field by Google Play Store if your app requests sensitive permissions.
If you don't add the URL and your app needs sensitive permissions, you'll receive a violation warning email from Google. Your app may be unlisted if you don't fix the violation.
Keep in mind that your business "must conspicuously link to a Privacy Policy".
That's a requirement from CalOPPA in the US, but most privacy regulations around the world have a similar requirement: PIPEDA in Canada, Privacy Act in Australia etc.
You have multiple options how to link to your Privacy Policy from within your app: About or Settings screen, Sign-up or Login screens, separate item in the menu etc.
In most cases the privacy policy is associated with the company that is publishing the app rather than the app. After all, that is the entity that people are trusting to implement the policy. So I think it is enough to have it on a company website and refer to this in Google Play. A key thing is that people should be able to search the web for the company name, or app and find the privacy policy. While not specifically about Android apps, the following link gives some guidance on this
Note that there are particular circumstances where user's need to be made aware of your approach to their data at the time they would be entering it. See Google's website
If your app collects and transmits personal or sensitive user data unrelated to functionality described prominently in the app’s listing on Google Play or in the app interface, then prior to the collection and transmission, it must prominently highlight how the user data will be used and have the user provide affirmative consent for such use.
You NEED your privacy policy on the Play Store page PLUS within the app
Since February 2017 Google enforces a strict privacy policy requirement on apps requesting sensitive permissions and user data policies.
Please check the following provided by Google to determine if either needs to have a policy or not:
For apps that request access to sensitive permissions or data (as defined in the user data policies: You must link to a privacy policy on your app's store listing page and within your app. Make sure your privacy policy is available on an active URL, applies to your app, and specifically covers user privacy.
For apps in the Designed for Families program: You must link to a privacy policy on your app's store listing page and within your app, regardless of your app's access to sensitive permissions or data. Make sure your privacy policy is available on an active URL, applies to your app, and specifically covers user privacy.
For other apps: You're not required to post a privacy policy.
Once you've identified what your app needs, your privacy policy will need the following:
The privacy policy must, together with any in-app disclosures, comprehensively disclose how your app collects, uses and shares user data, including the types of parties with whom it's shared. Outline which sensitive permissions/user data you process and for what purpose:
Say you will access their microphone
Say what purpose that serves
And other user data you process (name, email, address, etc)
If you need more information you can go to iubenda - Privacy Policy for Android
I am having trouble here, this is my first app and there is so much involved, I did not think it was this hard, currently I am stuck on adding a link to my app's PRIVACY POLICY my app is very simple.
It does not share any data but I do use Google Analytics, one more thing is that I do not have a website, so supposedly I had the privacy policy link where would I put it apart from a site I own?
Thanks.
website hosting
checkout GitHub's GitHub Pages services. they host a simple static website for you for free! basic instructions:
create a public repository on GitHub named [username].github.io (replace "[username]")
commit an index.html file to the root of the repo.
you can see your site online at http://[username].github.io/.
privacy policy
basic privacy policy template here....it'll give you a template that you can simply copy and paste and modify to fit your needs. unlike most other places that are after your money and/or personal information!!! 😠😠😠
This is
a simple guide from google itself. you can host your site in google sites no need to host github sites
Simplest steps to resolve Google Play Console privacy policy link issue:
Create your own app privacy policy.
After created, hosted in any website hosting (In my case, I hosted in GitHub Pages) and copy the privacy policy url.
Pasted the privacy policy url in the Google Play Console Privacy Policy section.
Save and wait for review.
Done!
You might not need one. You could inform the user in-app that you're using Analytics. Otherwise, you can check out free sites like Google Sites to easily create a web-page with its own URL that you can link to.
My app doesn't share or collect any data, but I need to complete data safety form and part of it is a link to privacy policy.
Privacy Policies are very important legal agreements. Make absolutely sure you are not using any 3rd party solutions that might be tracking your users unwittingly. Adding analytics or user login to your app usually requires a more comprehensive privacy policy.
If your app really doesn't collect data remotely or use third party services that do, then that makes your privacy policy very simple. In that case, I suggest stating the following:
Your app doesn't track users
Your app doesn't collect data; or that data is stored securely on the user's device and stays private
Data is not shared with your company or any third parties without permission (since you might want to collect user feedback like bug reports with the user's explicit permission)
You can easily write your own privacy policy, but here's a minimal template for the bullet points above:
app_name_or_legal_entity's commitment to privacy is simple: We don't track you! We don't collect or transmit your data; instead, information you submit in our app is stored privately and securely on your device. Your information won't ever be shared with us or any third party without your explicit permission.
Keep in mind that this is subjective, but I suggest keeping it short and adding a section where you explain why your business doesn't collect user data. It could be as simple as stating something like "We believe privacy is a human right."
I had massive problems with my privacy policy getting rejected, no matter what I wrote in it. But in the end it turned out that there was nothing wrong with the actual contents of my policy, the problem was instead that I hosted it on my web page using a client-rendered Vue application. I guess that this prevented Google's system from properly crawling the URL that I supplied to them. When pasted the same privacy policy in a Google Docs and used the "Publish to Web" option in order to get a URL, it got approved right away.
A pity that the error message wasn't more clear on that.
There are many reasons why you'd want a privacy policy, one is the fact that you are using Google Analytics. Here is what the Google Analytics terms of use say under "7. Privacy":
You will have and abide by an appropriate Privacy Policy and will
comply with all applicable laws, policies, and regulations relating to
the collection of information from Visitors. You must post a Privacy
Policy and that Privacy Policy must provide notice of Your use of
cookies that are used to collect data. You must disclose the use of
Google Analytics, and how it collects and processes data. (...)
Sure, you can trick your way around the requirement, but that doesn't mean the problem goes away. You can find a lot of information around the web about how to write a privacy policy for apps and more, the advice I'd give depends on a lot of factors.
How to get your privacy policy done:
Proper disclosure to start this section: I work at iubenda where we create solutions for problems like yours, our software generates privacy policies based on user input.
I've posted about privacy policies for the Play Store on iubenda's company blog a while ago, this might help you out and give you the right ideas.
iubenda also helps with your problem of not having a site, the privacy policy is generated and hosted on our site, you can just copy-paste the link into the app and the app store.
You might be able to click the "Not submitting a privacy policy URL at this time" check box at the "Store Listing" page:
Screenshot from Google Play Store Store Listing page
But even if you don't collect personal data, you're still required by Google Analytics Terms of Service to have the Privacy Policy agreement:
Screenshot from Google Analytics Terms of Service
However, it's important to keep in mind that if you use third party tools like Google Analytics you may also be required by those parties to have the Privacy Policy.
But Google Play Store requires you to have the policy before the app is public. Here's a quote from the Google Play Developer Distribution Agreement:
You agree that if you use the Store to distribute Products, you will
protect the privacy and legal rights of users. If the users provide
you with, or your Product accesses or uses, user names, passwords, or
other login information or personal information, you must make the
users aware that the information will be available to your Product,
and you must provide a legally adequate privacy notice and protection
for those users.
There are many websites to make a privacy policy like this and this. You can create the privacy policy there and then copy the text. Then, you can host a file on GitHub and then set this text in the file