You must be transparent in how you handle user data: disclosing the collection, use, and sharing of the data, and limiting the use of the data to the purposes disclosed, and the consent provided by the user.
Personal and sensitive user data includes, but isn’t limited to, personally identifiable information, financial and payment information, authentication information, phonebook, contacts SMS and call related data, microphone and camera sensor data, and sensitive device or usage data
- Limit your collection and use of this data to purposes directly related to providing and improving the features of the app
- Handle all personal or sensitive user data securely (SSL)
Your app must provide an in-app disclosure of your data collection and use. The in-app disclosure:
- Must be within the app itself, not only in the Play listing or a website;
- Must be displayed in the normal usage of the app and not require the user to navigate into a menu or settings;
- Must describe the data being collected;
- Must explain how the data will be used;
- Cannot be included with other disclosures unrelated to personal or sensitive data collection.
Your app’s in-app disclosure must include a request for user consent. The app’s request for consent:
- Must present the consent dialog in a clear and unambiguous way;
- Must require affirmative user action (e.g. tap to accept, tick a check-box, a verbal command, etc.) in order to accept;
- Must not begin personal or sensitive data collection prior to obtaining affirmative consent;
- Must not consider navigation away from the disclosure (including tapping away or pressing the back or home button) as consent; and
- Must not utilize auto-dismissing or expiring messages.
You may only request permissions that are necessary to implement critical current features or services in your application.
Additional requirements for the use of specific permissions
|READ_CALL_LOG, WRITE_CALL_LOG, PROCESS_OUTGOING_CALLS||It must be actively registered as the default Phone or Assistant handler on the device.|
|READ_SMS, SEND_SMS, WRITE_SMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, RECEIVE_MMS||It must be actively registered as the default SMS or Assistant handler on the device.|
Apps may only use the permission to provide approved critical core app functionality. You may never sell this data.
The objective of the above restrictions is to protect user privacy. We may grant limited exceptions to the default handler requirement in cases when an app is not the default handler, but abides by all of the above requirements and clearly and transparently provides a highly compelling or critical feature where there is currently no alternative method to provide the feature. Such features will be evaluated against any potential privacy or security impact on users. These exceptions are rare and will not be extended to all developers. Please see this Help Center page for more information.
Spam and Minimum Functionality
We don’t allow apps that spam users or Google Play, such as apps that send users unsolicited messages or apps that are repetitive or low-quality.
We don’t allow apps that send SMS, email, or other messages on behalf of the user without giving the user the ability to confirm the content and intended recipients.
We don’t allow apps that crash, force close, freeze, or otherwise function abnormally.