0

I have seen that Play Store Developers received a mail to inform users about the usage of their personal data and to state why and how app's make use of certain features (like writing to the external storage/SD Card). I have to admit, I am new to Android Development and helping out here.

In our existing Play Store App we plan to release a new feature to take photos and thus access the camera for this purpose. I now wanted to ask how the following requirement has to be implemented: "Post a privacy policy in both the designated field in the Play Developer Console and from within the Play distributed app itself."

Is it some kind of Readme file, we have to upload or (like Apple does) have to provide a website with those information for the Play Store? (see http://www.iubenda.com/blog/privacy-policy-for-android-app/ first abstract), whereas other sources just talk about active URLs. Basically, a URL is not always available in an application (consider the case where a user got no internet connection)

How does it have to be presented in the App? Simple Toast, when accessing the Camera the first time or rather a new menu item "Privacy Policy" for the user and display the information in a website with formatted HTML, which we could also use for the PlayStore?

For the overal requirements see: https://play.google.com/about/privacy-security/personal-sensitive/

This question does not ONLY cover the Google PlayStore but also the best practises for embedding a such IN an Android Application.

Lepidopteron
  • 6,056
  • 5
  • 41
  • 53
  • 2
    I'm voting to close this question as off-topic because it concerns Google Play Store policies and procedures, rather than programming. Please refer to: [Are developer-centric questions about application stores on topic?‍](http://meta.stackoverflow.com/q/272165), [Why can't I ask customer service-related questions?](http://meta.stackoverflow.com/a/255746) – Mike M. Apr 10 '17 at 08:20

2 Answers2

1

I would look at how other Google apps do this to see their (Google's) preferred way of handling this. Most Google apps have a privacy policy menu item in the navigation drawer for basic privacy information, and show a full-screen popup where you have to tap "I agree" for more sensitive topics like location history, for example. This seems like a good approach to me, but you'll have to consult with a lawyer regarding privacy laws/requirements within your home country.

Helmut G.
  • 36
  • 5
  • What happens, if one does not agree within the app? Would you disable certain buttons/features? – Lepidopteron Apr 10 '17 at 14:29
  • Yes, I would disable features that rely on the specific privacy-sensitive area. For example, you can't use the Google Assistant at all if you haven't agreed to share your location history. It also depends how you're dealing with the content. If everything is happening within your app locally on the user's device, you can be a bit more lenient, but if you're transferring user data to your server, including storing their location, the user should absolutely have to opt-in rather than opt-out. – Helmut G. Apr 10 '17 at 16:48
  • Ow thank you for your long reply: basically, everything stays on the user's device. It is totally autarkic and independant from other systems, despite from Push Services and registering for specific events, happening occasionally. Do you think one would need specific Privacy Policies for using the camera and storing the images to the external directory, then we would not even have to implement a such within our app. – Lepidopteron Apr 10 '17 at 16:54
  • I wouldn't worry about it too much in this case. I would provide a simple privacy policy within your navigation menu as you mentioned in your original post. Since your app description on Google Play will make it clear that the app has something to do with photos, users will expect this (and can also deny the `CAMERA` permission if they're uncomfortable with this). – Helmut G. Apr 10 '17 at 17:00
0

For our implementation it was only concerning two aspects:

1) Camera Access 2) Storing data

I think the reason for Google to request a license Post was and still is to

  1. Developers more aware of how they use possible resources
  2. Users more aware of the usage of THEIR resources

Camera Access

We came up with the solution to not include the camera on our own, but instead performing "the Android way of delegating actions to other applications" and let someone else perform this for us. with the MediaStore.ACTION_IMAGE_CAPTURE. Bit unlucky it is that we had to write a FileProvider to support Androids new Sandboxing feature, as we come to step 2 "Storing Data"

Storing Data

We don't use the external storage anymore for this, instead we use the app's personal storage, as the data is tightly coupled to the rest of the application anyway. Of course, we had to ensure the app is still working if: 1. The user wants to delete specific files 2. The user deletes the app's data in settings

That's it: No Privacy Policy required anymore, as we don't use anything that would require certain permissions :-)

Lepidopteron
  • 6,056
  • 5
  • 41
  • 53