20

I have an app which does not push any data to any server except that it uses the Firebase Analytics and Firebase Crashlytics libraries to submit analytics and crash reports to my Firebase account. My use of both of these libraries is bare minimum.

I submit analytics events as follows:

FirebaseAnalytics.getInstance(applicationContext).logEvent("SomeEvent", bundle)

I submit exceptions as follows:

FirebaseCrashlytics.getInstance().recordException(exception)

Neither the bundles submitted via the FirebaseAnalytics instance nor the exceptions submitted via the FirebaseCrashlytics instance contain any of the user's personal data or any data that identifies the user. The exceptions just convey that a certain area of the application has failed and the bundles just convey that a certain button was tapped without linking in any way to the user.

With this in mind, how do I answer the following "Data collection and security" questions in the Google Play Data Safety form:

  1. Does your app collect or share any of the required user data types? [Yes/No]
  2. Is all of the user data collected by your app encrypted in transit? [Yes/No]
  3. Do you provide a way for users to request that their data is deleted? [Yes/No]
Adil Hussain
  • 30,049
  • 21
  • 112
  • 147
  • 1
    I have pretty much the same question. I'll add that I also [disable collection of device identifiers](https://firebase.google.com/docs/analytics/configure-data-collection?platform=android#disable_advertising_id_collection). Firebase is working on a [doc on how to address this](https://firebase.google.com/docs/android/play-data-disclosure), however it's incomplete at the moment. – Rusty Jan 06 '22 at 21:36
  • still no reply here? Did you manage to find out the answer? I'm having the same issue – Anonymous Jan 19 '22 at 18:43
  • 1
    Yes, no reply here or elsewhere. In the absence of a clear answer or any answer from Google, I decided to answer the first question with "No" and that was the end of the form for me. – Adil Hussain Jan 20 '22 at 10:54
  • @AdilHussain And how did answering no work for you? Caused any issues or went smoothly? – Nishant Singh Aug 19 '22 at 20:04
  • 1
    @NishantSingh It has worked fine. My apps are live in the store [here](https://play.google.com/store/apps/details?id=com.tazkiyatech.hifdhtracker) and [here](https://play.google.com/store/apps/details?id=com.tazkiyatech.hifdhtester). – Adil Hussain Aug 22 '22 at 13:50
  • There is a repo with all required information required for the Data safety form - [link](https://github.com/Privado-Inc/SDK-Privacy-Report/blob/main/Android%20App%20-%20SDK%20Privacy%20Report.csv) – Dmitrijs Jan 21 '22 at 09:31
  • Based on that link, what would you answer for the three opening "Data collection and security" questions in the Google Play Data Safety form? See my post in this thread for the three questions. – Adil Hussain Jan 21 '22 at 09:41
  • Yes, Yes, 3rd one depends on your implementation. Do you have a button to delete user info or at least an e-mail link where the user can write his request? I selected 'No' for now, as I collect only anonymous info (just Firebase and Admob) – Dmitrijs Jan 21 '22 at 09:46
  • Regarding the third question, does Firebase offer APIs or a UI in their console to delete data that they have automatically gathered from a particular user and anonymised? If you could edit your answer to cover this and the first two questions in the form, that would be of immense value to future readers. Thank you for your responses thus far. I appreciate your help. – Adil Hussain Jan 21 '22 at 09:57
  • there is a lot of confusion that google has created , recently got an mail asking to submit the data safety form it mentioned nearly 3,00,000 apps have summitted it thats not even 10 % of the total playstore apps, hopefully they extend the time period and provide better guidelines like a video tutorial with demo app for admob and firebase. – 1234567 Jan 22 '22 at 02:46

1 Answers1

6

The same applies to firebase as to admob

  • Does your app collect or share any of the required user data types? Yes
  • Is all of the user data collected by your app encrypted in transit? Yes
  • Do you provide a way for users to request that their data is deleted? No

Location > Approximate location
App activity > Page views and taps in app
App info and performance > Crash logs, Diagnostics
Device or other identifiers > Device or other identifiers


How do I know this for sure?

Because under device and other identifiers the extra info states:

Identifiers that relate to an individual device, browser or app. For example, an IMEI number, MAC address, Widevine device ID, Firebase installation ID or advertising identifier.

Which indicates that they do consider Firebase to be collecting data

Jesse de gans
  • 1,432
  • 1
  • 14
  • 27
  • 1
    Without clear information from Google, I'm following this post's advice – Daniel Sep 05 '22 at 17:42
  • although you could argue you don't need to check the device ID box if you only use analytics. [Here](https://firebase.google.com/docs/projects/manage-installations) are the Firebase services listed that use the device ID and analytics is not amongst them. – mx1up Oct 29 '22 at 20:52