- Add information about your business: your website and/or app.
- Select the country:
- Answer the questions from our wizard relating to what type of information you collect from your users.
- 4. What are Android App Permissions?
- 6. How Do You Obtain Permissions for Android Apps?
- 8.1. European Union: General Data Protection Regulation (GDPR)
- 8.2. USA/California: California Online Privacy Protection Act (CalOPPA)
- 8.3. Australia: Australian Privacy Principles (APP)
- 8.4. Canada: Personal Information Protection and Electronic Data Act (PIPEDA)
- 10. Summary
- What type of personal information you collect
- Why you collect this data
- How you use or process the data
- What rights users have to control your use of their personal data
In other words, it sets out the various ways that you collect, manage, and store any data which may be used to personally identify an individual.
Privacy Policies promote transparency. They help users understand what happens to any data they share with a company across various channels, including apps and mobile devices.
- Your app processes any amount of personal or sensitive data, or
- Your app is likely to be used by children (this is a Google requirement)
What is considered “personal” or “sensitive” data varies depending on which privacy laws apply. We will cover this in more detail below, but generally, we can define these categories of data as follows:
- Personal data: Any information which could be used to identify a living individual. Examples include email addresses, login details, location data, and IP addresses
- Sensitive data: A special category of personal data which is inherently more sensitive e.g. biometric data, criminal convictions, and religious affiliations
If your app requires such permissions to work, then you need to disclose:
- What permissions you require
- Why you require these permissions
- What data you will collect
- How the data is processed
For example, if you require access to a user’s calendar, but this isn’t obvious from the app store listing, then you need to:
- Request permission to access this component
Here is what Google Play Store says about such prominent disclosure requirements:
What are Android App Permissions?
“Permissions” are requests to access certain parts of a user’s device. For example, an app might request access to:
Here’s an example:
Apps might also request access to data or even other apps, including:
- Location data
Here’s an example of how an app can request location data:
You can view the full list of Android permissions on the developer platform.
For our purposes, what matters is that to protect users’ privacy, you may need express and informed permission to access these device components.
Google groups permissions into two broad categories: normal and runtime permissions.
- Normal Permissions: Normal permissions give your app access to data which has little to no impact on a user’s privacy.
- Runtime Permissions: Runtime permissions, or “dangerous” permissions, are more sensitive. They allow your app to perform more sensitive actions that could impact a user’s privacy.
Device components which could fall under the “dangerous” category include the device microphone and camera.
In simple terms, you may not need specific consent to run “normal” permissions through your app. However, since runtime permissions may rely on access to personal data, you do need permission to use these tools.
This is part of Google’s commitment to protecting user privacy through limiting data processing.
How Do You Obtain Permissions for Android Apps?
If you want to rely on certain Android app permissions, then you need to follow certain steps as outlined by Google.
Secondly, you must complete the Google permission request process. This involves declaring what permissions you require and why.
- If your app relies on dangerous permissions, you’ll need to complete a Permissions Declaration Form. This is displayed automatically if your app falls into this category.
- It could take a few weeks for Google to approve your app based on completion of this form. To expedite the process, provide as much information as possible and limit the permissions your app relies on.
Further information regarding what to expect is set out in Google’s support center.
- Within your Google Play Store app listing
- Within the app itself
- From the Play Console, go to the App content page
It will then be displayed appropriately within the store listing after approval.
Here’s an example from Dice Dreams.
What’s important is that the link works, it’s easy to find, and it’s intuitive i.e. it’s obvious what the link is to.
This is because if you process personal data, then you need to be transparent about what data you process and why.
Although there are various privacy rules around the world, the four most significant laws are as follows.
European Union: General Data Protection Regulation (GDPR)
The GDPR applies even if you’re a developer based outside of the EU. If you have users within the EU, the regulation applies.
USA/California: California Online Privacy Protection Act (CalOPPA)
Most Android apps used by Californians will fall into this category.
Australia: Australian Privacy Principles (APP)
Australia’s main privacy law is the Australian Privacy Act 1988. This Act contains 13 Privacy Principles which companies must comply with if the Act applies to them.
- The Act applies if you buy or sell personal information, or you have an annual turnover of $3 million or more, and you carry on business in Australia. This includes if Australians use or download your Android app.
Canada: Personal Information Protection and Electronic Data Act (PIPEDA)
According to PIPEDA, you typically need a user’s informed, meaningful consent when you’re processing personally identifiable information.
Consent is only “meaningful” if users understand what data you’re collecting and how you will use it. In other words, unless they know what they’re consenting to, then it’s not meaningful consent.
- You could face additional sanctions, such as fines, if you violate relevant global privacy laws. These fines can be costly, especially to new and emerging developers.
- Limit how many permissions you use. Where possible, find ways to restrict how much personal information you collect.
- If an app feature requires a permission, be transparent about the purposes and how the data collected will be processed.
- Don’t request permissions when the app starts up. Request permission at the point when it’s required. This helps users better understand how data is collected and processed as they use your app.