Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed last year.
The community reviewed whether to reopen this question 7 months ago and left it closed:
Original close reason(s) were not resolved
Improve this question
I have to create and add a privacy policy to my Android app. My app accesses background geolocation data, so whatever policy I add has to include info about how location data is used. Two questions:
Is there a standard approach to creating a privacy policy? For example, is there a template that people usually use, that I would be able to add an extra geolocation clause to?
Where in the Google Play console do you add the privacy policy? I went to Store Presence -> Main Store Listing and didn't see any place to add a privacy policy.
As far as I know, there is no specific standard for the privacy policy. You can have a look at the policies of other reputed apps to get an idea on how to write it. There is no hard and fast rule of the writing style either (remember, this is neither legislature nor a court of law). I think the policy should be written in simple and clear English that everybody can understand. Many of the free privacy policy generators use legal wording, which I want to avoid unless absolutely necessary. It is good to mention the following clearly in the privacy policy:
The data your app stores, and which of these is "personally identifiable information".
The data your app transmits to your servers.
How the above data is used.
Whether it is possible to request deletion of this data.
The permissions that your app use, especially if you use any sensitive permissions like READ_EXTERNAL_STORAGE.
Why the app requires those permissions.
How you want to be contacted in case someone wishes to ask for clarification/deletion of data/report security vulnerability.
In the Play Console, first click on the app. There is a left pane with many options like Dashboard, Inbox, Releases, etc. Scroll down on that pane to the bottom, and there you will find "App content". Click on that, and you will find a place to add a link to your privacy policy.
Note that the privacy policy has to be uploaded somewhere else, and you can only put the link to it in Google Play. My apps, for example, are all open-source, so I have uploaded the privacy policy to GitHub and linked to it. Another good option, if your app is closed-source, and you don't have a website, is to create a single GitHub repo for all the privacy policies of your apps, and then individually link those files in Google Play and in the app.
i use the following website for my apps privacy policies
https://www.freeprivacypolicy.com/
very simple you don't need to write the entire thing you just fill in some questions and they offer to host the policy on their site and provide you with a url to set in your store listing
Update after the announcement of Launching of Data safety in Play Console
Link to October 2021's announcement
The Google Play's support page now mentions that:
All developers that have an app published on Google Play must complete
the Data safety form, including apps on internal, closed, open, or
production testing tracks.
Even developers with apps that do not
collect any user data are required to complete this form and provide a
link to their privacy policy. In this case, the completed form and
privacy policy can indicate that no user data is collected or shared.
I did not find any official Google standard/template for the privacy policy either.
Even if my application was not collecting/sharing any information, I decided to follow the steps below in order not to be penalized at a later stage.
To write my application's Privacy Notice
I reviewed some policies of reputed applications (as suggested by
Wrichik Basu);
I used and customized the template provided by docracy for Mobile Privacy Policy (free, no registration needed). The website mentioned by Bilal Rammal is interesting if your app requests specific permissions (which was not my case).
I consulted the GDPR-compliant privacy notice.
To host my application's Privacy Notice
I uploaded this privacy policy on my personnal website and I checked that it was publicly accessible.
You may want to double check the file permissions and .htaccess rules if you self-host/manage your website.
To update my app information in the Google Play Console
I opened Play Console and went to the App content page (Policy > App content).
Under "Privacy Policy," I selected Start.
I entered the URL hosting the privacy policy online.
I saved my changes.
Note: If you’ve previously added a privacy policy and want to make changes, you’ll see and select Manage instead of start.
In my application
I reviewed the permissions that I was requesting;
I included a link (in the "Settings" section) to my Privacy Policy so that users of my application can easily review it.
Related
At first the sata application was accepted by google play until several releases. However, at the time of doing the 12th release, my app was removed from google play.
APK REQUIRES VALID PRIVACY POLICY
Your app is uploading users' Primary Account information to https:.......... without posting a privacy policy in both the designated field in the Play Developer Console and from within the Play distributed app itself.
how to solve it?, i need help immediately. thank you.
The solution is clear:
You need a Privacy Policy
You need to add the Privacy Policy:
In the app itself
On the Play Developer Console
You have multiple options how to link to your Privacy Policy from within your app: About or Settings screen, Sign-up or Login screens, separate item in the menu etc.
When you add the Privacy Policy on Play Developer Console it would be made available on your app listing page:
You can read Google's requirements for having a Privacy Policy on this help page here:
https://support.google.com/googleplay/android-developer/answer/113469#privacy
Our Android app was rejected by Google with the following feedback:
Please make sure privacy policy is clearly labeled as a privacy policy
in the context of the content and specifies handling of location data.
I do not understand what the context of the content is in this case. Does it refer to the in-app link to the privacy policy, or the content of the privacy policy?
Our privacy policy is clearly titled as such in the document itself. The link to it within the app also reads "Privacy Policy" and is placed in the "About" section of the app, similar to how apps like Tesla and Instagram have implemented it.
Upon asking Google for advice, the response was:
Unfortunately, I’m not able to provide any more detail or a better
answer to your question. As I mentioned in our previous email, the
"Privacy Policy" is clearly labeled in not only the title but also
context of content, even translated in English.
Which I can only assume should mean is clearly labeled only in the title but not in the context of content, as otherwise the app would confirm to their policy.
Apparently, the context is wherever your feature is implemented in the app. In our case, we had to include a link to the privacy policy directly underneath the switch that enables location services.
I submitted a Google Chrome Extension and got rejected
Your item did not comply with the following section of our Program Policies:
"User Data Privacy"
The Privacy Policy & Secure Transmission section requires that:
If your product handles personal or sensitive user data (including
personally identifiable information, financial and payment
information, health information, authentication information, website
content and resources, form data, web browsing activity, user-provided
content and personal communications), then your product must:
Post a privacy policy. Handle the user data securely, including
transmitting it via modern cryptography. To comply with this policy:
Provide a working link to your privacy policy in the appropriate field
in the Chrome Web Store Developer Dashboard. The link must lead to a
privacy policy that is owned by you. The privacy policy must also
accurately and fully disclose all the details pertaining to how your
product collects, uses and shares user data, including the types of
parties with whom the data is shared. For more information on the
policy, please refer to the User Data FAQ.
Once your item complies with Chrome Web Store policies, you may
request re-publication in the Chrome Web Store Developer Dashboard.
Your item will be reviewed for policy compliance prior to
re-publication.
If you have any questions about this email, please respond and the
Chrome Web Store Developer Support team will follow up with you.
Our privacy policy is here
How could I fix it? What should I do?
After few emails with google asking about the exact issue, it turns out the User Data policy is a big section and a lot of thing might go wrong there, however, in my case I had a snapshot that is actually created by a designer to look pretty, not a snapshot from the actual extension and I had a permission that did not have a justification description. After I replaced the snapshot with an actual one and I removed the permission that didn't have a description because I actually didn't use it. The extension was approved and published.
I am developing an app that will stand on its own without a Website (at the moment).
According to Google Play, I must provide a Privacy Policy URL because my app requires the android.permission.CAMERA permission.
I know that I can place a Privacy Policy on a static hosted Website and give that URL to Google Play, but I would like to know what Google Play will use that URL for.
Does it just give the users the link and if clicked will take the user to the static page where the privacy policy is hosted?
Does it crawl the page and extracts information from it to display the info within the Play Store?
Thanks
There are 2 types of permissions : Normal and Dangerous as listed here
The purpose of a permission is to protect the privacy of an Android
user.
Android apps must request permission to access sensitive user data (such as contacts and SMS), as well as certain system features (such as camera and internet). Depending on the feature, the system might grant the permission automatically or might prompt the user to approve the request.
read more here : https://developer.android.com/guide/topics/permissions/overview
So if you using some of Dangerous level permissions in your app , google will definitely ask you to provide Privacy Policy before uploding apk to playstore .
so if you not provide link , they will not approve your apk build to publish in playstore.
Yes , they also display Privacy Policy Link to all users in ADDITIONAL INFORMATION section in Playstore .
For Example See Below Picture :
I want to submit my first app to the windows market place but while trying to find out the certification process I become confused if I need an about page (that contains support information) or not.
Yes you do need to include some information which is probably best to have on an about page. See 5.6.1 in certification requirments
An app must include the app name, version information, and technical
support contact information that are easily discoverable.
If you use the location API you will need to have a privacy policy in the app or linked in the app (requirement 2.7.2, also 2.7.4 is relevant):
The privacy policy of your app must inform users about how location
data from the Location Service API is used and disclosed and the
controls that users have over the use and sharing of location data.
This can be hosted within or directly linked from the app. The privacy
policy must be accessible from your app at any time.
Same goes for if you upload pictures, contacts etc from the app (see 2.8).
Ofcourse this information does not require a dedicated about page, but as they write, should be easy to find for the user.
And if you don't want to spend to much time on your about page and still want it to look great, take a look at this opensource project!
http://ylad.codeplex.com/
It comes as a nuget, so easy to add in your wp7 project! http://nuget.org/packages/YLAD