Yesterday(February 6, 2017) I was bombarded with emails from Google Play Support , saying that my apps had privacy policy issues and if not changed they would be hidden.
Their solution is the following:
Add a privacy policy to the Play Store listing page
- Access the Google Play Developer Console .
- Select an app.
- Select the Play Store listing.
- In the "Privacy Policy" section, enter the URL where you have the online privacy policy hosted.
- Select Save Draft (new apps) or Send Update (current apps).
So far I don't know how to generate the url with the privacy policies, so I leave two questions : should I create a website and attach the privacy policies to it? Do they have to have a special format?
But then I checked my privacy tab and I found the following alert:
Your APK requests the following permissions: android.permission.GET_ACCOUNTS. Apps that use these permissions in an APK must have a privacy policy configured.
I don't use this permission, but I know that using the GCM library com.google.android.gms:play-services-gcm:8.3.0 would be calling the android.permission.GET_ACCOUNTS permission. I think I already have "control" (or so I hope) this problem, by adding the following line in my manifest:
<uses-permission android:name="android.permission.GET_ACCOUNTS" tools:node="remove" />
Now, I leave the third and fourth question: If I add this line in my manifest , will the problem be solved in the Play Store? Will it affect how notifications work? (in the tests that I have carried out the notifications arrive without problem)
----------
Since things are slow, I EDIT to answer myself only.
The issue of removing permission using
<uses-permission android:name="android.permission.GET_ACCOUNTS" tools:node="remove" />
In the GCM documentation it is indicated that it is used for:
For devices prior to 4.0.4, GCM communication requires users to set up their Google account on their mobile devices, but is not a requirement on devices running Android 4.0.4 or higher (API Level 15 or higher). .
Removing the permission would cause problems in versions lower than API 15, in my case minSdkVersion 11
I defined then, it should not remove the permission and I am obliged to link the privacy policy... Unfortunately the permission will be displayed on devices equal to or greater than API 15 , which do not need permission. Is there a way to remove the permission only on devices higher than API 15?
Read more about this topic in this thread
Summary of Questions:
- Is there a way to remove the permission only for devices higher than API 15?, that is, a different manifest per Android version
- Should I create a website and attach the privacy policies to it?
- Do they have to have a special format?
According to their help pages , Google Play does not require you to have a Privacy Policy for your Android app or game. It will be required depending on the type of application that was developed.
However, Google's developer distribution agreement , which must be read and accepted when signing up for a Google Play account, informs you that you are required to have " privacy notices and procedures in place ."
A "privacy notice" is a Privacy Policy agreement .
Regardless of Google's information on this, your Android app is required (even by some laws, as cited by source 2 at the bottom of the answer) to have a Privacy Policy if personal data is collected from users, no matter if your app is a simple webview or mobile game. A SaaS (Software-as-a-Services) app is required to have a Privacy Policy.
How to add Privacy Policy URL for Android app
Follow these steps to add the Privacy Policy URL to the list of Google Play Store apps:
Sign in to the Google Play developer console. If you don't have an account, create one first.
Select all apps
Select the app
Click Store List
Go to the Privacy Policy field
Enter the URL where you host the privacy policy (you must host the policy on a website).
Click Save
If you don't have the Privacy Policy ready yet, you can click "Do not submit a privacy policy URL at this time" on the "Store Listing" page.
There are sites that allow you to create privacy policies for mobile applications, one of them is Iubenda and Termsfeed , a tool that allows you to generate policies with a responsive interface and design (unfortunately both are paid).
Information traffic analytical tools (Google Analytics and similar)
For example, if you use management tools like Google Analytics , Flurry Analytics or Fabric Answers (recently acquired by google) for your applications, you must have the Privacy Policy mentioned in the Google Analytics terms of service agreement:
Applications with communication methods
These applications include:
This type of application must report its use in the privacy policies.
Android App Privacy Policy Examples
By clicking on the link, the user is redirected to the Google Privacy Policy:
How to be sure if you need to have the Privacy Policy
Please answer this question: Do you collect any of the following types of personal data from users, at any time during your request?
All this information is considered personal data . If the data can identify a customer, then it is considered personal data and you are required to have a Privacy Policy.
In short Your Privacy Policy should include
Be as clear, concise, and specific as possible when letting users know what information you collect. If you need more tips read the sources below or check out examples on the play store.
Sources: termsfeed 1 , termsfeed 2
One question, why don't you target higher devices, like android 4.2 and up? I think you would save yourself a problem, regarding the policy, if you have to give a URL or an address where they can see the policies of your application, since I see, your app is an app that includes chats by the GCM (or notifications), you have to be very careful when publishing an app like this without the ToS and the privacy thing, since you are dealing with the privacy of people and their devices, but imagine the number of people who could have an app with it onesignal or gcm and fill you with advertising per day with push notifications
To advise you better you can enter any app that has many downloads in the store and down to the last one where it says the number of downloads and the developer says "privacy policies" if you click it takes you to the developer's page and shows you the policies
**
**
I hope it helps you
In my case, I only had to uncheck the privacy policy box and place the link where such policy can be consulted, since I don't use some of the permissions requested by Manifest either.