July 29, 2021

Google Play Updates Its Privacy and Security Policy

Google announces new user data policies designed to provide more user transparency and to help people make informed choices about how their data is collected, protected, and used. 

A cartoon graphic of a smartphone with a yellow cartoon lock on it and the text "News: Google Play Updates Its Privacy and Security Policy"

Google just announced its upcoming update to Google Play’s Privacy and Security Policy to make it a safer and more trustworthy experience for both developers and customers alike.

This update comes alongside Google Play’s new safety section. This will allow developers to showcase their app’s overall safety in a simple way, while also being able to give the users a deeper insight into privacy and security practices, and reveal the data the app may collect and why — and all before the user even installs the app.

Eventually, every app in the Google Play store will be required to share this kind of information in the safety section. Starting in October, developers will be able to submit such information in the Google Play Console for review.

The new safety section will launch for apps in Google Play in Q1 2022. But developers will have until April 2022 before their apps must have this section approved. Without an approved safety section, new app submissions or app updates may be rejected.

Updated Google Play Policy Changes To Support The New Safety Section:

  • All developers will have to provide a privacy policy. Previously, only apps that collected personal and sensitive user data needed to share a privacy policy.
  • Developers are responsible for providing accurate and complete information in their safety section. This includes data used by the app’s third-party libraries or SDKs. This applies to all apps published on Google Play, including Google’s own apps.

The Google Play services change will be rolled out in stages, affecting apps running on Android 12 devices starting in late 2021 and expanding to all apps running on devices that support Google Play in early 2022. Also, apps updating their target API level to Android 12 will need to declare a new Google Play services permission in the manifest file in order to use the advertising ID.

When users opt-out of interest-based advertising or ad personalization, their advertising ID is removed and replaced with a string of zeros. Google is also going to test a new feature that notifies developers and ads & analytics service providers of user opt-out preferences to help the developers implement the user’s choice and add more to existing policy restrictions on how advertising ID could be used. When a user deletes their advertising ID, developers will receive a notification so they can promptly erase advertising IDs that are no longer in use. What’s more is that Google is prohibiting linking persistent device identifiers to personal and/or sensitive user data or resettable device identifiers. This policy adds an additional layer of privacy protection when users reset their device identifiers or uninstall apps.

Introducing New App Set ID For Correlation Across Apps

Finally, Google is offering a developer preview of the app set ID for essential use cases, such as analytics or to prevent fraud (which is the fastest growing crime in the world right now). An app set ID is a unique ID that, on a given device, allows you to correlate usage or actions across a set of apps owned by your organization. Developers can’t use app set ID for ad personalization or ad measurement. It will also reset automatically if the developers’ apps on the device are all uninstalled or none of the apps have accessed the ID in 13 months.

As part of Google’s introduction of the app set ID, Google is making some changes to enhance privacy for kids as well. So, If an app is primarily directed to children, it won’t be able to transmit identifiers like advertising ID. If an app’s audience is both kids and adults, then it will have to avoid transmitting these identifiers for kids.

Reduction Of Outdated Apps For A Stronger Security

Google will close dormant accounts if the account is inactive or abandoned after a year, so as to keep only up-to-date apps in the store and thereby prevent security issues. This includes accounts where a developer has never uploaded an app or accounts that haven’t accessed Google Play Console in over a year. Google will continue to support developers with actively-growing apps, and won’t close accounts with apps that have 1000+ installs or in-app purchases in the last 90 days. Developers whose accounts have been closed can create new ones, but they won’t be able to reactivate old accounts, apps, or data.

Google is adding some new requirements on how AccessibilityService API and IsAccessibilityTool can be used. These tools help developers build accessible experiences, which often require access to user data and device functionality. Now, all apps that use the AccessibilityService API will need to disclose data access and purpose in Google Play Console and get approval.

In Conclusion

Google is adding more ways for both developers and customers to control how they share and use user data, and for what purpose. This is a very welcome addition to Android, and it’s timed very well with Apple’s upcoming iOS 15 update.

Let's talk Marketing
Get in touch!