Data safety in Google Play
According to the Google requirements, mobile app developers should report to Google Play which data they collect through the app. To do this, they need to fill out the Data safety form on the App content page in the Play Console.
Data collection
Transmitting information from the user's device through the app.
| Libraries and SDKs | If your app has libraries or SDKs that transmit data from the user's device, specify this regardless of where the information is sent: to you or to a third-party server. |
| WebView | If user data is collected in WebView components that are open in your app, report it provided that the app controls the execution of the WebView code or interaction with this component. If the user uses the WebView component to go to a page outside the app, there is no need to report data collection. |
| Temporary processing | If user data is transmitted from the device and processed temporarily, report it in the form. The information won't be reflected in the data safety section in Google Play if the data is stored only in the server memory and no longer than it is required to execute a certain request in real time. For example, processing data in a weather app that transmits information about the user's location to get weather information. In this case, the data is stored only in memory and is deleted after the request is executed. Important. Using data to create advertising or other user profiles can't be considered temporary processing and must be indicated as collection or transmission for the relevant purposes. |
| Pseudonymization | If data is collected using pseudonymization, specify this in the form. For example, if the pseudonymized data can somehow be linked to the user again, you should report its collection. |
| Libraries and SDKs | If your app has libraries or SDKs that transmit data from the user's device, specify this regardless of where the information is sent: to you or to a third-party server. |
| WebView | If user data is collected in WebView components that are open in your app, report it provided that the app controls the execution of the WebView code or interaction with this component. If the user uses the WebView component to go to a page outside the app, there is no need to report data collection. |
| Temporary processing | If user data is transmitted from the device and processed temporarily, report it in the form. The information won't be reflected in the data safety section in Google Play if the data is stored only in the server memory and no longer than it is required to execute a certain request in real time. For example, processing data in a weather app that transmits information about the user's location to get weather information. In this case, the data is stored only in memory and is deleted after the request is executed. Important. Using data to create advertising or other user profiles can't be considered temporary processing and must be indicated as collection or transmission for the relevant purposes. |
| Pseudonymization | If data is collected using pseudonymization, specify this in the form. For example, if the pseudonymized data can somehow be linked to the user again, you should report its collection. |
What isn't considered data collection:
- Local access and processing
-
You don't need to specify user data that the app processes only on the device.
- End-to-end encryption
-
If user data is encrypted during transmission from the device in such a way that neither you nor anyone else except the sender and recipient can read it, there is no need to report such processing. Encryption keys shouldn't be available to any intermediary, including the developer.
Data transmission
A situation when user data collected in your app is transmitted to third parties.
| Off-device transmission (between servers) | For example, user data collected in the app is transmitted from your server to a third-party server. |
| Transmission to another app on the device | User information is transmitted from your app to another app on the same device. Report this in the data safety section even if the app doesn't send information from the device. |
| Transmission from libraries and SDKs | The data collected in the app is transmitted directly to a third party through the built-in libraries and/or SDKs. |
| Transmission from WebView components opened in the app | User data is transmitted to a third party through the WebView component running in the app. Report this if the app controls the execution of the WebView code or interaction with this component. If users use the WebView component to go to a page outside the app, there is no need to make a notice about data transmission. |
| Off-device transmission (between servers) | For example, user data collected in the app is transmitted from your server to a third-party server. |
| Transmission to another app on the device | User information is transmitted from your app to another app on the same device. Report this in the data safety section even if the app doesn't send information from the device. |
| Transmission from libraries and SDKs | The data collected in the app is transmitted directly to a third party through the built-in libraries and/or SDKs. |
| Transmission from WebView components opened in the app | User data is transmitted to a third party through the WebView component running in the app. Report this if the app controls the execution of the WebView code or interaction with this component. If users use the WebView component to go to a page outside the app, there is no need to make a notice about data transmission. |
What isn't considered data transmission:
- Transmission to service providers
-
User data is transmitted to the service provider which processes it on behalf of the developer.
- Transmission on legal grounds
-
User data is transmitted for purposes stipulated by law. For example, due to a legal obligation or in response to a request from government agencies.
- Transmission based on an action performed by the user or after disclosing information about the use of data and obtaining consent
-
Data is transmitted to a third party as a result of the actions of the user who understands that their information will be transmitted. The same category includes cases when the app explicitly discloses information about data processing and the user consents to this.
- Anonymous data transmission
-
You are transmitting completely anonymized user data that can't be associated with a specific person.
Mandatory and optional data
For each data type, you can specify whether it is mandatory.
For example, information can be considered optional:
- If the user can manage its collection and the app can work without it.
- If you can choose whether to provide this data manually.
To declare the collection of optional data, make sure that all users, regardless of the device or region, can choose to provide such information and allow or prohibit its transmission.
If information is required to perform the main functions of the app, it must be specified as mandatory.
More information about working with data
You can provide additional information about how data privacy and protection is ensured in your app.
| Encryption during transmission | Specify whether data is encrypted when transmitted from the end user's device to the server. Some apps enable users to send data to third-party sites or services. For example, a messaging app may have the function to send an SMS via a mobile operator that uses other encryption methods. Then the data safety section will indicate that information is transmitted between the user's device and the app servers over a secure connection. |
| Deletion request | Report whether users can request their data be deleted. |
| Encryption during transmission | Specify whether data is encrypted when transmitted from the end user's device to the server. Some apps enable users to send data to third-party sites or services. For example, a messaging app may have the function to send an SMS via a mobile operator that uses other encryption methods. Then the data safety section will indicate that information is transmitted between the user's device and the app servers over a secure connection. |
| Deletion request | Report whether users can request their data be deleted. |
Special icon
Apps designed for children must comply with the Google Play Families Policies. If your app belongs to this category and meets the requirements, you can add the Complies with the Google Play Families Policies icon to the data safety section.
To place this icon:
- In the Data safety form, go to the Data protection section.
- Click Go to Target audience and content.
Data types
Information about how user data of each type is collected and transmitted.
| Data type | Description | AppMetrica SDK data collection (default configuration) |
|---|---|---|
| Data type | Description | AppMetrica SDK data collection (default configuration) |
|---|---|---|
| Location | ||
|---|---|---|
| Exact location | The location of the user or device within an area of less than three square kilometers, for example, a location obtained using the Android permission | No Collecting this data is disabled by default in all SDK versions starting from 5.0.0 The app developer can configure transmission of this data by enabling the |
| Approximate location | The location of the user or device within an area of three square kilometers, for example, the city in which the user is located or a location obtained using the Android permission | |
| Location | ||
|---|---|---|
| Exact location | The location of the user or device within an area of less than three square kilometers, for example, a location obtained using the Android permission | No Collecting this data is disabled by default in all SDK versions starting from 5.0.0 The app developer can configure transmission of this data by enabling the |
| Approximate location | The location of the user or device within an area of three square kilometers, for example, the city in which the user is located or a location obtained using the Android permission | |
| Personal information | ||
|---|---|---|
| Name | The user's preferred name: first name, last name, or pseudonym. | No The app developer can configure the transmission of this data. |
| Email address | The user's email address. | |
| User IDs | User IDs, such as number, ID, or account name. | |
| Address | The user's address, such as their mailing or home address. | |
| Phone number | The user's phone number. | |
| Race and ethnicity | Information about the user's race or ethnicity. | |
| Political or religious beliefs | Information about the user's political or religious beliefs. | |
| Sexual orientation | Information about the user's sexual orientation. | |
| Other data | Any other personal data, such as date of birth, gender identity, or military status. | |
| Personal information | ||
|---|---|---|
| Name | The user's preferred name: first name, last name, or pseudonym. | No The app developer can configure the transmission of this data. |
| Email address | The user's email address. | |
| User IDs | User IDs, such as number, ID, or account name. | |
| Address | The user's address, such as their mailing or home address. | |
| Phone number | The user's phone number. | |
| Race and ethnicity | Information about the user's race or ethnicity. | |
| Political or religious beliefs | Information about the user's political or religious beliefs. | |
| Sexual orientation | Information about the user's sexual orientation. | |
| Other data | Any other personal data, such as date of birth, gender identity, or military status. | |
| Financial data | ||
|---|---|---|
| Payment details | Information about the user's financial accounts, for example, credit card number. | No The app developer can configure the transmission of this data. Automatic data collection for In-App purchases is available as of SDK version 4.0. Can be disabled in the withRevenueAutoTracking Enabled method. |
| Purchase history | Information about the user's purchases and transactions. | |
| Credit rating | Information about the user's credit rating. | |
| Other financial data | Other financial information, such as the user's salary or debts. | |
| Financial data | ||
|---|---|---|
| Payment details | Information about the user's financial accounts, for example, credit card number. | No The app developer can configure the transmission of this data. Automatic data collection for In-App purchases is available as of SDK version 4.0. Can be disabled in the withRevenueAutoTracking Enabled method. |
| Purchase history | Information about the user's purchases and transactions. | |
| Credit rating | Information about the user's credit rating. | |
| Other financial data | Other financial information, such as the user's salary or debts. | |
| Health and physical activity | ||
|---|---|---|
| Medical data | Information about the user's health, such as medical records or a description of symptoms. | No |
| Physical activity data | Information about the user's physical activity, such as workouts. | |
| Health and physical activity | ||
|---|---|---|
| Medical data | Information about the user's health, such as medical records or a description of symptoms. | No |
| Physical activity data | Information about the user's physical activity, such as workouts. | |
| Messages | ||
|---|---|---|
| | Content, topics, information about the senders and recipients of the user's emails. | No |
| SMS or MMS | Content and information about the senders and recipients of the user's messages. | |
| Other messages in apps | Other types of messages, such as instant messages or chat content. | |
| Messages | ||
|---|---|---|
| | Content, topics, information about the senders and recipients of the user's emails. | No |
| SMS or MMS | Content and information about the senders and recipients of the user's messages. | |
| Other messages in apps | Other types of messages, such as instant messages or chat content. | |
| Photos and videos | ||
|---|---|---|
| Photos | User's photos. | No |
| Videos | User's videos. | |
| Photos and videos | ||
|---|---|---|
| Photos | User's photos. | No |
| Videos | User's videos. | |
| Audio files | ||
|---|---|---|
| Audio recordings and voice messages | Recordings of the user's voice, such as voice messages, or audio recordings. | No |
| Music files | User's music files. | |
| Other audio files | Other audio files created or provided by the user. | |
| Audio files | ||
|---|---|---|
| Audio recordings and voice messages | Recordings of the user's voice, such as voice messages, or audio recordings. | No |
| Music files | User's music files. | |
| Other audio files | Other audio files created or provided by the user. | |
| Files and documents | ||
|---|---|---|
| Files and documents | Documents and other user's files or any information about them, such as file names. | No |
| Files and documents | ||
|---|---|---|
| Files and documents | Documents and other user's files or any information about them, such as file names. | No |
| Calendar | ||
|---|---|---|
| Calendar events | Information from the user's calendar, such as events, notes to them, and participants. | No |
| Calendar | ||
|---|---|---|
| Calendar events | Information from the user's calendar, such as events, notes to them, and participants. | No |
| Contacts | ||
|---|---|---|
| Contacts | Information about the user's contacts, such as their names, the history of correspondence with them, as well as such data as user names, call logs, and information about the time, frequency, and duration of communication. | No |
| Contacts | ||
|---|---|---|
| Contacts | Information about the user's contacts, such as their names, the history of correspondence with them, as well as such data as user names, call logs, and information about the time, frequency, and duration of communication. | No |
| History of actions in the app | ||
|---|---|---|
| Actions in apps | Information about how the user interacts with the app, for example, how many times they viewed a page or which sections they visited. | No The app developer can configure the transmission of this data using custom events. |
| Search history in the app | Information about what the user was searching for in your app. | |
| Installed apps | Information about apps installed on the user's device. | |
| Other user-generated content | Other content generated by the user and not mentioned in any section, such as their biography, notes, or detailed answers. | |
| Other actions | Other user actions in the app that are not mentioned in any section, such as information about games, likes, or selected options in dialog boxes. | |
| History of actions in the app | ||
|---|---|---|
| Actions in apps | Information about how the user interacts with the app, for example, how many times they viewed a page or which sections they visited. | No The app developer can configure the transmission of this data using custom events. |
| Search history in the app | Information about what the user was searching for in your app. | |
| Installed apps | Information about apps installed on the user's device. | |
| Other user-generated content | Other content generated by the user and not mentioned in any section, such as their biography, notes, or detailed answers. | |
| Other actions | Other user actions in the app that are not mentioned in any section, such as information about games, likes, or selected options in dialog boxes. | |
| Information about browsing the internet | ||
|---|---|---|
| Internet search history | Information about the sites that the user visited. | No |
| Information about browsing the internet | ||
|---|---|---|
| Internet search history | Information about the sites that the user visited. | No |
| Information about the app and its operation | ||
|---|---|---|
| Error reports | Data from your app's crash log, such as the number of crashes and stack traces, or other information directly related to errors. | No |
| Troubleshooting | Information about app performance, such as battery life, load and response time, frame rate, or technical diagnostics data. | Yes AppMetrica can collect battery level data for crash analytics. |
| Other app operation data | Other app performance information not mentioned here. | Yes AppMetrica can collect additional data. For example, technical information about the device: operating system version, screen type, and other information. |
| Information about the app and its operation | ||
|---|---|---|
| Error reports | Data from your app's crash log, such as the number of crashes and stack traces, or other information directly related to errors. | No |
| Troubleshooting | Information about app performance, such as battery life, load and response time, frame rate, or technical diagnostics data. | Yes AppMetrica can collect battery level data for crash analytics. |
| Other app operation data | Other app performance information not mentioned here. | Yes AppMetrica can collect additional data. For example, technical information about the device: operating system version, screen type, and other information. |
| Device IDs or other IDs | ||
|---|---|---|
| Device IDs or other IDs | Device, browser, or app IDs, such as the IMEI code, MAC address, Widevine ID, Firebase version ID, or advertising ID. | Yes, if there is user permission. You can disable the collection of this data in SDK versions 5.0.0 and higher. |
| Device IDs or other IDs | ||
|---|---|---|
| Device IDs or other IDs | Device, browser, or app IDs, such as the IMEI code, MAC address, Widevine ID, Firebase version ID, or advertising ID. | Yes, if there is user permission. You can disable the collection of this data in SDK versions 5.0.0 and higher. |
Data collection purposes
Information about the data collection purposes.
| Data collection purpose | Description |
|---|---|
| App functions | Used for app operation. For example, to enable functions or perform user authentication. |
| Analytics | Used to collect data about how users work with the app and about its performance. For example, you can see how many users selected a certain function, monitor the app status, identify and fix errors and crashes, and improve performance in the future. |
| Communication with the developer | Used to send news and notifications about you and your app. For example, you can send push notifications about important security updates or new features in the app. |
| Advertising or marketing | Used to display targeted ads and marketing messages or evaluate the effectiveness of ads. For example, you can place ads in the app, send push notifications to promote other products and services, and forward data to advertising partners. |
| Fraud prevention, security, and compliance | Used to prevent fraud, ensure security, and comply with legal requirements. For example, you can track errors when logging in to your account and detect suspicious activity. |
| Personalization | Used to personalize the app: display recommended content or offers. For example, you can recommend playlists based on user preferences or post local news based on their location. |
| Account management | Used to configure user accounts. For example, to enable users to create accounts, add data to the accounts that you provide for your services, log in to them in the app, and confirm their credentials. |
| Data collection purpose | Description |
|---|---|
| App functions | Used for app operation. For example, to enable functions or perform user authentication. |
| Analytics | Used to collect data about how users work with the app and about its performance. For example, you can see how many users selected a certain function, monitor the app status, identify and fix errors and crashes, and improve performance in the future. |
| Communication with the developer | Used to send news and notifications about you and your app. For example, you can send push notifications about important security updates or new features in the app. |
| Advertising or marketing | Used to display targeted ads and marketing messages or evaluate the effectiveness of ads. For example, you can place ads in the app, send push notifications to promote other products and services, and forward data to advertising partners. |
| Fraud prevention, security, and compliance | Used to prevent fraud, ensure security, and comply with legal requirements. For example, you can track errors when logging in to your account and detect suspicious activity. |
| Personalization | Used to personalize the app: display recommended content or offers. For example, you can recommend playlists based on user preferences or post local news based on their location. |
| Account management | Used to configure user accounts. For example, to enable users to create accounts, add data to the accounts that you provide for your services, log in to them in the app, and confirm their credentials. |