[go: up one dir, main page]

Understand app privacy & security practices with Google Play's Data safety section

Before you install an app from Google Play, you can check the app's Data safety section. Developers use the Data safety section to share information about how their app handles your data. This way, you can make more informed decisions about what apps you use.

Find an app’s data safety information

Google Play Data Safety Section

  1. Open Google Play Google Play.
  2. Browse or use the search bar to find an app.
  3. Tap an app.
  4. Under "Data safety," you’ll find a summary of the app’s data safety practices.
  5. For more detail, tap See details.

Tip: The info in the Data safety section only applies to apps distributed on Google Play. You’ll only find the Data safety section on Android 5 and up.

Understand & review app data safety practices

The Data safety section of an app listing lets developers describe how their apps collect, share, and handle different types of data. Developers explain their practices for:

  • Data collection: Developers describe the types of user data their app collects, how they use this data, and whether the collection of this data is optional. Data is generally considered “collected” when the developer uses their app to retrieve data off your device.
  • Data sharing: Developers describe if their app shares your data with third parties and what types of data are shared. Data is generally considered "shared" when it is accessed by the app and transferred to a third party.
    • In some cases, developers do not need to disclose data as "shared" even if it's technically transferred to another party (for example, when you give your consent to transfer the data after the app explains how it will use the data, or when the data is shared with a developer’s service provider). Learn more about these cases below.

Developers use Google Play’s Data safety section to describe the sum of their app’s data collection and sharing across all versions of the app distributed on Google Play. An app’s data privacy and security practices may vary based on your use, region, and age. Developers may use the “About this app” section of an app’s Google Play listing, the privacy policy, or other documentation to share app version-specific information with their users.

Understand data collection & data sharing

Data collection

Developers do not need to disclose data accessed by an app as "collected" in the Data safety section if:

  • An app accesses the data only on your device and it is not sent off your device. For example, if you provide an app permission to access your location, but it only uses that data to provide app functionality on your device and does not send it to its server, it does not need to disclose that data as collected.
  • Your data is sent off the device but only processed ephemerally. This means the developer accesses and uses your data only when it is stored in memory, and retains the data for no longer than necessary to service a specific request. For example, if a weather app sends your location off your device to get the current weather at your location, but the app only uses your location data in memory and does not store the data for longer than necessary to provide the weather.
  • Your data is sent using end-to-end encryption. This means the data is unreadable by anyone other than the sender and recipient. For example, if you send a message to a friend using a messaging app with end-to-end encryption, only you and your friend can read the message.

Sometimes apps may redirect you to a different service to complete a certain action. For example, an app may direct you to a payment service such as PayPal, Google Pay, or another similar service, to complete a purchase. In these cases, the app developer does not need to declare the data collected by the other service if:

  • The app does not access this information, and
  • You provide this information directly to the other service under that service’s privacy policy and terms of service.
Data sharing

In some cases, app developers do not need to declare data that is transferred to others as "shared" in the Data safety section. This includes when:

  • The data is transferred to a third party based on a specific action that you initiate, where you reasonably expect the data to be shared. For example, when you send an email to or share a document with another person.
  • The data transfer to a third party is prominently disclosed in the app, and the app requests your consent in a way that meets the requirements of Google Play’s User Data policy.
  • The data is transferred to a service provider to process it on the developer’s behalf. For example, a developer may use a service provider to host data on their behalf and in compliance with the developer's instructions, contractual terms, privacy policies, and security standards.
  • The data is transferred for specific legal purposes, such as in response to a government request.
  • The data transferred is fully anonymized so it can no longer be associated with any individual.

Other information in the Data safety section

Security practices

Developers can describe certain security practices they use. This includes if their app:

  • Encrypts data that it collects or shares while it’s in transit.
    • Some apps are designed to let you transfer your data to another site or service. These apps may declare in their Data safety section that your data is transferred over a secure connection as long as they use best industry standards to safely encrypt your data while it travels between your device and the app’s servers. The sites or services that you choose to have your data transferred to may have different privacy and security practices. Review those practices independently to ensure that you are transferring your data to secure destinations. For example, a messaging app that declares that it encrypts your data in transit may give you an option to send an SMS message through your mobile services provider. You should review the data handling practices of your mobile services provider, as it may not be using encryption in transit to securely send SMS messages over its mobile network.
  • Provides a way for you to request that your data be deleted or automatically deletes or anonymizes your data within 90 days. For apps that provide this option, to learn how to request the deletion of your data and how the developer responds to and handles data deletion requests, you can review the app’s privacy policy or contact the developer.
  • Has been independently reviewed against a global security standard. This independent review validates the app’s security practices against a global standard. The third-party organizations performing the review are doing so on the developers' behalf. This review does not verify the accuracy and completeness of the developer’s Data safety section disclosure.
  • Offers payments through Unified Payments Interface (UPI). UPI is an instant money transfer system. It was developed by the National Payments Corporation of India (NPCI), an RBI-regulated entity. Developers indicate that NPCI has verified and validated this app's implementation of UPI. This security practice is only available for app use in India.
Other app and data disclosures

Learn more about the disclosures for account management data and system services.

Account management

Some apps let you create an account or add info to an account that the developer uses across its services. A developer might use the account data collected through the app for additional purposes across its services that are not specific to the app, such as fraud prevention or advertising. Developers may disclose this collection and use of account data across their services as "Account management." Developers must still declare all purposes for which the app itself uses the data. Review the app’s information, such as their privacy policy, to understand how a developer uses your account data across their services.

System services

System services are pre-installed software on some devices and cannot be uninstalled. They support device-specific features or functions. Developers of qualifying system services are not required to complete a Data safety section. You can review the developer’s site and privacy policy to learn more about their data safety practices.

Types of data & collection purposes covered in the Data safety section

The Data safety section explains the purpose for collecting and sharing specific types of data. Developers must use the same categories to explain these purposes so you can consistently compare multiple apps. The info should describe all versions and variations of the app.

Learn more about the data types and purposes included in the Data safety section.

Data types
Category Data type Description
Location Approximate location

Yours or your device's physical location to an area greater than or equal to 3 square kilometers, such as the city you are in.

Precise location Yours or your device's physical location within an area less than 3 square kilometers.
Personal info Name

How you refer to yourself, such as your first or last name, or nickname.

Email address Your email address.
User IDs Identifiers that relate to an identifiable person. For example, an account ID, account number, or account name.
Address

Your address, such as a mailing or home address.

Phone number Your phone number.
Race and ethnicity

Information about your race or ethnicity.

Political or religious beliefs

Information about your political or religious beliefs.

Sexual orientation

Information about your sexual orientation.

Other info

Any other personal information such as date of birth, gender identity, veteran status, etc.

Financial info User payment info

Information about your financial accounts, such as credit card number.

Purchase history

Information about purchases or transactions you have made.

Credit score

Information about your credit. For example, your credit history or credit score.

Other financial info

Any other financial information, such as your salary or debts.

Health and fitness Health info

Information about your health, such as medical records or symptoms.

Fitness info

Information about your fitness, such as exercise or other physical activity.

Messages Emails

Your emails, including the email subject line, sender, recipients, and the content of the email.

SMS or MMS

Your text messages, including the sender, recipients, and the content of the message.

Other in-app messages

Any other types of messages. For example, instant messages or chat content.

Photos and videos Photos Your photos.
Videos Your videos.
Audio files Voice or sound recordings

Your voice, such as a voicemail or a sound recording.

Music files

Your music files.

Other audio files

Any other audio files you created or provided.

Files and docs Files and docs

Your files or documents, or information about your files or documents, such as file names.

Calendar Calendar events

Information from your calendar, such as events, event notes, and attendees.

Contacts Contacts

Information about your contacts, such as contact names, message history, and social graph information like usernames, contact recency, contact frequency, interaction duration, and call history.

App activity App interactions

Information about how you interact with the app. For example, the number of times you visit a page or sections you tap on.

In-app search history Information about what you have searched for in the app.
Installed apps Information about the apps installed on your device.
Other user-generated content

Any other content you generated that is not listed here, or in any other section. For example, bios, notes, or open-ended responses.

Other actions

Any other activity or actions in-app not listed here, such as gameplay, likes, and dialog options.

Web browsing Web browsing history

Information about the websites you have visited.

App info and performance Crash logs

Crash data from the app. For example, the number of times the app has crashed on the device or other information directly related to a crash.

Diagnostics

Information about the performance of the app on the device. For example, battery life, loading time, latency, framerate, or any technical diagnostics.

Other app performance data

Any other app performance data not listed here.

Device or other IDs Device or other IDs

Identifiers that relate to an individual device, browser, or app. For example, an IMEI number, MAC address, Widevine Device ID, Firebase installation ID, or advertising identifier.

Data purposes
Data purposes Description Example
Account management Used for the setup or management of your account with the developer.

For example, to let you:

  • Create accounts, or add information to an account the developer provides for use across its services.
  • Log in to the app, or verify your credentials.
Advertising or marketing Used to display or target ads or marketing communications, or measuring ad performance. For example, displaying ads in your app, sending push notifications to promote other products or services, or sharing data with advertising partners.
App functionality Used for features that are available in the app. For example, to enable app features, or authenticate you.
Analytics Used to collect data about how you use the app or how it performs. For example, to see how many users are using a particular feature, to monitor app health, to diagnose and fix bugs or crashes, or to make future performance improvements.
Developer communications

Used to send news or notifications about the app or the developer.

For example, sending a push notification to inform you about new features of the app or an important security update.

Fraud prevention, security, and compliance

Used for fraud prevention, security, or compliance with laws.

For example, monitoring failed login attempts to identify possible fraudulent activity.

Personalization

Used to customize your app, such as showing recommended content or suggestions.

For example, suggesting playlists based on your listening habits or delivering local news based on your location.

Control app permissions & data collection

Understand app permissions

The app permissions list shows what specific data or features that an app can access or to which it might request access. This list includes:

  • Data or features required for the app to work, like mobile network access
  • Data the app requests while you use it, like access to your camera

This list is based on technical information that describes how the developer’s app works. It’s different from the Data safety section, which is based on information declared by app developers about how they collect, share, and handle your data.

Sometimes, the information in the app permissions list may be different from what's in the Data safety section. Some of the possible reasons for this include:

  • The app accesses data to process it on the device, but doesn’t collect or share it.
  • The app collects data in a way that’s not managed by permissions.
  • The service or data type in the permissions list isn’t covered in the Data safety section.
Control app permissions & data collection after download

After you download an app, the app must ask for permission to access certain data. If an app collects data you don’t want to share, you can:

Tip: If you can’t request that your data be deleted from within the app, you can contact the developer to delete any data collected by the app. Learn how to contact an Android app's developer.

Related resources

Search
Clear search
Close search
Google apps
Main menu
2171995230433608022
true
Search Help Center
true
true
true
true
true
84680
false
false