Google’s Android is a software stack for mobile devices that includes an operating system, middleware and key applications. The Android App Developer site provides a comprehensive guide to building an application compatible with the Android OS, along with tools to test and successfully deploy the app in the Google Play marketplace.
- Collection and Use of Data: If your application stores personal or sensitive information provided by users, it must do so securely. If the user provides your application with Google Account information, your application may only use that information to access the user’s Google Account when, and for the limited purposes for which, the user has given you permission to do so. Android Software Development Kit License Agreement, Section 4.3
- Apps may not make unauthorized publishing or disclosure of people’s private and confidential information, such as credit card numbers, government identification numbers, driver’s and other license numbers, non-public contacts, or any other information that is not publicly accessible.
- If an app uploads personal and confidential information to a third-party server, the app must ensure the user’s knowledge and consent before data is transmitted off of the device. Additionally, the information may only be used to enhance the app experience on that phone, and cannot be disclosed to other users of the app or service
- Users must be made aware if app accesses or uses usernames, passwords, or other login or personal information.
- Adequate privacy notice and protection must be provided for users.
- Information may only be used for the purposes for which the user has given permission to do so.
- If personal or sensitive information is stored, the app must do so securely.
- Your app may not send SMS, email, or other messages on behalf of the user without providing the user with the ability to confirm the content and intended recipient.
- Apps must not contain false or misleading information in any content, title, icon, description, or screenshots.
Usage of Android advertising ID: Google Play Services version 4.0 introduced new APIs and an ID for use by advertising and analytics providers. Terms for the use of these APIs and ID are below.
- Usage. The Android advertising identifier must only be used for advertising and user analytics. The status of the “Opt out of Interest-based Advertising” setting must be verified on each access of the ID.
- Association with personally-identifiable information or other identifiers. The advertising identifier must not be connected to personally-identifiable information or associated with any persistent device identifier (for example: SSAID, MAC address, IMEI, etc.,) without the explicit consent of the user.
- Respecting users’ selections. Upon reset, a new advertising identifier must not be connected to a previous advertisingidentifier or data derived from a previous advertising identifier without the explicit consent of the user. Furthermore, you must abide by a user’s “opt out of interest-based advertising” setting. If a user has enabled this setting, you may not use the advertising identifier for creating user profiles for advertising purposes or for targeting users with interest-basedadvertising. Allowed activities include contextual advertising, frequency capping, conversion tracking, reporting and security and fraud detection.
- Transparency to users. The collection and use of the advertising identifier and commitment to these terms must be disclosed to users in a legally adequate privacy notification.
Disclosure. It’s important to sufficiently disclose to users how your app will use ads. You must make it easy for users to understand what ads will be shown in your app, where they will be shown, and what the associated behaviors are, if any. Furthermore, you should ask for user consent and provide options for managing ads or opt-out.
- Tell users about your ads—Create a simple, clear, and complete disclosure that tells users how any user information is used, and how they can manage ad options.
- Make sure users know—Present your ads disclosure is an easy-to-see location, rather than hiding it where users are not likely to find it.
- Ask for consent (opt-in) at launch—Where possible, include your ads disclosure in the app description as well as in an Ads Terms, End User License Agreement (EULA), or similar document. Display the terms at first launch and ask for the user’s consent before continuing to the app.
- A recommended approach is to provide an ads disclosure in an End-User License Agreement (EULA). The disclosure should be clear and succinct and displayed in a modal dialog that asks the user to agree to the terms before using the app
Context and behavior. If your app displays ads, it should do so in ways that do not interrupt users, mislead them into clicking on ads, or make changes outside the app without the user’s knowledge or consent.
- Display your ads within your UI—If possible, display ads only within your app’s UI. This leads to a better user experience and helps avoid policy violations.
- Don’t make changes outside of the app without consent—Ads must not make changes outside of the app without the user’s full knowledge and consent.
- Notification ads are prohibited—Your app (or its components or derivative elements) may not use system level notifications and alerts containing ads unless the notifications are part of the explicit feature set of the app.
- Forcing the user to click on ads or submit personal information for advertising purposes in order to fully use an app is prohibited.
- Don’t add shortcuts, bookmarks, or icons—Your app and its ads must not add homescreen shortcuts, browser bookmarks, or icons on the user’s device as a service to third parties or for advertising purposes.
- Any changes that an ad introduces must be properly attributed to the origin app, must be evident and easily reversible.
UI Impersonation. Ads must not simulate or impersonate the user interface of any app, or notification and warning elements of an operating system. Your app must not display any ad that attempts to impersonate or represent a system function or UI component. If such an ad is displayed in your app, your app will be in violation of policy and subject to suspension.
- No fake app UI notifications—Ads should not impersonate the interface of an application for advertising purposes.
- No fake system dialogs or warnings—Any ad that presents itself as a system dialog or warning and asks for user input is in violation of Google Play policies.
- No fake app updates—Ads should not impersonate system UI for app updates.
Ad walls. If your app uses ad walls to drive affiliate traffic, those ad walls must not force the user to click on ads or submit personal information for advertising purposes before using the app. All ad walls must give the user the option to cancel or otherwise dismiss the ad without penalty. Interstitial ads may only be displayed inside of the app they came with. Forcing the user to click on ads or submit personal information for advertising purposes in order to fully use an app is prohibited.
Interference. Ads associated with your app must not interfere with other apps or their ads. This includes overlays, companion functionality, or widgetized ad units. Advertising should only display within the app it came with.
As a developer of fitness and wellness apps, you often collect and manage important user information. Keep these key principles in mind:
- Always clearly explain to the user what data you will collect and why.
- Honor user requests to delete their data.
- If you read fitness data from Google Fit, you must also write the fitness data you collect to Google Fit.
- Do not use Google Fit APIs for non-fitness purposes, such as storing medical or biometric data, selling data, or using data for advertising.
- Carefully review the Google Fit Terms and Conditions before using Google Fit.
- By using the API, you agree to the Google Fit Terms and Conditions.
In addition to the general Google Developers Terms of Service, Google Fit developers must also comply with the following:
- Consent: Google Fit requires user consent before apps can read or store fitness data. Google Fit defines OAuth scopes that map to three permission groups with separate read and write privileges: activity, location, and body. Each permission group grants apps access to a set of data types. Apps specify one or more of these scopes to work with fitness data, and Google Fit requests the corresponding permissions from the user.
- Sharable Data Types: If you use Shareable Data Types, you may be required to comply with additional third-party terms. You must comply with all such terms as well as obtaining all necessary rights, permissions, and licenses required for using such Shareable Data Types.
- Location: You are responsible for obtaining all licenses or permissions you need to view, collect, store, or otherwise use location data in connection with Google Fit, including, if applicable, obtaining users’ consent to the location terms of service and licenses required pursuant to Korean law.
- Accuracy: Google does not intend Google Fit to be a medical device. You may not use Google Fit in connection with any product or service that may qualify as a medical device pursuant to Section 201(h) of the Federal Food Drug & Cosmetic (FD&C) Act.You will take reasonable steps to ensure that the content you provide to Google Fit is reasonably accurate and that you have stored that content appropriately in Google Fit. Google may remove or refuse any data that we determine to be inaccurate, inappropriate, or misleading.
- Content removal: You are responsible for complying with any request by a user to remove content. Google is not responsible for removing content that has been stored on third-party services or your own services.
Kids apps should comply with applicable children’s privacy statutes, including the Children’s Online Privacy Protection Act (COPPA). Google Play recently started taking down apps that potentially violate COPPA.
As an app developer, you can use Android’s child-directed setting to indicate whether you want Google to treat your content as child-directed when you make an ad request. If you indicate that you want Google to treat your content as child-directed via this SDK method, Google will take steps to disable IBA and remarketing ads on that ad request. More information on the setting can be found here.