Announcing Policy Updates To Bolster Privacy and Security

Posted by Krish Vitaldevara, Director, Product Management

We are always looking to make Google Play a safer and more trustworthy experience for developers and consumers. Today, we’re announcing new policy updates to bolster user control, privacy, and security.

Giving users more transparency into data privacy and security

We’re sharing our new policy for the upcoming safety section in Google Play alongside additional information, like data definitions. Learn more.

Improving advertising privacy and security

We’ve long offered users meaningful controls with advertising ID, like being able to reset their identifier at any time or opt out of allowing the identifier to be used for ads personalization. We’re continuing to add more controls this year.

As we pre-announced to developers on June 2, we’re making a technical change as part of Google Play services update in late 2021. When users opt out of interest-based advertising or ads personalization, their advertising ID will be removed and replaced with a string of zeros. As a reminder, this Google Play services change will be a phased rollout, affecting apps running on Android 12 devices starting late 2021 and expanding to all apps running on devices that support Google Play in early 2022. Also, apps updating their target API level to Android 12 will need to declare a new Google Play services permission in the manifest file in order to use advertising ID.

We will also test a new feature that notifies developers and ad/analytics service providers of user opt-out preferences to help developers implement user choice and add to existing policy restrictions on how advertising ID can be used. When a user deletes their advertising ID, developers will receive a notification so they can promptly erase advertising IDs that are no longer in use.

In addition, we’re prohibiting linking persistent device identifiers to personal and sensitive user data or resettable device identifiers. This policy adds an additional layer of privacy protection when users reset their device identifiers or uninstall apps.

And last, we’re offering a developer preview of app set ID for essential use cases such as analytics or fraud prevention. App set ID is a unique ID that, on a given device, allows you to correlate usage or actions across a set of apps owned by your organization. You cannot use app set ID for ads personalization or ads measurement. It will also automatically reset if all the developers’ apps on the device are uninstalled or none of the apps have accessed the ID in 13 months.

Enhancing protection for kids

As we introduce app set ID for analytics and fraud prevention, we are also making changes to further enhance privacy for kids. If an app is primarily directed to children, it cannot transmit identifiers like advertising ID. If an app’s audience is both kids and adults, then it needs to avoid transmitting these identifiers for kids.

Over the next several months, we’ll share more information for a smooth transition.

Strengthening security

Security is fundamental to enabling privacy across our platform. We’re announcing a few policy updates to help keep user data secure.

First, Google Play remains a safer ecosystem when developers actively maintain their apps. So, we will close dormant accounts if the account is inactive or abandoned after a year. This includes accounts where the developer has never uploaded an app or accessed Google Play Console in a year.

We will continue supporting developers with actively growing apps. We won’t close accounts with apps that have 1000+ installs or have in-app purchases in the last 90 days. Developers whose accounts are closed can create new ones in the future, but they won’t be able to reactivate old accounts, apps, or data.

Second, it’s important for users to have an accessible experience that is secure. So, we’re adding new requirements on how AccessibilityService API and IsAccessibilityTool can be used. These tools help build accessible experiences, which often require access to user data and device functionality. Now, all apps that use the AccessibilityService API will need to disclose data access and purpose in Google Play Console and get approval. Learn more.

Reminder on Payments policy

As we shared earlier in July, after careful consideration of feedback from both large and small developers, we are giving developers an option to request a 6-month extension until March 31, 2022 to comply with our Payments policy.

For more resources

Thank you for helping us make Google Play an even more trustworthy platform for everyone.

Leave a Comment