Google Play Data Safety: What You Need To Know

Published on May 11, 2022
Reading time 14 min read
Views 10.71k

Google Play Data Safety: What You Need To Know

In May 2021, Google introduced the Google Play Data safety section, which was a big step towards elevating the privacy and security of Google Play users. Ever since, Google has been closely working with developers to build a transparent way for them to show users how they collect, share, and protect user data before the developer makes the app available on the Play Store.
Planned for May 2022, developers will be able to display user data collected, shared with third parties, data security practices, and more through the newly introduced Data safety section on each app’s listing page on the Play Store.

Why Was This Done?

A big part of feeling safe online is having control over your own data. With the new Data safety section, users will see what data an app collects or shares, if that data is secured, and additional details that impact privacy and security. This will help users make more informed choices when deciding which apps to install, helping keep Google Play a safe, trusted space for billions of people to enjoy the latest Android apps.

What Does This Section Include?

The Data safety section will be visible to users in May 2022 on your app’s listing page on Google Play. The section will display the information mentioned below — once you complete and submit the Data safety form and it’s reviewed by Google as part of the app review process.
The information displayed:

- What type of data is collected and stored
  Examples: approximate or precise location, contacts, personal information (e.g. name, email address), photos & videos, audio files, and storage files
- How the collected data is used
  Examples: app functionality and personalization
- How data is protected through security practices like encryption. This includes data collected and handled through any third-party libraries or SDKs used in their apps.
- Privacy Policy

Which Apps Need to Complete the Data Safety Form?

All apps published on Google Play must complete the Data safety form, including apps on internal, closed, open, or production testing tracks.
Even apps that do not collect any user data are required to complete this form and provide a link to their privacy policy. In this case, the completed form and privacy policy can indicate that no user data is collected or shared.

What Does This Mean for Your App?

Starting July 20, 2022, new app submissions and app updates will be rejected in the Play Console if there are unresolved issues with the form.
This means all new apps and app updates will require a completed Data safety form. You can no longer publish a new app or app update if your Data safety form is incomplete or has unaddressed issues.

We recommend that you complete and submit the Data safety form for review as early as possible. Give yourself enough time to complete the review before the July deadline date and also because the section will be made visible to users in May, as planned.
We’ve outlined a few tips to help you if you’re using CleverTap’s SDK in your Android app. But, due to the complexity of Google’s policies, please make sure you refer to Google Play’s Data safety documentation on your own and involve all stakeholders within your organization to figure out the right decision for your app.

How Should You Answer the Data Safety Form in Google Play?

We recommend that you review how your app collects and shares user data along with your app’s security practices and read and understand the requirements for completing the Data safety form in Play Console. The below guide will additionally help you answer the questionnaire from CleverTap’s perspective.

To begin, log into Google Play Console, go to App Content > Data Safety and answer the questions about your data-sharing. These questions are categorized into three subsections as follows:

Data Collection and Security

This section contains questions about data collection, security, and handling practices.

Data Collection
Data collection means all data transmitted off your app from a user’s device. To assess this, you can begin by reviewing the list of required user data types that you need to disclose.

Does your app collect or share any of the required user data types?

Yes – Answer Yes if you collect or share any data types.
No – Answer No if your app does not collect or share any user data types.
*Note: CleverTap does not collect any of the required data types automatically

Data Encryption & Deletion
You also need to disclose your app’s privacy and security practices which include data encryption practices in transit and data-deletion mechanisms. From CleverTap’s standpoint you can answer the following questions as suggested below.

Is all of the user data collected by your app encrypted in transit?
Yes – Answer Yes if you encrypt all the data sent to your servers and other third parties. Please note that CleverTap SDK encrypts all data in transit.
No – Answer No if your app or a third party does not encrypt the collected user data.
Do you provide a way for users to request that their data is deleted?

Yes – Answer Yes if your app allows users to request the deletion of their data. Please note that CleverTap provides a way to request the deletion of data. Refer to Delete User API
No – Answer No if you do not provide your users with an option to delete their data.

Data Types

Through this section, the app owner can declare all the data types collected by the app. The below table will help you with privacy declaration for data types:

*Category*	*Data Type*	*Description*	*Is Shared with CleverTap by Default?*	*Is Optional Sharing Possible With CleverTap?*
*Location*	*Approximate location*	User or device physical location accurate to within an area greater than or equal to three square kilometers, such as the city a user is in, or location provided by Android’s ACCESS_COARSE_LOCATION permission.	No	*Yes.* If you have configured to transmit this data type, respond accordingly. CleverTap Android SDK starting v3.1.9 and above (released in May 2018) has stopped tracking approximate location by default. Approximate location is captured only if the Device Network Information Reporting is enabled.
	*Precise location*	*User or device physical location accurate to within an area less than three square kilometers, such as location provided by Android’s ACCESS_FINE_LOCATION permission.*	No	*Yes.* *Precise Location is captured only if the user integrates the CleverTap GeoFencing SDK.*
*Personal info*	*Name*	*The way users refer to themselves, such as their first or last name, or nickname.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Email address*	*The user’s email address.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*User IDs*	*Identifiers that relate to an identifiable person. For example, an account ID, account number, or account name.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Address*	*The user’s address, such as a mailing or home address.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Phone number*	*The user’s phone number.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Race and ethnicity*	*Information about the user’s race or ethnicity.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Political or religious beliefs*	*Information about the user’s political or religious beliefs.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Sexual orientation*	*Information about the user’s sexual orientation.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Other info*	*Any other personal information, such as date of birth, gender identity, veteran status, and so on.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
*Financial info*	*User payment info*	*Information about the user’s financial accounts, such as credit card number.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Purchase history*	*Information about purchases or transactions a user has made.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Credit score*	*Information about the user’s credit score.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Other financial info*	*Any other financial information such as user salary or debts.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
*Health and fitness*	*Health info*	*Information about the user’s health, such as medical records or symptoms.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Fitness info*	*Information about the user’s fitness, such as exercise or other physical activity.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
*Messages*	*Emails*	*The user’s emails, including the email subject line, sender, recipients, and the content of the email.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*SMS or MMS*	*The user’s text messages including the sender, recipients, and the content of the message.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Other in-app messages*	*Any other types of messages. For example, in instant messages or chat content.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
*Photos or videos*	*Photos*	*The user’s photos.*	No	*No.*
	*Videos*	*The user’s videos.*	No	*No.*
*Audio files*	*Voice or sound recordings*	*The user’s voice such as a voicemail or a sound recording.*	No	*No.*
	*Music files*	*The user’s music files.*	No	*No.*
	*Other audio files*	*Any other user-created or user-provided audio files.*	No	*No.*
*Files and docs*	*Files and docs*	*The user’s files or documents, or information about their files or documents such as file names.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
*Calendar*	*Calendar events*	*Information from a user’s calendar such as events, event notes, and attendees.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
*Contacts*	*Contacts*	Information about the user’s contacts such as contact names, message history, and social graph information such as usernames, contact recency, contact frequency, interaction duration, and call history.	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
*App activity*	*App interactions*	*Information about how users interact with the app. For example, the number of times they visit a page or the sections that they tap on.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*In-app search history*	*Information search performed by the user in your app.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Installed apps*	*Information about the apps installed on the user’s device.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Other user-generated content*	*Any other user-generated content not listed here, or in any other section. For example, user bios, notes, or open-ended responses.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Other actions*	*Any other user activity or actions in-app not listed here such as gameplay, likes, and dialog options.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
*Web browsing*	*Web browsing history*	*Information about the websites that a user has visited.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
*App info and performance*	*Crash logs*	*Crash log data from user’s app. For example, the number of times your app has crashed, stack traces, or other information directly related to a crash.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Diagnostics*	*Information about the performance of your app. For example battery life, loading time, latency, framerate, or any technical diagnostics.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
	*Other app performance data*	*Any other app performance data not listed here.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*
*Device or other IDs*	*Device or other IDs*	*Identifiers that relate to an individual device, browser,* *or an app. For example, an IMEI number, MAC address, Widevine Device ID, Firebase installation ID, or advertising identifier.*	No	*Yes.* *If you have configured to transmit this data to CleverTap, respond accordingly.*

Data Usage and Handling

Data types collected by an application may or may not be shared. Through this section, the app owner can share why data is collected and shared with third parties.
Data Sharing
Data sharing would entail all user data transmitted from your app to a third party including CleverTap. For example, if a user adds a phone number to the app and records this information, this is collected data. However, if the app shares the phone number with CleverTap or any other third party, then the phone number is considered collected and shared data.

Does your app collect or share any of the required user data types?
Yes – Answer “Collected” & “Shared” for data types that are shared with CleverTap,
No – Answer No if your app does not collect or share any data with third parties
*Note: CleverTap does not automatically share data with any third parties.

Data Collection Purpose
Lastly, you need to mention the purpose for collection and sharing of each data type individually so your users understand why certain data is collected or collected and shared.

For every selected data type, you need to declare if it is collected, shared, or both.
If your app collects data, declare the following:

Purpose of collecting the data type: Select the appropriate reasons for collecting this data, such as App functionality, Analytics, Developer Communications, and so on.
Is the collected data type ephemeral: Is the data processed temporarily, or does it reside in the app permanently?
User Permission: If the user can allow or disallow data collection.
If your app shares data with a third party, declare the purpose of sharing this data.

What Happens Post Submission of the Data Safety Form?

Once you submit the form, all information provided will be reviewed by Google as part of the app review process. Until July 20, 2022, you will be temporarily able to publish app updates despite discrepancies in the information disclosed. But, you will have to revert your Data safety form’s status to “Draft” in Play Console to publish your app updates. You’lll receive an email, a Play Console Inbox notification, and a status update on the Policy status page informing you of the same.

After July 20, 2022, new app submissions and app updates will be rejected in the Play Console if there are unresolved issues with the form.

All new apps and app updates will require a completed Data safety form. You can no longer publish a new app or app update if your Data safety form is incomplete or has unaddressed issues.
If there are any outstanding discrepancies in the Data safety section information provided, users will see a note in the Data safety section of your app’s store listing that says “No data available,” and you’ll receive an email informing you that there are issues you need to address.
All new apps and app updates will require a valid privacy policy.
Non-compliant apps may face additional enforcement actions in the future, such as the removal of your app’s store listing from Google Play.