Privacy best practices

Android is focused on helping users take advantage of the latest innovations, while making sure users' security and privacy are always a top priority.

Pay attention to permissions

Build trust with your users by being transparent and providing users control over how they experience your app.

  • Request the minimum permissions that your feature needs at this time. Learn more.
  • If your app is distributed on Google Play, Android vitals give you insight into the percentage of permission denials your app is receiving.
  • Whenever you introduce major changes to your app, review the permissions that your app requests, as well as the data protected by each permission. Remove any unused permissions, and consider whether you can minimize the permissions that your use cases need.
  • Request the permission in-context for the use case, rather than at app startup, such that the permission need is clear to users. Use the available API to determine if your app should show a rationale to explain to users why it is asking for a permission. Alternatively, show a rationale if you cannot design your app’s flow to clearly communicate in context why the permission is requested. Learn more.
  • Keep in mind that users may select the Don’t ask again option in the permission request dialog. Android respects this user choice by ignoring permission requests from the same app unless the user grants the permission in the app settings.
  • Gracefully degrade when users deny or revoke a permission. For example, you can disable your app’s voice input feature if the user doesn’t grant the microphone permission.
  • From your users’ point of view, usage of data that’s guarded by dangerous permissions by an SDK or library is attributed to your app. Make sure you understand the permissions that your SDKs require and why. Learn more.

Minimize your use of location

If your app requests permission to access location, help users make an informed decision.

  • If your app can support its use cases without requiring any location permission at all, don't request it.
  • For certain cases such as companion device pairing, Android enables apps to pair with devices without requesting location permission.
  • Review why your app is requesting location and what granularity it needs. Explain the associated benefits to the user.
  • Coarse location access is sufficient to fulfill most location-related use cases. For city level or broader location, you can use IP-based location.
  • Features that don't rely on location access should continue to work if the app doesn't have any location permissions.
  • Design your app to work with conditions where it has access to location only while it is in the foreground. On Android 10 and higher, users can actually limit your app’s location access to while-in-use. Learn more.

Handle data safely

Note: You can read more about what’s considered sensitive data in the User Data article page in the Google Play Developer Policy Center.

Be transparent and secure in how you handle sensitive data.

  • Make users aware that your app collects, uses, or shares sensitive data, and explain the rationale for this data usage.
  • For your app’s data at rest, use Android’s built-in credential encryption. For data in transit, you should use SSL for all data transmission regardless of sensitivity.
  • Files that contain sensitive data should be in your app-private directory within internal storage. Learn more.
  • On Android 10, for files only relevant to your app, store them in the app-specific directory in the filtered view of external storage. Learn more about scoped storage.
  • If you need to pass sensitive data to another app, use an explicit intent. Grant one-time data access to further restrict the other app’s access.
  • Even when your app is in the foreground, it's a best practice to show a real-time indication that you are capturing from the microphone or camera. For example, you can use a foreground service ongoing notification to make sure users are aware. Note that Android 9 and higher don’t allow for microphone or camera access when your app is in the background.
  • Jetpack offers several libraries to keep your app’s data more secure. Learn more in the guides on using the Jetpack Security library and the Jetpack Preferences library.
  • Always use secure network connections. Learn more.
  • Don’t include sensitive data in logcat messages or your app’s log files. Learn more.

Use resettable identifiers

Respect your user’s privacy and use resettable identifiers. See Best practices for unique identifiers for more information.

  • Don’t access IMEI and device serial number, as these identifiers are persistent.
  • Only use an Advertising ID for user profiling or ads use cases. For apps in Google Play, this is a requirement. Always respect user preferences on advertisement tracking for personalization. Learn more.
  • For the vast majority of non-ads use cases, use a privately stored globally-unique ID (GUID), which is app-scoped. Learn more.
  • Use the secure settings Android ID (SSAID) to share state between the apps that you own without requiring the user to sign in to an account. Learn more.