Privacy best practices

Android is focused on helping users take advantage of the latest innovations, while making sure users' security and privacy are always a top priority.

Pay attention to permissions

Build trust with your users by being transparent and providing users control over how they experience your app.

  • Request the minimum permissions that your feature needs at this time, as well as whenever you introduce major changes to your app.
  • If your app is distributed on Google Play, Android vitals tells you the percentage of users who deny permissions in your app.
  • Request the permission when it's needed, rather than at app startup, such that the permission need is clear to users. Use the shouldShowRequestPermissionRationale() method to determine if you should explain to users why your app is requesting a permission.
  • If you aren't able to design your app's flow to clearly communicate in context why the permission is requested, show an in-app explanation of how the permission request enables functionality that benefits the user.
  • Keep in mind that users may select the Don't ask again option in the permission request dialog. Android respects this user choice by ignoring permission requests from the same app unless the user grants the permission in the app settings. Don't unnecessarily display an explanation in these situations.
  • Gracefully degrade when users deny or revoke a permission. For example, you can disable your app's voice input feature if the user doesn't grant the microphone permission.
  • If you are using an SDK or library that accesses data guarded by dangerous permissions, users will generally attribute this to your app. Make sure you understand the permissions that your SDKs require and why.

Minimize your use of location

If your app requests permission to access location, help users make an informed decision.

  • If your app collects location information, explain to users how your app uses this information to deliver specific benefits to them. If your app can support its use cases without requiring any location data, don't request any location permissions.
  • If your app needs to pair the user's device with a nearby device over Bluetooth or Wi-Fi, use the companion device manager, which doesn't require location permissions.
  • Review the level of location granularity that your app needs. Coarse location access is sufficient to fulfill most location-related use cases.
  • Access location data while your app is visible to the user. That way, users can better understand why your app requests location information.
  • If your app requires background location, such as when implementing geofencing, make sure that it's critical to the core functionality of the app, and is done in a way that's obvious to users. Learn more about considerations for using background location.
  • Design your app so that it degrades gracefully when it doesn't have all-the-time access to location. On Android 10 and higher, users can limit your app's location access to while the app is in use.
  • If your app needs to retain location access for a user-initiated ongoing task after the user navigates away from your app's UI, start a foreground service before your app goes into the background. You can do this in one of Android's lifecycle callbacks, such as onPause().
  • Don't initiate foreground services from the background. Instead, consider launching your app from a notification and then executing the location code when your app's UI becomes visible.

Handle data safely

Note: You can read more about what's considered sensitive data in the User Data article page in the Google Play Developer Policy Center.

Be transparent and secure in how you handle sensitive data.

Use resettable identifiers

Respect your user's privacy and use resettable identifiers. See Best practices for unique identifiers for more information.