Android is secure by default and private by design. And Google Play designs policies and guidelines to create a safe ecosystem.

Design for privacy by focusing on minimization. Minimize permission requests, minimize location access, and minimize data visibility across apps.

Design for security by following best practices for encryption, integrity, and authentication.

Best practices

See guidance to help you design, implement, and distribute safe, security, and private apps.
Guide
Provide transparency for users, give control over private data access, and treat data responsibly.
Guide
Work with network communications, data storage, permissions, and app dependencies.
Guide
Design for compliance with Google Play policies to improve the user experience and create a safer ecosystem.
Guide
Follow best practices for user safety, whether you're developing an app or creating an SDK.

Android privacy enhancements over time

As threats to privacy evolve, the Android platform adds features and enhancements to help you protect users. See a timeline of features by release.
  • Scoped storage enhancements
  • Separate request for background location
  • Data access auditing
  • Approximate location
  • Privacy dashboard
  • Bluetooth permissions

  • Notification permission
  • Wi-Fi and storage permissions
  • Photo picker

Build apps to be private

Android is private by design. As the Android platform evolves, it continues to introduce new privacy-preserving capabilities. Because users are becoming more aware of the information that apps can collect, it's important to take proactive steps in your apps to maintain user trust.

Minimize permissions

Learn how your app can fulfill without requesting runtime permissions, and how to remove permissions your app no longer requires.
Guide
Before you declare permissions in your app, consider whether you need to do. Learn how the system can help you.
Guide
Send a request to the device's default camera app to take photos and videos, without requesting any camera-related permissions.
Guide
Use the system photo picker, which allows users to choose specific media items to share with your app.
Guide
Use the system-provided folder for app-specific information. Your app doesn't need any storage permissions to access this folder.
Guide
Use companion device pairing to find nearby devices without declaring location permissions.
Guide
If your app targets Android 13 or higher, the self-revoke APIs allow your app to revoke access to already-granted permissions that your app no longer requires.

Minimize location access

Specifically, minimize the precision and frequency of location access.
Guide
Wait to upgrade to precise location until the user is actively using features that require precise location.
Guide
Foreground location should fulfil most of the use cases. Only use background location when there is no alternative.
Guide
If your app targets Android 12 or higher, many APIs for nearby Bluetooth devices don't require location access.
Guide
If your app targets Android 13 or higher, many APIs for nearby Wi-Fi devices don't require location access.

Minimize data

In your app, minimize the visibility into the set of other installed apps and your use of non-resettable device identifiers.
Guide
If your app targets Android 11 or higher, declare the set of packages that you expect your app to interact with.
Guide
Use the appropriate user-resettable identifier for your app's use case. Starting in Android 12, the system restricts the set of device identifiers that apps can use.

Give users control

Help users understand how your app accesses their data, and give users more control.
Guide
Wait until the user is about to interact with the feature that requires a permission before requesting that permission.
Policy
Learn when your app must provide separate, in-app disclosures to explain the reason for accessing particularly sensitive permissions.
Guide
Each time you request a permission, check whether you should show an educational UI to users.
Guide
Use data access auditing APIs to detect when your app, or an SDK dependency, performs operations that are associated with a permission.
Guide
If the user denies a permission, your app should still work as well as it can without the permission.
Policy
In the Google Play Console, declare the types of user data that your app collects and shares.

Review what your users see

Be aware of how the system makes users more aware of the information that apps access and collect.
Feature
Starting in Android 12, the system shows an icon when an app accesses sensors that capture sensitive information.
Feature
Starting in Android 12, users are notified each time an app reads clipboard data that originated from a different app.
Feature
Starting in Android 12, the system provides an timeline view of permissions accessed by apps.
Feature
On all devices running Android 11 or higher, and on many devices that run Android 6.0 or higher, the system automatically revokes permissions from unused apps.

Build apps to be secure by default

Android’s goal is to be the safest mobile platform in the world. We consistently invest in technologies that bolster the security of the platform, its apps, and the global Android ecosystem.

Design for security

Learn about best practices for encryption, integrity, and the overall app security lifecycle.
Guide
Use the Play Integrity API to detect potentially risky and fraudulent interactions, such as cheating and unauthorized access.
Guide
Credential Manager is the modern Jetpack authentication library that supports passkeys, federated sign-in solutions such as Sign-in with Google, and legacy username/password authentication.
Guide
Use the Jetpack Biometric library to take advantage of a device's biometric sensors when authenticating users in your app.
Guide
HTTPS and SSL provide secure protocols for transferring data between your app and servers. A number of common errors can lead to insecure data transfer. Check for these in your app.
Guide
Where data is sensitive, encrypt it in the app's private storage to make it less accessible if the device is stolen and gets compromised.
Guide
Set up a vulnerability disclosure program (VDP) to provide guidelines for security researchers to disclose any previously undetected vulnerabilities to you.
To contribute to the Privacy Sandbox effort or just follow along, sign up to receive regular updates.
Featured

Google Play Policy

Google Play partners with you to deliver your apps and games safely to billions of people worldwide. Learn the latest policies, timeline, and implications for your apps.

Latest News

Latest Videos