Google announced something new with a significant effect on app owners. Around February 1st (2018), Google Safe Browsing will show warnings on apps and on websites leading to apps that collect a user’s personal data without their consent.
That means that soon Google will warn about any app that doesn’t have a privacy policy and doesn’t ask for consent where necessary. It doesn’t require a lot of fantasy to see how this can significantly affect any app providers. Let’s see how Google frames it and how you can make sure that this doesn’t happen to you – and if you’ve come here because it’s happened to you, how to fix it.
The Google Online Security Blog’s announcement outlines:
“In our efforts to protect users and serve developers, the Google Safe Browsing team has expanded enforcement of Google’s Unwanted Software Policy to further tamp down on unwanted and harmful mobile behaviors on Android. As part of this expanded enforcement, Google Safe Browsing will show warnings on apps and on websites leading to apps that collect a user’s personal data without their consent.
Apps handling personal user data (such as user phone number or email), or device data will be required to prompt users and to provide their own privacy policy in the app. Additionally, if an app collects and transmits personal data unrelated to the functionality of the app then, prior to collection and transmission, the app must prominently highlight how the user data will be used and have the user provide affirmative consent for such use.”
and
“These requirements apply to apps in Google Play and non-Play app markets. The Google Play team has also published guidelines for how Play apps should handle user data and provide disclosure.“
This can be quite a significant development as Google plans not only to display warnings for apps on its very own Google Play Store, but also on others such as the big App Store for iOS devices.
How to make sure Safe Browsing penalties don’t happen to you
It’s fairly simple and it’s what you’re supposed to do under privacy regulations anyway: provide a privacy policy and where necessary get explicit/affirmative consent for user data.
Handling personal user data – provide a privacy policy
In order to process personal data of users, you must disclose that data processing in a privacy policy and then prominently display that privacy policy for your users to see: within the app, on the app stores and on marketing pages. The process isn’t that complicated and iubenda helps you massively to achieve that, so you can concentrate building your app.
If you rather read a quick guide about how to provide your privacy policy, you can do that here:
If you want to skip all that and get right to generating your privacy policy with iubenda, then you can just use our generator for mobile app privacy policies.
Handling personal user data unrelated to the app functionality – seek affirmative consent
Google has another policy in place that require any apps that process user data unrelated to the functionality of the app to prominently highlight how the user data will be used and have the user provide affirmative consent for such use, all prior to collection and transmission.
These prominent disclosure requirements basically involve shutting down/pausing the app’s functionality before collecting that consent. You can read more about this here:
Google Play’s Prominent Disclosure Requirements
How to fix Google Safe Browsing Warning regarding your app
If you’ve already been penalized for your processing behavior (and non-disclosures), then you must fix the issues first as reported above: 1) add a privacy policy in the required places 2) require affirmative consent from users where necessary.
Affirmative consent is closely related to Google’s EU user consent policy. It will be interesting to see if Google starts to enforcing this in this way as well.
(Update: Google has recently introduced some significant changes in relation to the EU’s General Data Protection Regulation (GDPR). You can read all about the changes and how they will affect you here.)
When the above is done, then do the following as per Google’s guidelines:
- Webmasters whose sites show warnings due to distribution of these apps should refer to the Search Console for guidance on remediation and resolution of the warnings.
- Developers whose apps show warnings should refer to guidance in the Unwanted Software Help Center. Developers can also request an app review using this article on App verification and appeals, which contains guidance applicable to apps in both Google Play and non-Play app stores.
Privacy policy generator for mobile apps