Both the Android and iOS ecosystem have permissions for device data that the user needs to grant before apps can access that data. In particular the Android/Google Play world needs those permissions to be shown in a privacy policy in an app, and, in addition, on the Play Store page.
Below you’ll find the explanation of how you can easily integrate these permissions into your privacy policy.
Since iubenda is platform agnostic (functions across various platforms), the mobile permissions service describes mobile permissions in general and therefore also has permissions coming from the iOS world like HomeKit, Reminder, Motion Sensors etc. This is also useful if you create an app on both platforms.
To adapt your Android/iOS app to the requirements of the App Store/Google Play Store, you need to prepare a privacy policy stating in detail which personal data are collected and managed from the app, including any information relating to the collection of data from the device.
Begin to generate your own privacy policy for your mobile app by clicking on Start Generating > Mobile App:
Next, click Generate now under “Privacy and Cookie Policy”, then begin selecting all services used by your app (eg. Google Analytics, AdMob, Contact form etc.). For more information, see this guide on how to generate a policy (which includes information on choosing services).
In addition to the other services added above, now’s the time to also enable the clause “Device permissions for Personal Data access”.
This service will allow you to select and list the possible permissions that your application may request from the user in your privacy policy, such as access to the camera, microphone, contact list, geolocation, calendar etc.
Android permissions are the ones described in the Android/Google documentation as being “dangerous” permissions. Since requesting sub-permissions like GET_ACCOUNTS is part of the granted group permission like CONTACTS, that’s what our disclosure focuses on.
There is one exception to the rule here: You will find 4 different location disclosures with self-explanatory titles:
Following this example, look for the group permission names within the generator and then check if the disclosure printed out in the privacy policy follows your actual data handling. Here’s the table from the Google permission documentation for you:
For iOS permissions you can use the same disclosures as above found under 3. Android, in addition to these Apple has certain permissions that aren’t currently part of Android:
Once the privacy policy has been generated, remember to comply with the platform (Google or Apple) and data protection authority guidelines.
Google requires:
Apple specifically requires:
Remember: If your app processes user data while offline, be sure to provide users with an in-app offline method of accessing the privacy policy in order to be legally compliant.
In regards to iubenda’s mobile app integration methods, the direct link or direct text embedding methods are best. Whichever embed method you choose, remember that you’re legally required to choose a location that is easily accessible and visible to users. Check out the guide devoted to our integration methods for more information on how to integrate your privacy policy into your app.
With recent updates in data protection regulations, in particular, the GDPR, if you process user data based on consent, you are legally required to maintain legitimate records of consent. Click here to get a quick idea of what this entails and how our Consent Database can help you to be compliant. Otherwise, for a more detailed explanation, you can read the section on valid “Records of consent” in our GDPR guide here.
► Does your app target children? If so, you should read this guide as under the major global legislations, special conditions apply to the processing of personal data belonging to children.
For further details on privacy policies for Android/iOS apps on the app stores and its requirements, please refer to our guides here:
