Google Play policy update reminders and key interpretations | Q4 2021

This article quickly introduces and reviews the recent important updates of the Google Play Developer Policy, as well as an in-depth interpretation of the family policy to help developers build apps suitable for families and children. You can also use the online training camp video . review.

In addition to October policy update , we have also updated the policy concerning the following:

• Violent content
• Pornography
• Implementation process

Welcome to Play Management Center for details.

important update reminder

Android 11, App Bundle and settlement library v3

From August 2021, new applications require:

• Target operating environment with API level 30 (Android 11) or higher, and make adjustments to adapt to changes in system behavior.
• Use the Android App Bundle format to publish, and use the Play Asset Delivery or Play Feature Delivery function to deliver resources or functions with a download size of more than 150MB. Please note that for new applications, expansion files (also known as OBB) will no longer be supported.
• The new application must use the settlement library version 3 or higher, which provides a new user payment method, subscription promotion function, game purchase transaction attribution function, and higher shopping reliability and security.

Starting from November 2021, the updated version of the application must target API level 30 or higher, make adjustments to adapt to changes in behavior in Android 11, and use settlement library version 3 or higher. Existing apps that have not been updated will not be affected, and users can continue to download them from the Play Store.

package visibility

For applications whose target operating environment is Android 11 and higher (SDK 30):

• You need to use QUERY_ALL_PACKAGES permission to view all other installed applications:
• Use the declaration form in the Play Control Center to declare the use of this permission.
• Applications installed on the device is a personal / sensitive user data, obtain visibility privileges appropriate range .

We understand that it may take some time to update the app, so we will notify you 60 days before the deadline.

data security part

https://www.bilibili.com/video/BV1ZS4y1Q7i2/?aid=721966832&cid=448244044&page=1

△ New security part of Google Play

We will use the details on Google Play in new "Security" section , you can tell the user to protect your privacy and security measures in this section.

In this section, you can give an overview of what data the app collects or share, and highlight details about privacy and security, such as whether the app has a data encryption mechanism.

We have also made several updates to the "User Data" policy in order to strengthen privacy protection and security:

• All apps must express their privacy policies in the Google Play Management Center and within the app.

  • The privacy policy must include information such as data retention and deletion policies.
  • Even if the application does not obtain any personal and sensitive user data, it must submit a privacy policy.
• Developers must provide clear and accurate information about what personal or sensitive user data the application collects or shares.
• If your app targets children, the SDK you use must be approved before it can be used in child-oriented services.

The Play Management Center is ready to submit the content of the "Data Security" section. Here are a few key points in time:

• October 2021: Start to fill out your "Data Security" form and add a privacy policy
• February 2022: Users will see this feature in the Google Play Store
• April 2022: Approval deadline for forms and privacy policy

Reminder: In addition to checking the way the app collects and shares user data, you should also check the way any third-party code (such as a third-party library or SDK) collects and shares such data in the app. You are responsible for ensuring that all such code used in your app complies with Play Developer Program policies. You must explain the collection or sharing of data by such third-party code in the application’s data security form.

Detailed Family Policy

Google Play has always been committed to providing a positive and safe platform environment for children and families. Please note that If the app’s target audience includes children, you must comply with the following requirements , otherwise the app may be taken down or suspended.

• Application content : The content accessible to children in your application must be suitable for children.
• application function : Your application cannot use the WebView of a certain website as the sole purpose, nor can it use a certain website to attract affiliate marketing traffic as the main purpose. No matter who owns the corresponding website, this practice is illegal.

• in the Play Management Center: You must answer the questions about the application in the Play Management Center according to the facts; if the application changes, you should also update the answer to truthfully reflect the corresponding changes. This includes, but is not limited to, accurately declaring interactive elements of the application in the content rating questionnaire, such as:

  • Whether users of the app can interact with each other or exchange information
  • Whether the application will share the information provided by the user with a third party
  • Whether the app will share the user's actual location information with other users

• Ads : If your app will show ads to children or users of uncertain age, you must:

  • Only use the Google Play certified advertising SDK , to show ads to these users.
  • Ensure that the advertisements shown to these users do not involve interest-based advertisements (for individual users with certain characteristics and based on their online browsing behavior) or remarketing functions (for individual users and based on their previous interaction with an app Or ads placed on the interaction of the website).
  • Make sure that the content presented in the ads shown to these users is appropriate for children.
  • Make sure that the ads shown to these users meet the family ad format requirements.
  • Ensure compliance with all applicable regulations and industry standards related to advertising to children.
• purchases: users purchase any in-app purchases in apps that have joined the Parent-Child Fun Program, Google Play will re-verify the user’s identity to help ensure that the person who approves the purchase is not a child.

• data practices: If your app collects any personal information and sensitive information (including API and SDK collection called or used by the app), you must disclose this behavior in the app. Children’s sensitive information includes but is not limited to identity verification information, microphone and camera sensor data, device data, Android ID, and advertising usage data. You must also ensure that the app follows the following data practices:

  • The Android Advertising Identifier (AAID), SIM card serial number, version serial number, BSSID, MAC, SSID, IMEI and/or IMSI obtained from children or users of uncertain age shall not be transmitted.
  • The phone number of the device must not be obtained through the TelephonyManager of the Android API.
  • Apps designed specifically for children may not solicit, collect, use, or transmit location information.
  • Unless your application only supports Companion Device Manager (CDM) , CDM must be used when the application requests Bluetooth permission.

• API and SDK: You must ensure that your application uses all APIs and SDKs in an appropriate way.

  • Apps specifically for children must not contain any APIs or SDKs that are not approved for use primarily for children-oriented services, including Google sign-in services (or any other Google API services that access data associated with Google accounts), Google Play game services, and any other API service that uses OAuth technology for authentication and authorization.
  • If the app’s target audience includes both children and users of higher age, the app must not use APIs or SDKs that are not approved for child-oriented services, unless such APIs or SDKs are conjunction with non-inclined age screening . Or use a method that does not collect children's data. If the app’s target audience includes both children and older users, the app must not require users to log in or access app content through APIs or SDKs that are not approved for child-oriented services.
  • Apps that join the Parent-Child Fun Program can only use self-certified advertising SDK .

• Augmented Reality (AR): If the application uses augmented reality technology, you must ensure that the security warning is displayed immediately when the AR part is activated. The warning should contain the following information:

  • Properly remind parents that they need to supervise their children's use of the application .
  • Remind the user to pay attention to the risk factors in the real environment (for example, pay attention to the surrounding environment).
  • Your app must not require the use of devices that are not recommended for children (such as Daydream and Oculus).

• social applications and features: If your application allows users to share or exchange information, you must accurately disclose these features in the content rating questionnaire in the Play Control Center.

  • Social applications: Social applications are applications whose main purpose is to allow users to share content in any format or communicate with large-scale groups. As long as the target audience of social applications includes children, children must be reminded through in-app messages to pay attention to online safety and understand the actual risks posed by online interactions before allowing them to exchange media content or information in any format. You must also require an adult to perform an action before allowing child users to exchange personal information.
  • Social function: Social function refers to any additional application function that allows users to share content in any format or communicate with large-scale groups. As long as the target audience of the app includes children and provides social functions, it is necessary to remind children users to pay attention to online safety and understand the actual risks brought by online interaction through in-app messages before allowing them to exchange media content or information in any format. You must also provide adults with a way to manage social features for child users, including but not limited to enabling/disabling social features or selecting different levels of features. Finally, you must require an adult to perform an action before you can enable the feature that allows children to exchange personal information.
  • Adult operation is a mechanism to verify that the user is not a child, and to discourage children from gaining access to content designed for adults in the app by falsely reporting their age. Specific measures include requiring an adult PIN, password, date of birth, photo ID, credit card, social security number (SSN), or email verification.

If the main purpose of the social application is to chat with strangers, children should not be targeted. Examples include: chat roulette apps, dating apps, open chat rooms mainly for children, etc.

• meets legal requirements: You must ensure that the application (including the API or SDK that the application calls or uses) complies with the U.S. Children's Online Privacy Protection Act (COPPA), the EU General Data Protection Regulation (GDPR), and any other applicable laws or Regulations.
• designed to be suitable for children and family applications

△ Timetable for implementation of important policies from 2021 to 2022

Thank you again for your attention to the Google Play policy update, and please don’t forget to go to Application Developer Academy get free training resources.