Google Play Data Safety Compliance

After it was first announced in May 2021, Google Play has now started rolling out its new “Data safety” section. This means that developers will need to properly disclose information about how their apps collect, share, and secure user data. Apps must submit the required information by July 20.

Although Google’s Data safety section is similar to Apple’s privacy labels, Apple’s labels are more focused on the type of data collected. In contrast, Google’s labels take a more holistic approach to privacy and give additional context on how the app is handling that data as well as safety and security practices.

Who Do These Measures Apply To?

All apps published on Google Play must now complete the Data safety form, including apps on internal, closed, open, or production testing tracks. Even apps that don't collect user data are required to complete this form and provide a link to their privacy policy.

What Information Do You Need to Provide?

Developers will be required to state the user data types they’re collecting and the purposes for which they’re collecting the data. They must also disclose the following information:

• Data collection - transmitting data from your app off a user’s device
• Data sharing - transferring user data collected from your app to a third party
• Data handling - specifying whether each data type collected by your app is “optional” or “required”
• [Optional] Other app and data disclosures - choose to showcase your app’s privacy and security practices, such as encryption and deletion mechanisms
• [Optional] Commitment to follow the Families policy - choose to display a badge stating that you have “Committed to follow the Play Families Policy”
• [Optional] Independent security review - choose to declare that your app has been independently validated against a global security standard

Information disclosure also applies to data collected and handled through any third-party libraries or SDKs used in the apps.

The OneSignal Android SDK does not share any data with data brokers or for targeted advertising or advertising measurement purposes. We do, however, collect some data for Analytics purposes to help you better understand your engagement and conversions.

What Steps Should You Take?

• Understand Google Play’s privacy requirements.
• Review how your app collects and shares user data as well as your app’s security practices.
• For a breakdown of OneSignal’s data types to help you fill out the questions, refer to our documentation here. We also provide a list of all data collected by the OneSignal SDK in our documentation here.
• Confirm your Android SDK version. OneSignal Android Native SDK 4.0+ and later no longer collect the Google Advertising ID (AAID). We recommend upgrading, but this is not required. If you would like to upgrade, you can find instructions here.
• Complete the Data safety section in the App content tab on the Google Play Console. Instructions from Google can be found here.

Developers will be responsible for entering and maintaining accurate responses in the Play Console. Make sure you refer to OneSignal’s documentation for Google Play Data safety compliance to help ensure you’re accurately reporting your privacy details.

Still have questions? Reach out to our team for support.