Android is secure by default and private by design.

The platform is focused on bringing the best experiences and latest innovations to users, while keeping them safe by protecting their security and privacy. This page includes best practices and resources to help developers design and implement safe, secure, and private apps.

With each release, Android continues to provide features that help developers design more privacy-preserving apps. These apps provide transparency for users, give control over private data access, and treat data responsibly.
Our goal is to make Android the safest mobile platform. We consistently invest in technologies that bolster the security of the platform and tools that help you build apps to be secure by default.
Google Play helps you deliver your apps and games safely to billions of people worldwide. Learn about Google Play's policies and guidelines to improve the user experience and create a safer ecosystem.

Android privacy enhancements over time

We are continuously enhancing the platform to better protect users' privacy with each Android version. To learn more about the privacy changes in each release, click the boxes in the following diagram:
  • Scoped storage enhancements
  • Separate request for background location
  • Data access auditing
  • Approximate location
  • Privacy dashboard
  • Bluetooth permissions
  • Notification permission
  • Wi-Fi and storage permissions
  • Photo picker

Build apps to be private

Android is private by design. As the Android platform evolves, it continues to introduce new privacy-preserving capabilities. Because users are becoming more aware of the information that apps can collect, it's important for developers to take proactive steps in their apps to maintain user trust.

Permission minimization

In your app, minimize the number of permissions that you request and retain. This section shows several common use cases that your app can fulfill without requesting runtime permissions, as well as a way to remove permissions that your app no longer requires.
Guide
Send a request to the device's default camera app to take photos and videos, without requesting any camera-related permissions.
Guide
Use the system photo picker, which allows users to choose specific media items to share with your app.
Guide
Use the system-provided folder for app-specific information. Your app doesn't need any storage permissions to access this folder.
Guide
Use companion device pairing to find nearby devices without declaring location permissions.
Guide
If your app targets Android 13 or higher, the self-revoke APIs allow your app to revoke access to already-granted permissions that your app no longer requires.

Location minimization

In your app, minimize the precision and frequency of location access.
Guide
If possible, use only coarse location. Wait to upgrade to precise location until the user is actively using features that require precise location.
Guide
Use background location only to fulfill core functionality in your app. Google Play has a policy that enforces this best practice.
Guide
If your app targets Android 12 or higher, many APIs for nearby Bluetooth devices don't require location access.
Guide
If your app targets Android 13 or higher, many APIs for nearby Wi-Fi devices don't require location access.

Data minimization

In your app, minimize the visibility into the set of other installed apps and your use of non-resettable device identifiers.
Guide
If your app targets Android 11 or higher, declare the set of packages that you expect your app to interact with.
Guide
Use the appropriate user-resettable identifier for your app's use case. Starting in Android 12, the system restricts the set of device identifiers that apps can use.

Transparency and control

Help users understand how your app accesses their data, and give users more control.
Guide
Wait until the user is about to interact with the feature that requires a permission before requesting that permission.
Policy
Learn about when your app must provide separate, in-app disclosures to explain the reason for accessing particularly sensitive permissions to comply with a Google Play policy.
Guide
Each time you request a permission, check whether you should show an educational UI to users.
Guide
Use data access auditing APIs to detect when your app, or an SDK dependency, performs operations that are associated with a permission.
Guide
If the user denies a permission, your app should still work as well as it can without the permission.
Policy
Learn about how, in the Google Play Console, you declare the types of user data that your app collects and shares. This information appears in the "Data Safety" section of your app's listing.

User-facing privacy features

Be aware of how the system makes users more aware of the information that apps access and collect.
Feature
Starting in Android 12, the system shows an icon when an app accesses sensors that capture sensitive information.
Feature
Starting in Android 12, users are notified each time an app reads clipboard data that originated from a different app.
Feature
Starting in Android 12, the system provides an timeline view of permissions accessed by apps.
Feature
On all devices running Android 11 or higher, and on many devices that run Android 6.0 or higher, the system automatically revokes permissions from unused apps.

Build apps to be secure by default

Android’s goal is to be the safest mobile platform in the world. We consistently invest in technologies that bolster the security of the platform, its apps, and the global Android ecosystem.

Security Best Practices

Learn about best practices for encryption, integrity, and the overall app security lifecycle.
Guide
The Jetpack Security library (JetSec) provides a quick and easy way to encrypt your data. Where data is sensitive, encrypt it in the app’s private storage to make it less accessible if the device is stolen and gets compromised.
Guide
People need to trust the information provided by and data stored in apps that communicate government information. Learn how to create a strong security foundation for your app.
Guide
Use the Play Integrity API to detect potentially risky and fraudulent interactions, such as cheating and unauthorized access, allowing you to respond with appropriate actions to prevent attacks and reduce abuse.
Guide
Security researchers commonly assess new and updated apps for security issues. Set up a vulnerability disclosure program (VDP) to provide guidelines for these experts to disclose any previously undetected vulnerabilities to you.
Guide
HTTPS and SSL provide secure protocols for transferring data between your app and servers. However, there are a number of common mistakes that developers make that can lead to insecure data transfer. Check that you’re not making any of these in your app.
Guide
Use the Jetpack Biometric library to take advantage of a device’s biometric sensors when authenticating users in your app.
We want to work with the entire industry on designing the solution and will be soliciting feedback on our approach and the specific technologies used. If you are interested in contributing or just following along, please sign up below to receive regular updates.
Featured

Google Play Policy

Google Play partners with you to deliver your apps and games safely to billions of people worldwide. Learn the latest policies, timeline, and implications for your apps.

Latest News

Latest Videos