From the 3rd of October, 2018, Privacy Policy becomes mandatory for apps in an Apple Store. Likewise, Google Play also requires preparing certain privacy-related disclosures to users, in accordance with the GDPR. Failure to adhere to these laws can result in a reaction from the Google site. It could be from a warning to the limitation of visibility of the app, or even the removal from the Play Store.
The privacy policy should have basic elements, including information about third parties that have access to the data. Also, whether any third party collect data through widgets (e.g. social buttons) and integrations (e.g. Facebook Connect).
In addition to this, the use of any “dangerous” permission groups must show up in the privacy policy, like: calendar, camera, contacts, location, microphone, phone, sensors, SMS and storage.
If the app processes personal data of users for reasons unrelated to the functionality of it, the developer must include additional, easily visible disclosures about this usage and collects user consent.
If the app is made for children, direct notice to parents must be provided and verifiable parental consent with limited exceptions must be obtained, before collecting personal information online from children.
LEARNING TIP: Prepare clear and explicit Privacy Policy, identify what personal data is being collected and how, why the app or service collects it. Don’t forget to include “dangerous” permission groups.