Google has unveiled a comprehensive suite of updates to its Google Play policies, aimed at enhancing user privacy while simultaneously safeguarding businesses from fraudulent activities. The tech giant is also rolling out new features designed to streamline the management of contact and location policies, ensuring a more predictable app review process.
Play Policy Insights and Pre-Review Checks
Beginning in October, developers will gain access to Play policy insights within Android Studio, a tool that will assist them in determining whether their applications should incorporate the latest features. This guidance will also outline the necessary steps developers need to take to comply with the updated policies. Starting October 27, the Play Console will introduce new pre-review checks that will flag potential issues related to contact or location permissions, allowing developers to rectify these concerns prior to submitting their apps for review.
Accessing Contacts with Contact Picker
The Android Contact Picker is set to become the standard method for accessing contact information, enabling users to share only the specific contacts they wish to disclose. Bennet Manuel, Group Product Manager for App & Ecosystem Trust, emphasized the importance of this tool, stating, “Alongside this tool, we are updating our policy to require that all applicable apps use the picker, or other privacy-focused alternatives like Sharesheet, as the primary way to access users’ contacts. READ_CONTACTS will be reserved for apps that can’t function without it.”
Developers whose apps request access to contacts for functionalities such as sharing or inviting are encouraged to update their code to utilize the picker and eliminate the READ_CONTACTS permission when targeting Android 17 and above. Furthermore, any app that necessitates ongoing access to a user’s contact list must submit a Play Developer Declaration through the Play Console to substantiate this requirement.
Location Button for Precise Location
In an effort to simplify the process of requesting precise location data for one-time actions—such as locating a store or tagging a photo—Android is introducing a streamlined location button. This feature empowers users to control the extent of information they share and the duration of that sharing. The updated policy mandates that apps utilize this button for one-time precise location access, while those requiring continuous location access may continue to do so.
Developers are advised to review their apps’ location usage to ensure they are requesting only the minimum necessary data for functionality. If an app utilizes precise location for temporary actions and targets Android 17 and above, developers should include the onlyForLocationButton flag in their manifest. For apps that require persistent precise location access, a Play Developer Declaration must also be submitted through the Play Console.
Account Transfers in Play Console
The Play Console is introducing an official account transfer feature, designed to facilitate ownership changes during sales and mergers while simultaneously protecting businesses from potential fraud. This feature is mandatory for use starting May 27. It is important to note that unofficial transfers, such as sharing login credentials or engaging in the buying and selling of accounts on third-party marketplaces, are strictly prohibited.
Developers should initiate any future changes in account ownership through the “Users and permissions” page in the Play Console. Each transfer will be subject to a mandatory 7-day security cool-down period, allowing teams to detect and prevent any unauthorized attempts at account takeover.
