Privacy security best practices

This page contains a collection of data collection guidance and recommendations to ensure that Android users have control over the handling of their data.

Data logging

Logging data increases the risk of exposure of that data and reduces system performance. Multiple public security incidents have occurred as a result of logging sensitive user data.

  • Don't log to the sdcard.
  • Apps or system services shouldn't log data provided from third-party apps that might include sensitive information.
  • Apps must not log any Personally Identifiable Information (PII) as part of normal operation, unless it's absolutely necessary to provide the core functionality of the app.

CTS includes tests that check for the presence of potentially sensitive information in logs.

Metrics collection

Collecting metrics can be an essential part of understanding usage of your app and making improvements for the overall user experience. However, overly broad metrics collection can also present a risk to user privacy.

  • If at all possible, don't collect metrics.
    • If you must collect metrics, first request explicit, informed, and meaningful user consent.
  • With few exceptions, only collect metrics that are necessary to support the reliability of the service.
  • Avoid collecting identifiable or potentially sensitive data whenever possible, such as hardware identifiers.
  • Ensure data is sufficiently aggregated and anonymized whenever possible.

Spyware

Spyware is defined as software that aims to gather information about a user or device without their knowledge, that might send user information to another entity without consent.

  • Transmission of the following user or device data without disclosure or in a manner that is unexpected to the user is considered spyware (this list contains top examples, but isn't an exhaustive list):
    • Information about the user's contacts (names, numbers, emails)
    • Photos or other files
    • Content from user email
    • Call log
    • SMS log
    • Web history
    • Browser bookmarks
    • Private information from other apps (private /data/ directories)
    • Audio or call recording
    • Passwords
    • OAuth tokens
    • Location
  • Ensure that all apps provide a reasonable explanation disclosure to the user prior to installation.