Android is secure by default and private by design.

The platform is focused on bringing the best experiences and latest innovations to users, while keeping them safe by protecting their security and privacy. This page includes best practices and resources to help developers design and implement safe, secure, and private apps.

Android continues to innovate in privacy. We help developers design apps that provide transparency for users, give control over private data access, and treat data responsibly.
Our goal is to make Android the safest mobile platform. We consistently invest in technologies that bolster the security of the platform and tools that help you build apps to be secure by default.
Google Play helps you deliver your apps and games safely to billions of people worldwide. Learn about Google Play's policies and guidelines to improve the user experience and create a safer ecosystem.

Build apps to be private

Android is private by design. As the Android platform evolves, it continues to provide tools and guidance to help developers design apps that minimize the amount of data that is used and give users control and transparency so that users can stay informed and decide what data to share.

View best practices

Transparency and control

Learn best practices while integrating privacy-friendly platform features. These features help users understand how apps use their data and give them control.
Guide
Users can grant a temporary permission for accessing location, microphone, or camera. Follow best practices on integrating permissions.
Guide
Privacy Dashboard provides data access transparency to users on supported Android 12 devices. Use it to explain to your users why your app accesses location, camera, or microphone information.
Guide
Give users control of choosing the level of location precision granted to your app. Make your app compatible with this on Android 12.
Guide
Android 12 lets users know when an app accesses clipboard data. Prevent unnecessary access by using clip description to determine if the metadata is indeed what your app needs.
Guide
Android 12 shows users visual indicators when an app accesses their microphone or camera. Use these indicators to check that your app’s accesses are working as you expect.
Guide
On supported Android 12 devices, users have control over camera and microphone access for all apps and services. Verify how your app responds to these toggles.
Guide
Users can grant fine-grained access to background location on devices running Android 10 or higher. Most use cases only require location in the foreground. Carefully consider your app’s needs for background location access as well as if it follows Google Play policy.
Guide
Learn how your app and its dependencies access private data. Associate data access with specific code paths or modules.

Data minimization

Use only the data that your use case needs.
Guide
It’s a best practice to work with user-resettable identifiers. Learn more about identifiers available for different use cases and Google Play policy considerations.
Guide
Use the scoped storage model if possible. For files only relevant to your app, store them in the app-specific directory in external storage. Broad access to storage should be limited to certain use cases only and the usage is subject to Google Play policy.
Guide
To limit access to user data, the system automatically resets user-granted permissions for rarely used apps and hibernates these apps to free up system resources. Follow existing best practices for requesting permissions to ensure that your app is compatible with this behavior.
Guide
To provide better accountability for access to installed apps on a device, Android 11 includes changes to limit how apps can query and interact with other apps. Most use cases should require little to no change.
Guide
Ensure that your app is in focus when accessing the clipboard.

Build apps to be secure by default

Android’s goal is to be the safest mobile platform in the world. We consistently invest in technologies that bolster the security of the platform, its apps, and the global Android ecosystem.

Security Best Practices

Learn about best practices for encryption, integrity, and the overall app security lifecycle.
View best practices
Guide
The Jetpack Security library (JetSec) provides a quick and easy way to encrypt your data. Where data is sensitive, encrypt it in the app’s private storage to make it less accessible if the device is stolen and gets compromised.
Guide
People need to trust the information provided by and data stored in apps that communicate government information. Learn how to create a strong security foundation for your app.
Guide
Use the Play Integrity API to detect potentially risky and fraudulent interactions, such as cheating and unauthorized access, allowing you to respond with appropriate actions to prevent attacks and reduce abuse.
Guide
Security researchers commonly assess new and updated apps for security issues. Set up a vulnerability disclosure program (VDP) to provide guidelines for these experts to disclose any previously undetected vulnerabilities to you.
Guide
HTTPS and SSL provide secure protocols for transferring data between your app and servers. However, there are a number of common mistakes that developers make that can lead to insecure data transfer. Check that you’re not making any of these in your app.
Guide
Use the Jetpack Biometric library to take advantage of a device’s biometric sensors when authenticating users in your app.
We want to work with the entire industry on designing the solution and will be soliciting feedback on our approach and the specific technologies used. If you are interested in contributing or just following along, please sign up below to receive regular updates.
Sign up
Featured

Google Play Policy

Google Play partners with you to deliver your apps and games safely to billions of people worldwide. Learn the latest policies, timeline, and implications for your apps.

Learn more

Latest News

Latest Videos