I have seen that Play Store Developers received a mail to inform users about the usage of their personal data and to state why and how app's make use of certain features (like writing to the external storage/SD Card). I have to admit, I am new to Android Development and helping out here.
In our existing Play Store App we plan to release a new feature to take photos and thus access the camera for this purpose. I now wanted to ask how the following requirement has to be implemented: "Post a privacy policy in both the designated field in the Play Developer Console and from within the Play distributed app itself."
Is it some kind of Readme file, we have to upload or (like Apple does) have to provide a website with those information for the Play Store? (see http://www.iubenda.com/blog/privacy-policy-for-android-app/ first abstract), whereas other sources just talk about active URLs. Basically, a URL is not always available in an application (consider the case where a user got no internet connection)
How does it have to be presented in the App? Simple Toast, when accessing the Camera the first time or rather a new menu item "Privacy Policy" for the user and display the information in a website with formatted HTML, which we could also use for the PlayStore?
For the overal requirements see: https://play.google.com/about/privacy-security/personal-sensitive/
This question does not ONLY cover the Google PlayStore but also the best practises for embedding a such IN an Android Application.
For our implementation it was only concerning two aspects:
1) Camera Access 2) Storing data
I think the reason for Google to request a license Post was and still is to
Camera Access
We came up with the solution to not include the camera on our own, but instead performing "the Android way of delegating actions to other applications" and let someone else perform this for us. with the MediaStore.ACTION_IMAGE_CAPTURE. Bit unlucky it is that we had to write a FileProvider to support Androids new Sandboxing feature, as we come to step 2 "Storing Data"
Storing Data
We don't use the external storage anymore for this, instead we use the app's personal storage, as the data is tightly coupled to the rest of the application anyway. Of course, we had to ensure the app is still working if: 1. The user wants to delete specific files 2. The user deletes the app's data in settings
That's it: No Privacy Policy required anymore, as we don't use anything that would require certain permissions :-)