Google Play's Spyware policy is designed to safeguard user privacy and protect devices from malicious applications, code, and behaviors. By ensuring our ecosystem is free from spyware and other types of malware, Google aims to create a safe and trusted ecosystem that users can rely on.
Overview
The Spyware policy requires that apps abide by the following:
- You must limit your access, collection, use, and sharing of personal and sensitive data acquired through the app to Policy-compliant functionality as expected by and/or consented to - by the user. Please see Prominent Disclosure and Consent requirements for more information.
- Protecting user privacy: Apps and embedded SDKs must comply with the User Data policy.
- Preventing all forms of spyware: Any behaviors that can be considered as spying on the user can also be flagged as spyware. You can see a non-exhaustive list of spyware examples below.
- Compliance with other Google Play policies: In addition to the Spyware policy, all apps must also comply with all other Google Play Developer Program policies, including User and Devices Data Policies such as Mobile Unwanted Software, User Data, Permissions and APIs that Access Sensitive Information, and SDK Requirements. Ensure any third-party code (for example, SDKs) and practices in your app do not cause your app to violate policies.
Examples of Spyware policy violations
The Spyware policy provides a non-exhaustive list of practices that are considered spyware violations. Further examples of behaviors that can be considered spyware violations are provided below:
- An app that uses an SDK which transmits data from audio or call recordings when it is not related to policy compliant app functionality.
- An application that steals information from other apps' notifications.
- Transmitting any of the following non-exhaustive list of information without policy compliant functionality or in a manner that is unexpected to the user (for example, if data collection occurs in the background when the user is not engaging with your app):
- Contact list
- Photos or other files from the SD card that aren’t owned by the app
- Content from user email
- Call log
- SMS log
- Information from the
/data/directories of other apps
- Personal loans or budgeting apps exfiltrating or sharing non-financial or personal SMS history of a user.
Other resources
To ensure compliance with the Spyware policy and other Google Developer Program Policies regarding device and user data, please refer to the following resources:
- Best practices for prominent disclosure and consent
- Understand app privacy and security practices with Google Play's Data safety section
- Using SDKs safely and securely
- Google Play Protect — Potentially Harmful Applications (Spyware)
- Google Play Academy’s training on Malware Play Policy and Mobile Unwanted Software (MUwS) Play Policy