en/security/best-practices/privacy.html - platform/docs/source.android.com - Git at Google

 <html devsite>
   <head>
     <title>Privacy Security Best Practices</title>
     <meta name="project_path" value="/_project.yaml" />
     <meta name="book_path" value="/_book.yaml" />
   </head>
   <body>
   <!--
       Copyright 2018 The Android Open Source Project

       Licensed under the Apache License, Version 2.0 (the "License");
       you may not use this file except in compliance with the License.
       You may obtain a copy of the License at

           //www.apache.org/licenses/LICENSE-2.0

       Unless required by applicable law or agreed to in writing, software
       distributed under the License is distributed on an "AS IS" BASIS,
       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
       See the License for the specific language governing permissions and
       limitations under the License.
   -->
 <p>This page contains a collection of data collection guidance
   and recommendations to ensure that Android users have control over the
   handling of their data.
 </p>

 <h2 id="logging-data">Logging data</h2>

 <p>Logging data increases the risk of exposure of that data and reduces system
   performance. Multiple public security incidents have occurred as a result of
   logging sensitive user data.</p>

 <ul>
   <li>Do not log to the sdcard.</li>
   <li>Apps or system services should not log data provided from third-party
     apps that might include sensitive information.</li>
   <li>Apps must not log any Personally Identifiable Information (PII) as
     part of normal operation, unless it's absolutely necessary to provide the
     core functionality of the app.</li>
 </ul>

 <p>CTS includes tests that check for the presence of potentially sensitive
   information in logs.</p>

 <h2 id="metrics-collection">Metrics collection</h2>

 <p>Collecting metrics can be an essential part of understanding usage of your
   app and making improvements for the overall user experience. However, overly
   broad metrics collection can also present a risk to user privacy.</p>

 <ul>
   <li>If at all possible, don't collect metrics.
     <ul>
       <li>If you must collect metrics, first request explicit, informed,
         and meaningful user consent.</li>
     </ul>
   </li>
   <li>With few exceptions, only collect metrics that are necessary to support
     the reliability of the service.</li>
   <li>Avoid collecting identifiable or potentially sensitive data whenever
     possible, such as
     <a href="https://developer.android.com/training/articles/user-data-ids"
        class="external">hardware identifiers</a>.</li>
   <li>Ensure data is sufficiently aggregated and anonymized whenever possible.</li>
 </ul>

 <h2 id="spyware">Spyware</h2>

 <p>Spyware is defined as software that aims to gather information about a user
   or device without their knowledge, that may send user information to another
   entity without consent.</p>

 <ul>
   <li>Transmission of the following user or device data without disclosure or
     in a manner that is unexpected to the user is considered spyware (this
     list contains top examples, but is not an exhaustive list):
     <ul>
       <li>Information about the user's contacts (names, numbers, emails)</li>
       <li>Photos or other files</li>
       <li>Content from user email</li>
       <li>Call log</li>
       <li>SMS log</li>
       <li>Web history</li>
       <li>Browser bookmarks</li>
       <li>Private information from other apps (private <code>/data/</code>
         directories)</li>
       <li>Audio or call recording</li>
       <li>Passwords</li>
       <li>OAuth tokens</li>
       <li>Location</li>
     </ul>
   <li>Ensure that all apps provide a reasonable explanation disclosure to
     the user prior to installation.</li>
 </ul>
 </body>
 </html>
	<html devsite>
	<head>
	<title>Privacy Security Best Practices</title>
	<meta name="project_path" value="/_project.yaml" />
	<meta name="book_path" value="/_book.yaml" />
	</head>
	<body>
	<!--
	Copyright 2018 The Android Open Source Project

	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at

	//www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->
	<p>This page contains a collection of data collection guidance
	and recommendations to ensure that Android users have control over the
	handling of their data.
	</p>

	<h2 id="logging-data">Logging data</h2>

	<p>Logging data increases the risk of exposure of that data and reduces system
	performance. Multiple public security incidents have occurred as a result of
	logging sensitive user data.</p>

	<ul>
	<li>Do not log to the sdcard.</li>
	<li>Apps or system services should not log data provided from third-party
	apps that might include sensitive information.</li>
	<li>Apps must not log any Personally Identifiable Information (PII) as
	part of normal operation, unless it's absolutely necessary to provide the
	core functionality of the app.</li>
	</ul>

	<p>CTS includes tests that check for the presence of potentially sensitive
	information in logs.</p>

	<h2 id="metrics-collection">Metrics collection</h2>

	<p>Collecting metrics can be an essential part of understanding usage of your
	app and making improvements for the overall user experience. However, overly
	broad metrics collection can also present a risk to user privacy.</p>

	<ul>
	<li>If at all possible, don't collect metrics.
	<ul>
	<li>If you must collect metrics, first request explicit, informed,
	and meaningful user consent.</li>
	</ul>
	</li>
	<li>With few exceptions, only collect metrics that are necessary to support
	the reliability of the service.</li>
	<li>Avoid collecting identifiable or potentially sensitive data whenever
	possible, such as
	<a href="https://developer.android.com/training/articles/user-data-ids"
	class="external">hardware identifiers</a>.</li>
	<li>Ensure data is sufficiently aggregated and anonymized whenever possible.</li>
	</ul>

	<h2 id="spyware">Spyware</h2>

	<p>Spyware is defined as software that aims to gather information about a user
	or device without their knowledge, that may send user information to another
	entity without consent.</p>

	<ul>
	<li>Transmission of the following user or device data without disclosure or
	in a manner that is unexpected to the user is considered spyware (this
	list contains top examples, but is not an exhaustive list):
	<ul>
	<li>Information about the user's contacts (names, numbers, emails)</li>
	<li>Photos or other files</li>
	<li>Content from user email</li>
	<li>Call log</li>
	<li>SMS log</li>
	<li>Web history</li>
	<li>Browser bookmarks</li>
	<li>Private information from other apps (private <code>/data/</code>
	directories)</li>
	<li>Audio or call recording</li>
	<li>Passwords</li>
	<li>OAuth tokens</li>
	<li>Location</li>
	</ul>
	<li>Ensure that all apps provide a reasonable explanation disclosure to
	the user prior to installation.</li>
	</ul>
	</body>
	</html>