| <html devsite> |
| <head> |
| <title>Privacy Security Best Practices</title> |
| <meta name="project_path" value="/_project.yaml" /> |
| <meta name="book_path" value="/_book.yaml" /> |
| </head> |
| <body> |
| <!-- |
| Copyright 2018 The Android Open Source Project |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| //www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <p>This page contains a collection of data collection guidance |
| and recommendations to ensure that Android users have control over the |
| handling of their data. |
| </p> |
| |
| <h2 id="logging-data">Logging data</h2> |
| |
| <p>Logging data increases the risk of exposure of that data and reduces system |
| performance. Multiple public security incidents have occurred as a result of |
| logging sensitive user data.</p> |
| |
| <ul> |
| <li>Do not log to the sdcard.</li> |
| <li>Apps or system services should not log data provided from third-party |
| apps that might include sensitive information.</li> |
| <li>Apps must not log any Personally Identifiable Information (PII) as |
| part of normal operation, unless it's absolutely necessary to provide the |
| core functionality of the app.</li> |
| </ul> |
| |
| <p>CTS includes tests that check for the presence of potentially sensitive |
| information in logs.</p> |
| |
| <h2 id="metrics-collection">Metrics collection</h2> |
| |
| <p>Collecting metrics can be an essential part of understanding usage of your |
| app and making improvements for the overall user experience. However, overly |
| broad metrics collection can also present a risk to user privacy.</p> |
| |
| <ul> |
| <li>If at all possible, don't collect metrics. |
| <ul> |
| <li>If you must collect metrics, first request explicit, informed, |
| and meaningful user consent.</li> |
| </ul> |
| </li> |
| <li>With few exceptions, only collect metrics that are necessary to support |
| the reliability of the service.</li> |
| <li>Avoid collecting identifiable or potentially sensitive data whenever |
| possible, such as |
| <a href="https://developer.android.com/training/articles/user-data-ids" |
| class="external">hardware identifiers</a>.</li> |
| <li>Ensure data is sufficiently aggregated and anonymized whenever possible.</li> |
| </ul> |
| |
| <h2 id="spyware">Spyware</h2> |
| |
| <p>Spyware is defined as software that aims to gather information about a user |
| or device without their knowledge, that may send user information to another |
| entity without consent.</p> |
| |
| <ul> |
| <li>Transmission of the following user or device data without disclosure or |
| in a manner that is unexpected to the user is considered spyware (this |
| list contains top examples, but is not an exhaustive list): |
| <ul> |
| <li>Information about the user's contacts (names, numbers, emails)</li> |
| <li>Photos or other files</li> |
| <li>Content from user email</li> |
| <li>Call log</li> |
| <li>SMS log</li> |
| <li>Web history</li> |
| <li>Browser bookmarks</li> |
| <li>Private information from other apps (private <code>/data/</code> |
| directories)</li> |
| <li>Audio or call recording</li> |
| <li>Passwords</li> |
| <li>OAuth tokens</li> |
| <li>Location</li> |
| </ul> |
| <li>Ensure that all apps provide a reasonable explanation disclosure to |
| the user prior to installation.</li> |
| </ul> |
| </body> |
| </html> |