Starting March 27, 2025, we recommend using android-latest-release instead of aosp-main to build and contribute to AOSP. For more information, see Changes to AOSP.
Privacy security best practices
Stay organized with collections
Save and categorize content based on your preferences.
This page contains a collection of data collection guidance
and recommendations to ensure that Android users have control over the
handling of their data.
Data logging
Logging data increases the risk of exposure of that data and reduces system
performance. Multiple public security incidents have occurred as a result of
logging sensitive user data.
- Don't log to the sdcard.
- Apps or system services shouldn't log data provided from third-party
apps that might include sensitive information.
- Apps must not log any Personally Identifiable Information (PII) as
part of normal operation, unless it's absolutely necessary to provide the
core functionality of the app.
CTS includes tests that check for the presence of potentially sensitive
information in logs.
Metrics collection
Collecting metrics can be an essential part of understanding usage of your
app and making improvements for the overall user experience. However, overly
broad metrics collection can also present a risk to user privacy.
- If at all possible, don't collect metrics.
- If you must collect metrics, first request explicit, informed,
and meaningful user consent.
- With few exceptions, only collect metrics that are necessary to support
the reliability of the service.
- Avoid collecting identifiable or potentially sensitive data whenever
possible, such as
hardware identifiers.
- Ensure data is sufficiently aggregated and anonymized whenever possible.
Spyware
Spyware is defined as software that aims to gather information about a user
or device without their knowledge, that might send user information to another
entity without consent.
- Transmission of the following user or device data without disclosure or
in a manner that is unexpected to the user is considered spyware (this
list contains top examples, but isn't an exhaustive list):
- Information about the user's contacts (names, numbers, emails)
- Photos or other files
- Content from user email
- Call log
- SMS log
- Web history
- Browser bookmarks
- Private information from other apps (private
/data/
directories)
- Audio or call recording
- Passwords
- OAuth tokens
- Location
- Ensure that all apps provide a reasonable explanation disclosure to
the user prior to installation.
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2024-09-24 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-09-24 UTC."],[],[],null,["# Privacy security best practices\n\nThis page contains a collection of data collection guidance\nand recommendations to ensure that Android users have control over the\nhandling of their data.\n\nData logging\n------------\n\nLogging data increases the risk of exposure of that data and reduces system\nperformance. Multiple public security incidents have occurred as a result of\nlogging sensitive user data.\n\n- Don't log to the sdcard.\n- Apps or system services shouldn't log data provided from third-party apps that might include sensitive information.\n- Apps must not log any Personally Identifiable Information (PII) as part of normal operation, unless it's absolutely necessary to provide the core functionality of the app.\n\nCTS includes tests that check for the presence of potentially sensitive\ninformation in logs.\n\nMetrics collection\n------------------\n\nCollecting metrics can be an essential part of understanding usage of your\napp and making improvements for the overall user experience. However, overly\nbroad metrics collection can also present a risk to user privacy.\n\n- If at all possible, don't collect metrics.\n - If you must collect metrics, first request explicit, informed, and meaningful user consent.\n- With few exceptions, only collect metrics that are necessary to support the reliability of the service.\n- Avoid collecting identifiable or potentially sensitive data whenever possible, such as [hardware identifiers](https://developer.android.com/training/articles/user-data-ids).\n- Ensure data is sufficiently aggregated and anonymized whenever possible.\n\nSpyware\n-------\n\nSpyware is defined as software that aims to gather information about a user\nor device without their knowledge, that might send user information to another\nentity without consent.\n\n- Transmission of the following user or device data without disclosure or in a manner that is unexpected to the user is considered spyware (this list contains top examples, but isn't an exhaustive list):\n - Information about the user's contacts (names, numbers, emails)\n - Photos or other files\n - Content from user email\n - Call log\n - SMS log\n - Web history\n - Browser bookmarks\n - Private information from other apps (private `/data/` directories)\n - Audio or call recording\n - Passwords\n - OAuth tokens\n - Location\n- Ensure that all apps provide a reasonable explanation disclosure to the user prior to installation."]]
