Google and California Privacy Policy Requirements

Jun 28, 2017 8:02:37 AM / by Himanshu Dwivedi

In 2017, both Google Play and the California Online Privacy Protection Act (CALOPPA) require mobile application publishers to provide a valid privacy policy on the App's Google Play page, especially if the App is requesting one or more of the following sensitive permissions:

privacy proxy pic.jpg


  • android.permission.CAMERA
  • android.permission.RECORD_AUDIO
  • android.permission.READ_PHONE_STATE
  • android.permission.GET_ACCOUNTS
  • android.permission.READ_CONTACTS

While the issue is the opposite of technical and interesting, if an App does not have a valid privacy policy on its Google Play page, it will be susceptible to the following availability and financial ramifications:

  • Google will limit the visibility of the App, up to and including removal from Google Play
  • CALOPPA may subject the App to fines "up to $2,500 for each time the App was downloaded"

Furthermore, to further protect mobile end-users, the Attorney General's office in California has released an online complaint form for end-users to report violations at any time, available at

Data Theorem scanned Google Play and identified thousands of apps with absent privacy policies. While the type of app varies from category to category, several categories of apps were missing policies including Finance, Business, as well as Social.

If your mobile app does not have a privacy policy directly linkable from its App Store or Google Play page, create one now and ensure it is reviewed and approved by the legal team. The process to add the privacy policy to the App's Google Play page is below:

  1. In the Google Play Developer Console, select the App
  2. Click on "Store Listing" on the left side
  3. Scroll to the bottom and locate "Privacy Policy"
  4. Insert the HTML link to your privacy policy in the text box


Topics: Mobile App Security, privacy

Himanshu Dwivedi

Written by Himanshu Dwivedi

CEO of Data Theorem, Inc.