Building Trust Through Permissions: Creating a Safe User Experience on Android

You may only request permissions that are necessary to implement current features or services in your app.

User trust is one of the most important factors in the success of any mobile application. Research conducted by Google shows that many users deny app permissions at least once, and around 15% of users uninstall apps when they are asked for permissions they do not understand or feel are unnecessary.
This clearly shows that permission requests must be meaningful, transparent, and justified.

Request Only What Your App Needs

Apps should request only the permissions that are essential for their core functionality. Unnecessary or excessive permission requests can confuse users and reduce trust.

According to Google Play policy:

• Permissions must directly support app features.

• If your app requests access to personal or sensitive user data, you must complete the appropriate permission declaration in Play Console.

• Sensitive permissions are automatically detected from your app manifest.

When permissions make sense to users, they are far more likely to grant them.

Importance of a Clear Privacy Policy

All apps published on Google Play must have a privacy policy, especially if they handle sensitive user or device data.

Your privacy policy must:

• Be hosted on an active and publicly accessible URL

• Clearly reference your app name

• Be labeled clearly as a Privacy Policy (in the title or URL)

• Explain what data is collected, how it is used, and whether it is shared

• Identify the types of third parties (if any) with whom data is shared

If your app uses sensitive data such as location, contacts, or device identifiers, this must be clearly disclosed.

Special Case: Background Location Access

If your app accesses location data in the background, additional transparency is required.

The privacy policy must:

• Explicitly state that background location is used

• Explain why the location data is collected

• Describe how the data supports app features

Example disclosure:

“This app collects location data to enable Feature A and Feature B, even when the app is closed or not in use.”

Prominent In-App Disclosures

When personal or sensitive data is accessed in ways that may not be obvious to users, you must provide a prominent in-app disclosure.

A valid disclosure must:

• Appear during normal app usage

• Not be hidden inside menus or settings

• Clearly describe the data being accessed

• Explain how the data will be used

For example, if your app accesses location data in the background, the disclosure should be shown clearly before or during that usage.

Permission Changes in Android 11 and Above

On Android 11 and newer versions:

• Users can choose Allow all the time, Allow only while using the app, or Deny

• The system may redirect users to the app’s permission settings screen

Developers should be familiar with these permission behaviors and guide users appropriately.

Be Aware of SDKs and Third-Party Libraries

Even if your app itself does not directly collect certain data, SDKs or third-party libraries might.
You are responsible for:

• Understanding what data these libraries access

• Disclosing their data usage in your privacy policy

• Ensuring compliance with Google Play policies

Conclusion

Creating a safe and trustworthy user experience is not just about compliance—it’s about respect for users.
By requesting only necessary permissions, providing clear disclosures, and maintaining a transparent privacy policy, developers can build confidence, reduce uninstalls, and deliver a better overall experience.

When in doubt, consult a legal professional to ensure your privacy practices meet all regulatory and policy requirements.

When personal or sensitive user data is used by the app or sent off the device for purposes that are not clear to the user (like accessing location in the background), a prominent disclosure must be made.

Learn more about requesting access to location in the background