Your mobile app (iOS, Android, Windows, BlackBerry) must have a Privacy Policy if the app collects personal data from users.
You'll need the Privacy Policy even if you do not collect this kind of data yourself but instead use third-party tools (such as Google Analytics Mobile, Flurry) that will collect this data for you.
Personal data is any kind of data that could identify an individual:
A Privacy Policy is required by law in most countries:
The FTC, in the US, requires all apps that collect and use personal information from users to properly inform about the collection and use of users' personal information.
The FTC has provided guidance for developers and businesses on what to be aware of to ensure compliance.
The "Executive Summary" of the FTC's "Mobile Privacy Disclosures: Building Trust Through Transparency" document states that developers of mobile app should have a Privacy Policy in place and make sure it's easily accessible through app stores.
This requirement applies to all app stores, including iOS and Android:
If you're submitting the app to an app store and your app collects personal information from users that will be using your app, then you must have a Privacy Policy.
You must make the policy easily accessible through the app profile page of for users to view and read the Privacy Policy before they download and install your app.
Depending on your mobile app and your business, you may be subject to other legal requirements:
The law also requires you to have a Privacy Policy for your Android app. It's not just iOS.
According to its Help pages, Google Play isn't making it a requirement to have a Privacy Policy for your Android app or game. Note the "may submit" word in the paragraph below:
As an Android developer, you may submit a privacy policy for each of your apps. When users browse your app in Google Play, they will be able to review the privacy policy before downloading your app.
But the Google Play Developer distribution agreement of Google - which must be read and agreed to when you sign-up up for a Google Play account - informs you that you're required to have "privacy procedures and notices in place".
A "Privacy notice" is a Privacy Policy agreement.
You agree that if you use the Store to distribute Products, you will protect the privacy and legal rights of users. If the users provide you with, or your Product accesses or uses, user names, passwords, or other login information or personal information, you must make the users aware that the information will be available to your Product, and you must provide a legally adequate privacy notice and protection for those users.
There is also the section at the bottom of the same Google's Developer agreement that instruct developers on what they can do if they don't want to add the link to Privacy Policy when the app is submitted for review:
Regardless of Google's information on this, your Android app is required by law to have a Privacy Policy if you collect personal data from users.
It just doesn't matter if your business operates a simple website or a mobile game.
A SaaS app is required to have a Privacy Policy. A simple website that only collects the email addresses is also required to have one.
Follow these steps to add the Privacy Policy URL to your Google Play Store app listing:
If you don't have the Privacy Policy ready yet, you can click "Not submitting a privacy policy URL at this time" at the "Store Listing" page.
Before you add the URL make sure you know which third parties tools you are using through the app that may collect personal data from users for you.
You can choose not to collect the data yourself through your Android app, but a third party you've partnered with (signed up an account with) can collect this data and report it back to you. This gives you access to personal information of users.
For example, if you use Google Analytics for your website or through Google Analytics' Mobile App Analytics service, you are required to have the Privacy Policy as mentioned in Google Analytics' Terms of Service agreement:
You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies that are used to collect data. You must disclose the use of Google Analytics, and how it collects and processes data.
Flurry does the same thing in Flurry Analytics' Terms of Service:
You agree that you have and will abide by a privacy policy that complies with all applicable laws and industry standards and that you will comply with all applicable laws relating to the collection of information from end users of your applications.
Here are some examples of Android apps and how they integrated their Privacy Policies in their apps.
YouTube
Google's YouTube Android app has a Privacy Policy link and it's available right from the Play Store listing:
By clicking on the link, the user is redirected to Privacy Policy of Google:
Dropbox Carousel
The Dropbox Carousel app on Android embeds the Privacy Policy of Dropbox in the app.
This embedded design system makes use of menus and allows a user to click through menu items from the Settings screen, to the Legal & Privacy screen, and then to the Privacy Policy item that will ultimately have the contents of that legal agreement loaded within the app.
This is the Settings screen on Dropbox Carousel app that shows the "Legal & Privacy" menu item:
The dialog window allows the user to choose what agreement to read:
The Privacy Policy of Dropbox is very easy to read on mobile screens:
Another example shows how Flipboard Android app links to its Privacy Policy page and its Terms of Use page from the Android app:
Users are able to view the contents of this legal agreement from Flipboard. The page places a convenient option for users to download Flipboard by placing a "Get the App" button:
The Android version of Pinterest app links to the Privacy Policy of Pinterest at the Developer Information section from its profile page on Google Play Store:
Their web page conveniently places a "Get the App" button that allows users to open Google Play and install the app, like Flipboard does:
This is a good example of how Android developers can make it convenient for users to download an app after reading the legal agreement users will be bound to.
Once a user downloaded, installed and signed up for Pinterest, the "Terms and privacy" link is always conveniently made available at the main "Settings" icon: