Google Play Guidelines Update

July 15, 2026768 sections changed

Get notified when policies change

One email per change. No marketing, no spam.

google-play-families-policiesGoogle Play Families PoliciescriticalGoogle Play Families Policies
Added

Google is expanding its Families Policy Requirements to ban developers of anonymous chat apps from targeting children. Previously there was no explicit call-out for anonymous chat as a prohibited category in child-directed contexts. If your app offers anonymous chat features and targets children or a mixed audience that includes children, you will need to restructure your app's targeting or remove the anonymous chat functionality to remain compliant.

Show full text

Added

We're expanding our Families Policy Requirements policy to prohibit developers of anonymous chat apps from targeting children.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Removed

The rule requiring all apps to post a privacy policy link in the Play Console designated field and within the app itself has been removed from this section. This was one of the most fundamental and broadly enforced requirements, and its absence here is significant. Developers must verify whether this requirement has moved to another policy document, as privacy policy links remain a standard store listing field and likely still required.

Show full text

Removed

Privacy Policy All apps must post a privacy policy link in the designated field within Play Console, and a privacy policy link or text within the app itself.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This is a newly stated explicit prohibition on selling personal and sensitive user data, added directly to Developer Program Policy. While data monetization practices were previously governed by privacy and ads policies, this statement elevates the prohibition to a top-level policy rule. Apps that monetize user data through data brokers, data marketplaces, or direct sale arrangements are now in clear violation. Developers should review any data monetization arrangements and ensure they do not constitute a sale of user data.

Show full text

Added

Don't sell personal and sensitive user data.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This addition places child safety policy compliance as a named, explicit requirement within the Developer Program Policy. While child safety rules existed elsewhere in Google Play policies, elevating it here signals stricter enforcement at the program level. Any app that enables, facilitates, or fails to prevent child exploitation or inappropriate child-directed content is now in violation of this top-level rule. Developers of any app that could reach or be used by minors should thoroughly review Google's child safety policies.

Show full text

Added

Don't violate child safety policies.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This new addition makes it an explicit Developer Program Policy requirement — not just a Families policy requirement — that child-directed apps comply with the Google Play Families policy, specifically calling out its data handling provisions. Developers who target children must ensure their data practices, third-party SDKs, and content meet Families policy standards. Non-compliance now creates a dual policy violation: both Families policy and the broader Developer Program Policy. If your app is rated for or targeted at children, a Families policy compliance audit is now essential.

Show full text

Added

If your app is for children, you must comply with the Google Play Families policy, which includes specific rules for handling user data.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This addition formally states that apps must allow users to delete their accounts, aligning with the account deletion requirement Google has been rolling out in Play Console. Previously this was communicated as a Play Console policy and deadline, but it is now stated as a Developer Program Policy rule. Apps that create user accounts must provide a clear in-app path to account and associated data deletion. Developers who have not yet implemented account deletion functionality risk policy violations and potential removal.

Show full text

Added

Allow account deletion.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google has published the full policy text for prominent disclosure requirements, targeting cases where an app's data collection or sharing would not be reasonably expected by users — particularly background data collection when the app is not in active use. The policy mandates an explicit in-app disclosure (not just a privacy policy link) detailing data access, collection, use, and sharing. Any app collecting data in the background or in ways users wouldn't anticipate must implement this disclosure or face rejection.

Show full text

Added

Full Policy In cases where your app's access, collection, use, or sharing of personal and sensitive user data may not be within the reasonable expectation of the user of the product or feature in question (for example, if data collection occurs in the background when the user is not engaging with your app), you must meet the following requirements: Prominent disclosure: You must provide an in-app disclosure of your data access, collection, use, and sharing.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google has introduced a dedicated policy summary covering restrictions on apps that access financial data, contact data, or persistent identifiers. This signals a new or formalized category of enforcement targeting these specific sensitive data types. Developers whose apps interact with any of these data categories should review the full policy details to ensure their data handling practices are compliant.

Show full text

Added

Restrictions for Personal and Sensitive Data Access Policy Summary Google Play enforces specific restrictions on apps that handle financial, contact, or persistent identifier data.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google has introduced an explicit requirement that child-directed apps use only SDKs that have been approved for use in apps targeting children. Previously, SDK selection may have been governed by broader Families Policy rules, but this is now a direct stated requirement. Developers of child-directed apps must audit all third-party SDKs they integrate and remove or replace any that are not on Google's approved list, or risk rejection.

Show full text

Added

Apps for children must use approved SDKs.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google now explicitly restricts the practice of linking persistent device or user identifiers to other data categories, permitting it only for specific telephony or enterprise device management purposes. Apps doing this must also provide clear disclosures to users. Developers who associate advertising IDs, device IDs, or similar persistent identifiers with behavioral or personal data outside these permitted use cases will need to change their data practices to remain compliant.

Show full text

Added

Apps that link persistent identifiers to other data must be for specific telephony or enterprise management purposes, with clear user disclosures.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

A new headline rule states that apps targeting children must not incorporate SDKs that lack explicit approval for child-directed environments. This is a significant addition for developers in the family or kids app space who may be using third-party SDKs for analytics, ads, or features. Using a non-approved SDK—even unintentionally—can now result in policy violations and rejection. Developers should audit all third-party SDKs in children's apps against Google's approved SDK list.

Show full text

Added

Don't use unapproved SDKs for children's apps.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This is the detailed counterpart to the headline rule at index 55, making it explicit that the prohibition on unapproved SDKs applies to all apps in the children's category regardless of the SDK's purpose. Even SDKs used for crash reporting, analytics, or feature flags must be approved if the app targets children. Developers should not assume a general-purpose SDK is compliant just because it lacks advertising features. A full SDK review against Google's approved list is now essential before submitting or updating children's apps.

Show full text

Added

Do not include unapproved SDKs in apps targeting children.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google Play is formally introducing a Data Safety section policy that requires developers to fully disclose what user data their app collects, how it is used, and how it is shared. This is a new overarching policy framework, not just a UI feature. All developers must now treat the Data Safety section as a binding compliance obligation, not an optional form. Failure to accurately complete it can result in policy violations.

Show full text

Added

Data safety section Policy Summary Google Play requires full transparency about the user data your app collects and how it's used.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

A new Don't rule explicitly bans any attempt to obscure or hide data collection and usage practices from users. While deceptive data practices were implicitly prohibited before, this makes the prohibition explicit and enforceable as a named policy violation. Apps that use technical or UX patterns to downplay data collection (e.g., burying disclosures or using vague language) are now clearly in scope. This could be grounds for rejection or removal.

Show full text

Added

Don't attempt to hide data collection or usage from users.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google has introduced an explicitly titled Privacy Policy Policy section in the Developer Program Policy, formally requiring all apps to have a comprehensive privacy policy that is accessible both within the app and linked in the Play Console. While a privacy policy has long been expected, codifying this as a named policy section signals stronger enforcement. Developers without a linked, in-app-accessible policy are now clearly out of compliance.

Show full text

Added

Privacy Policy Policy Summary To promote user trust and privacy, Google Play requires every app to have a comprehensive privacy policy accessible within the app and linked in the Play Console.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google requires that any app allowing users to create an account must also provide a straightforward, easy-to-find mechanism for deleting that account. This formalizes and strengthens the account deletion requirement on Google Play. The deletion option must be prominently accessible, not hidden or hard to locate. Apps lacking this feature face rejection or removal.

Show full text

Added

Implement a clear, accessible process for user account deletion.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google now explicitly states that upon account deletion, all associated user data must be permanently and fully deleted. Retaining any user data after account deletion — beyond what is legally required — is a policy violation. Developers must ensure their backend systems and data pipelines fully purge user records and not just mark them inactive. This requirement applies unless legal or regulatory obligations mandate retention, which must be disclosed.

Show full text

Added

Don't fail to permanently delete all user data upon account deletion.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This requirement reinforces that deleting an account must trigger deletion of all data tied to that account across all systems. Developers cannot retain user-linked data in ancillary databases, analytics stores, or backup systems after deletion. This goes beyond just the primary account record and encompasses all associated data. Apps should audit their entire data infrastructure to ensure full compliance.

Show full text

Added

Upon account deletion, ensure all associated user data is deleted.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google has introduced a named Account Deletion Requirement Policy, formally establishing that any app allowing users to create an account must provide a clear in-app option to delete it. This consolidates and elevates earlier account deletion guidance into a distinct, enforceable policy with its own summary. Developers whose apps include account creation flows must ensure a compliant deletion path is in place or face rejection. This is one of the most significant user data control requirements added to the Developer Program Policy.

Show full text

Added

Account Deletion Requirement Policy Summary To comply with Google Play policy and respect user data control, apps that allow account creation must provide a clear option for account deletion.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Developers are explicitly forbidden from using the App Set ID for personalized advertising or ad measurement purposes. This draws a hard line distinguishing the App Set ID from advertising identifiers like the Advertising ID (GAID). Apps that attempt to repurpose the App Set ID for ad targeting or measurement pipelines will be in violation of policy. Ad tech developers in particular need to ensure their SDKs and integrations do not misuse this identifier.

Show full text

Added

Don't use the App Set ID for personalized ads or ad measurement.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

The policy prohibits linking the App Set ID to any Android identifiers or personal and sensitive user data for advertising purposes. This prevents developers from using the App Set ID as a bridge to reconnect advertising profiles or fingerprint users indirectly. Developers building data pipelines or working with ad networks must ensure the App Set ID is kept isolated from advertising data flows. Violations of this rule could result in app removal.

Show full text

Added

Don't link the App Set ID to any Android identifiers or personal and sensitive user data for advertising purposes.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This is a newly added policy section with no prior equivalent in the Developer Program Policy. Apps that handle personal data from users in the EEA, UK, or Switzerland must now comply with applicable privacy and data protection laws in those regions. This is a significant addition for any developer whose app collects or processes data from European users, as non-compliance becomes an explicit policy violation.

Show full text

Added

EU-U.S., UK, and Swiss Data Privacy Frameworks Policy Summary If your app handles personal data from users in the European Economic Area, UK, or Switzerland, you must comply with their privacy and data protection laws.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

The full policy specifies that any developer accessing, using, or processing personal information sourced from Google that originates in the EEA, UK, or Switzerland must comply with all applicable privacy, data security, and data protection laws. Data use must be limited to purposes consistent with the consent obtained from users. This applies specifically to Google-provided data, meaning developers building on Google APIs or services that surface EU user data are directly in scope.

Show full text

Added

Full Policy If you access, use, or process personal information made available by Google that directly or indirectly identifies an individual and that originated in the European Economic Area, United Kingdom, or Switzerland ("EU Personal Information"), then you must: Comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules; Access, use or process EU Personal Information only for purposes that are consistent with the consent obtained from the individual to whom the EU Personal Information relates; Implement appropriate organizational and technical measures to protect EU Personal Information against loss, misuse, and unauthorized or unlawful access, disclosure, alteration and destruction; and Provide the same level of protection as is required by the Data Privacy Framework Principles or the applicable transfer mechanism as described in the Google Controller-Controller Data Protection Terms.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

The new policy's Don't list makes clear that ignoring privacy laws is itself a Google Play policy violation, not just a legal risk. This means Google can take enforcement action — including app removal — based on privacy law non-compliance, independent of any regulatory action. Developers with European users should treat GDPR and equivalent laws as Play policy requirements.

Show full text

Added

Don't ignore privacy laws, as failing to comply with applicable laws is a policy violation.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

The Don't list explicitly prohibits accessing or processing personal data for unconsented purposes. This mirrors the GDPR's purpose limitation principle but now carries Google Play enforcement weight. Developers using EU user data for analytics, advertising, or other secondary uses must ensure each use case is covered by informed user consent.

Show full text

Added

Don't access or process personal data for any purpose that a user has not consented to.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesscriticalRestrictions for Personal and Sensitive…
Added

A new requirement explicitly states that apps designed for children must use SDKs that have been approved by Google Play. Previously, children's app SDK requirements may have been addressed elsewhere or less directly. Developers building apps for kids — or apps with mixed audiences — need to audit all third-party SDKs for Play approval status or risk rejection under this policy.

Show full text

Added

Apps for children must use approved SDKs.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesscriticalRestrictions for Personal and Sensitive…
Added

Apps that associate persistent identifiers (such as device IDs) with other user data are now explicitly limited to specific telephony or enterprise device management purposes. Developers must also provide clear disclosures to users when doing so. Any app outside these use cases that links persistent identifiers to additional data categories must rethink its data architecture to remain compliant and avoid rejection.

Show full text

Added

Apps that link persistent identifiers to other data must be for specific telephony or enterprise management purposes, with clear user disclosures.

privacy-policyPrivacy PolicycriticalPrivacy Policy
Added

This new rule explicitly requires that when a user requests account deletion, all associated user data must be fully deleted rather than the account being frozen, deactivated, or soft-deleted. This is a significant operational requirement: developers need to ensure their backend systems can perform genuine data deletion on request. Apps that only disable accounts without purging data will be non-compliant.

Show full text

Added

Importantly, you must delete all associated user data upon receiving an account deletion request, rather than merely freezing the account.

privacy-policyPrivacy PolicycriticalPrivacy Policy
Added

Google now explicitly prohibits retaining user data after account deletion. When a user deletes their account, all associated data must be permanently removed — not archived, anonymized in a reversible way, or retained beyond any legally required minimum period. Developers using backend databases, analytics platforms, or third-party services must ensure those systems also purge user data upon deletion requests.

Show full text

Added

Don't fail to permanently delete all user data upon account deletion.

privacy-policyPrivacy PolicycriticalPrivacy Policy
Added

Google has added an explicit requirement that account deletion results in the deletion of all data associated with that account, not just the account credentials themselves. This extends to profile data, usage history, content, and any data held by integrated third-party services. Developers should audit their entire data lifecycle to confirm that a deletion request propagates correctly to all storage systems and partners.

Show full text

Added

Upon account deletion, ensure all associated user data is deleted.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkscriticalEU-U.S., UK, and Swiss Data Privacy Fra…
Added

A new rule forbids developers from selling or transferring user data without first meeting all applicable legal and policy requirements under the EU-U.S., UK, and Swiss Data Privacy Frameworks. While data sale restrictions existed in other parts of Google's policies, this explicitly anchors the prohibition within the Data Privacy Framework context. Developers who share data with third parties, data brokers, or acquirers must verify full compliance before any such transaction. Non-compliance could result in app removal or account termination.

Show full text

Added

Don't sell or transfer user data without meeting all legal and policy requirements.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

Google Play has added an explicit prohibition on distributing content associated with predatory behavior, illegal themes, or bestiality. This formalizes and expands existing inappropriate content rules with specific named categories. Developers distributing any user-generated or curated content must ensure their moderation systems can detect and block these content types to avoid app removal.

Show full text

Added

Don't distribute content associated with predatory behavior, illegal themes, or bestiality.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

Google Play now restricts the distribution of sexual content to apps that function as book or video catalog apps. Apps in other categories — such as games, utilities, or social apps — are no longer permitted to distribute sexual content regardless of age gating or other controls. Developers outside the book/video catalog category must remove any sexual content to remain compliant.

Show full text

Added

Distribute sexual content only within a book/video catalog app.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

Google Play now explicitly bans apps from promoting services that could be interpreted as soliciting sexual acts or that involve non-consensual sexual content. This affects apps in dating, social, or adult entertainment categories that may feature ambiguous promotional language or services. Developers should carefully review any service descriptions, calls-to-action, or in-app promotions to eliminate any such interpretations.

Show full text

Added

Don't promote services interpreted as soliciting sexual acts or non-consensual sexual content.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

Google has added a formal policy statement explicitly prohibiting apps that promote violence or incite hatred against individuals or groups based on a broad list of protected characteristics, including race, religion, gender identity, caste, immigration status, and more. Previously this prohibition may have existed implicitly or in less structured form; it is now codified with a specific enumerated list. Developers must audit all app content — including user-generated content — to ensure nothing targets any of these groups. Violations can result in app removal or account termination.

Show full text

Added

Full Policy We don't allow apps that promote violence, or incite hatred against individuals or groups based on race or ethnic origin, religion, disability, age, nationality, veteran status, sexual orientation, gender, gender identity, caste, immigration status, or any other characteristic that is associated with systemic discrimination or marginalization.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

This addition explicitly states that apps inciting hatred or violence against individuals or groups are not permitted on Google Play. While this aligns with longstanding platform values, its formal addition as a written rule means it is now an enforceable, citable policy. Developers building news, social, forum, or community apps must ensure their content moderation systems prevent such material from appearing in their apps.

Show full text

Added

Don't publish apps that incite hatred or violence against individuals or groups.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new Violence Policy Summary section has been added, stating that apps containing gratuitous violence or dangerous activities are prohibited. While violence-related restrictions have existed in spirit, this formal policy addition creates a clear, citable rule. Developers of gaming, action, stunt, or extreme sports apps should review their content to ensure any violent elements serve a narrative or gameplay purpose rather than being purely gratuitous. This could affect app ratings, distribution, or approval.

Show full text

Added

Violence Policy Summary Apps that contain gratuitous violence or dangerous activities are prohibited.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new Violent Extremism policy summary has been introduced, explicitly prohibiting apps from dangerous organizations and apps that promote or glorify violent extremism. This is a newly surfaced, formally named policy section. Any app with content touching on extremist groups, movements, or ideologies — even for awareness purposes — must ensure it does not cross into promotion or glorification.

Show full text

Added

Violent Extremism Policy Summary We don't allow apps from dangerous organizations or those with content that promote or glorifies violent extremism.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

The full policy now explicitly states that terrorist organizations, and other dangerous organizations or movements involved in or claiming responsibility for violence against civilians, are prohibited from publishing on Google Play for any purpose — including recruitment. This is a comprehensive ban with no permitted use cases for such entities. Developers building apps on behalf of organizations should verify those organizations are not designated as dangerous.

Show full text

Added

Full Policy We do not permit terrorist organizations, or other dangerous organizations or movements that have engaged in, prepared for, or claimed responsibility for acts of violence against civilians to publish apps on Google Play for any purpose, including recruitment.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

As part of the new Key Considerations section, a clear 'Don't' directive has been added stating that developers must not publish apps from terrorist or other dangerous organizations. This reinforces the full policy statement and makes the prohibition prominent in developer-facing guidance. Developers acting as agencies or contractors should vet their clients against this requirement.

Show full text

Added

Don't publish apps from terrorist or other dangerous organizations.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new Bullying and Harassment Policy has been added, explicitly prohibiting apps from containing or facilitating harassment, exploitation, or bullying of any kind. Previously this policy section may not have been formally labeled or summarized in this location. Any app with social, messaging, community, or user interaction features must ensure it does not enable or host harassing behavior, and should have appropriate moderation or reporting mechanisms.

Show full text

Added

Bullying and Harassment Policy Summary You must not create apps containing or facilitating harassment, exploitation or bullying of any kind.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

The full policy text has been added stating that Google does not allow apps that contain or facilitate threats, harassment, or bullying. This formalizes and expands on the summary policy at index 56 by explicitly including 'threats' as a prohibited category alongside harassment and bullying. Developers of any platform with user communication or content-sharing features must ensure their app cannot be used to threaten or harass individuals.

Show full text

Added

Full Policy We don't allow apps that contain or facilitate threats, harassment, or bullying.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new Dangerous Products Policy has been introduced that explicitly prohibits the sale of explosives, firearms, ammunition, and certain firearms accessories through apps on the platform. This is a newly formalized written policy in this section. Developers of e-commerce, marketplace, or retail apps that deal in any of these product categories must remove such transaction capabilities or risk rejection and removal from the Play Store.

Show full text

Added

Dangerous Products Policy Summary The sale of explosives, firearms, ammunition or certain firearms accessories through your app is forbidden.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new dedicated Marijuana Policy section has been added, stating that apps facilitating the sale of marijuana or marijuana-derived products are not permitted on Google Play regardless of whether such sales are legal in the user's jurisdiction. This is a significant policy clarification that overrides regional legality considerations. Developers in cannabis-legal markets who have built or are planning dispensary, delivery, or cannabis commerce apps must remove or not implement any transactional sale functionality.

Show full text

Added

Marijuana Policy Summary Apps that facilitate the sale of marijuana or its products are not allowed irrespective of legality.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

Building on the new Marijuana Policy, Google has added a specific prohibition against apps that allow users to place marijuana orders through an in-app shopping cart or similar e-commerce mechanism. This closes a potential ambiguity about whether transactional features (as opposed to informational content) were covered. Developers with cannabis-adjacent apps — including dispensary locators or menus — must ensure no ordering or cart functionality is integrated.

Show full text

Added

You must not allow users to order marijuana through an in-app shopping cart feature.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

Previously, marijuana sale facilitation rules may not have been stated this directly in this section. Google now explicitly states that no app facilitating the sale of marijuana or marijuana products is allowed, regardless of whether it is legal in the user's jurisdiction. This is a blanket prohibition — even apps operating in fully legal markets are not permitted, making this a significant rejection risk for any cannabis commerce app.

Show full text

Added

Full Policy We don't allow apps that facilitate the sale of marijuana or marijuana products, regardless of legality.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

Google has added a new policy summary explicitly prohibiting apps that facilitate the sale of tobacco or nicotine-containing products — including e-cigarettes, vape pens, and nicotine pouches — and apps that encourage illegal or inappropriate use of alcohol, tobacco, or nicotine. This is a new, clearly articulated prohibition in this section. Developers building any app with tobacco, nicotine, or alcohol commerce or promotional features need to review their app against this rule immediately.

Show full text

Added

Tobacco and Alcohol Policy Summary Apps that facilitate the sale of tobacco or products containing nicotine (such as e-cigarettes, vape pens and nicotine pouches) OR encourage the illegal or inappropriate use of alcohol, tobacco, or nicotine are not allowed.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

The full policy text now explicitly prohibits apps that facilitate the sale of tobacco or nicotine products (e-cigarettes, vape pens, nicotine pouches) or that encourage the illegal or inappropriate use of alcohol, tobacco, or nicotine. This formalizes what was previously less explicit guidance into a clear, enforceable rule. Any app with tobacco/nicotine e-commerce functionality or that promotes these substances inappropriately faces rejection.

Show full text

Added

Full Policy We don't allow apps that facilitate the sale of tobacco or products containing nicotine (such as e-cigarettes, vape pens and nicotine pouches) or encourage the illegal or inappropriate use of alcohol, tobacco, or nicotine.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new 'Don't' rule explicitly forbids apps from facilitating the sale of tobacco, e-cigarettes, or nicotine pouches. This is a direct, actionable prohibition that closes any ambiguity about whether nicotine product sales apps are allowed. Developers of vape shops, tobacco retailers, or nicotine product marketplaces must not enable purchase flows for these items.

Show full text

Added

Don't facilitate the sale of tobacco, e-cigarettes, or nicotine pouches.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

The full policy text now formally states that apps containing or promoting sexual content, profanity, pornography, or any content or services intended to be sexually gratifying are not permitted on Google Play. This represents the canonical policy statement and covers both content within the app and services the app provides. Developers should treat this as the definitive compliance standard against which their app will be evaluated.

Show full text

Added

Full Policy We don't allow apps that contain or promote sexual content or profanity, including pornography, or any content or services intended to be sexually gratifying.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

Google Play has added an explicit prohibition on distributing content associated with predatory behavior, illegal themes, or bestiality. While some of these topics may have been covered under broader existing policies, this new rule names them directly, removing any ambiguity. Developers distributing user-generated or third-party content should ensure their moderation systems flag and remove such material, as violations could result in app removal.

Show full text

Added

Don't distribute content associated with predatory behavior, illegal themes, or bestiality.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

A new rule prohibits apps from promoting services that could be construed as soliciting sexual acts or facilitating non-consensual sexual content. This targets apps that may not explicitly offer such services but whose promotional language or features imply them. Developers of social, dating, or content apps should audit their in-app messaging, calls-to-action, and third-party ad content to ensure nothing could be interpreted this way.

Show full text

Added

Don't promote services interpreted as soliciting sexual acts or non-consensual sexual content.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

The full Hate Speech Policy has been added, explicitly listing protected characteristics including race, ethnicity, religion, disability, age, nationality, veteran status, sexual orientation, gender, gender identity, caste, and immigration status, among others. Apps that promote violence or incite hatred against individuals or groups based on any of these attributes are prohibited. Developers of news, social, debate, or user-generated content apps should review their content moderation and app content against this comprehensive list.

Show full text

Added

Full Policy We don't allow apps that promote violence, or incite hatred against individuals or groups based on race or ethnic origin, religion, disability, age, nationality, veteran status, sexual orientation, gender, gender identity, caste, immigration status, or any other characteristic that is associated with systemic discrimination or marginalization.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

A new Violent Extremism policy summary has been introduced, explicitly stating that apps from dangerous organizations, or apps that promote or glorify violent extremism, are not permitted on Google Play. This formalizes and surfaces the policy in a summary format, making it more visible to developers. Any app associated with or publishing content favorable to violent extremist groups or movements is at significant risk of rejection.

Show full text

Added

Violent Extremism Policy Summary We don't allow apps from dangerous organizations or those with content that promote or glorifies violent extremism.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

The full policy text now explicitly states that terrorist organizations and other dangerous organizations or movements involved in violence against civilians cannot publish apps on Google Play for any purpose — including recruitment. This closes any ambiguity about whether such organizations could publish ostensibly neutral apps. Developers who manage app portfolios or publish on behalf of third parties should verify that no associated entity falls into this category.

Show full text

Added

Full Policy We do not permit terrorist organizations, or other dangerous organizations or movements that have engaged in, prepared for, or claimed responsibility for acts of violence against civilians to publish apps on Google Play for any purpose, including recruitment.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

The policy now includes an explicit 'Don't' rule prohibiting the publication of apps from terrorist or other dangerous organizations. While this aligns with the broader policy intent already stated, its addition as a discrete, enumerated rule increases its enforceability and visibility. Developers and platform operators who publish apps on behalf of other entities should perform due diligence to ensure those entities are not classified as dangerous organizations.

Show full text

Added

Don't publish apps from terrorist or other dangerous organizations.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

Google has added a named Bullying and Harassment Policy with an explicit summary stating that apps must not contain or facilitate harassment, exploitation, or bullying of any kind. Previously, anti-harassment expectations may have been covered under general conduct policies without this explicit framing. Any app with social, messaging, or community features must ensure it cannot be used as a vehicle for bullying or exploitation. This formal policy introduction signals stricter enforcement in this area.

Show full text

Added

Bullying and Harassment Policy Summary You must not create apps containing or facilitating harassment, exploitation or bullying of any kind.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

The full Bullying and Harassment Policy statement has been added, making clear that apps containing or facilitating threats, harassment, or bullying will not be allowed on Google Play. This is the enforceable policy text that backs up the summary introduced in index 135. Developers of social, gaming, communication, and community apps face the highest risk of violations. Robust content moderation, reporting mechanisms, and clear community standards are now essential compliance measures.

Show full text

Added

Full Policy We don't allow apps that contain or facilitate threats, harassment, or bullying.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

A new Dangerous Products Policy has been formally introduced, with a summary explicitly forbidding the sale of explosives, firearms, ammunition, and certain firearms accessories through apps on Google Play. This formalizes and names a policy area that may have previously been addressed less explicitly. Developers running e-commerce, marketplace, or classifieds apps must ensure none of these product categories are transactable within their app. Violations in this category are likely to result in immediate removal.

Show full text

Added

Dangerous Products Policy Summary The sale of explosives, firearms, ammunition or certain firearms accessories through your app is forbidden.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

This addition reinforces the Dangerous Products Policy by adding an explicit prohibition against providing services related to the sale of the dangerous items listed in index 138. It extends the rule beyond just listing products to covering the facilitation of transactions or services around those products. Developers building any kind of marketplace, peer-to-peer platform, or service-listing app should ensure dangerous product categories are fully blocked. This is a direct enforcement-ready rule, not just guidance.

Show full text

Added

You must not provide these services.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

Google has added a clear, top-level policy statement prohibiting apps that facilitate the sale of explosives, firearms, ammunition, or certain firearms accessories. While this policy direction existed previously, the explicit codification in this section makes the scope and intent unambiguous. Developers with any commerce, marketplace, or classified-ad features touching these categories must ensure their apps cannot be used to transact these items.

Show full text

Added

Full Policy We don't allow apps that facilitate the sale of explosives, firearms, ammunition, or certain firearms accessories.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

Google has added a direct 'Don't' directive prohibiting developers from publishing apps that facilitate the sale of explosives, firearms, or ammunition. This formalises the prohibition as an actionable checklist item tied to app review. Any app that includes buying, selling, or brokering functionality for these items — even as a secondary feature — is at risk of removal.

Show full text

Added

Don't publish an app that facilitates the sale of explosives, firearms, or ammunition.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

A new Marijuana Policy summary section has been added, making clear that apps facilitating the sale of marijuana or marijuana products are prohibited on Google Play regardless of whether such sales are legal in the user's jurisdiction. Previously this may have been inferred from broader controlled substances policy. Developers of dispensary apps, cannabis delivery services, or any app with marijuana commerce features must remove transactional capabilities to remain compliant.

Show full text

Added

Marijuana Policy Summary Apps that facilitate the sale of marijuana or its products are not allowed irrespective of legality.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

Google has added a specific prohibition on apps that allow users to place marijuana orders through an in-app shopping cart or similar transactional flow. This targets the mechanism of sale directly, meaning even apps that don't process payment themselves but enable order placement are in scope. Developers must remove cart, order, or checkout flows tied to marijuana products, even if the actual payment occurs off-platform.

Show full text

Added

You must not allow users to order marijuana through an in-app shopping cart feature.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

Google has added a clear, standalone policy stating that apps facilitating the sale of marijuana or marijuana products are not allowed on the Play Store, with no exceptions for jurisdictions where it is legal. Previously this may have been ambiguous or handled case-by-case. Developers running cannabis marketplaces, delivery apps, or any transactional marijuana-related app must remove that functionality or risk rejection and removal.

Show full text

Added

Full Policy We don't allow apps that facilitate the sale of marijuana or marijuana products, regardless of legality.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

The full policy text now clearly states that apps facilitating the sale of tobacco or nicotine products (e-cigarettes, vape pens, nicotine pouches) or encouraging illegal or inappropriate use of alcohol, tobacco, or nicotine are not permitted. This codifies and expands on prior guidance with specific product examples. Any app with a transactional flow for these products, or content that normalizes misuse, is at risk of rejection.

Show full text

Added

Full Policy We don't allow apps that facilitate the sale of tobacco or products containing nicotine (such as e-cigarettes, vape pens and nicotine pouches) or encourage the illegal or inappropriate use of alcohol, tobacco, or nicotine.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

A new 'Don't' rule explicitly forbids apps from facilitating the sale of tobacco, e-cigarettes, or nicotine pouches. This goes beyond general language by naming specific product types, making it clear that dedicated sales flows for these products are not allowed. Developers of vape shops, tobacco marketplaces, or nicotine product apps must remove transactional features to avoid rejection.

Show full text

Added

Don't facilitate the sale of tobacco, e-cigarettes, or nicotine pouches.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This newly added rule directly bans the sale of personal and sensitive user data. While related restrictions existed in spirit across prior policies, this is now an explicit, standalone prohibition. Developers or businesses whose monetization model involves selling user data to third parties must fundamentally change that practice or face policy enforcement including removal from the Play Store.

Show full text

Added

Don't sell personal and sensitive user data.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This is a newly added, explicit top-level prohibition against violating child safety policies. While child safety rules existed in more detailed sub-policies before, elevating this to a standalone directive signals stronger enforcement intent. All developers — not just those targeting children — should review child safety requirements to ensure their apps cannot be used in ways that harm minors.

Show full text

Added

Don't violate child safety policies.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This newly added rule explicitly requires apps designed for children to comply with the Google Play Families policy, which carries its own strict data handling requirements. Previously these requirements existed in the Families policy itself; surfacing them here broadens their visibility and enforcement surface. Developers of any app that could be used by or marketed to children must review Families policy compliance or risk rejection.

Show full text

Added

If your app is for children, you must comply with the Google Play Families policy, which includes specific rules for handling user data.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google has introduced a policy summary section specifically addressing the collection or use of sensitive personal or device data in ways users might not anticipate, such as background data collection. This formalizes and highlights existing consent and disclosure obligations under a named policy section. Developers whose apps collect data outside of direct user interaction should pay close attention, as this signals stricter enforcement. This is a structural and substantive addition to the policy, not merely a rewording.

Show full text

Added

Prominent Disclosure & Consent Requirement Policy Summary Google Play policy mandates stringent requirements for handling sensitive personal or device data, particularly when its collection or use might not be expected by the user (e.g., background data collection).

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google now explicitly requires that developers provide a prominent, accessible, and descriptive disclosure inside the app — covering what data is accessed, collected, used, and shared — before requesting any permissions or obtaining user consent. This must happen proactively, not buried in a privacy policy. Apps that jump straight to permission prompts without a contextual disclosure screen will be non-compliant. Developers should audit their permission request flows to insert appropriate disclosure steps.

Show full text

Added

You must provide prominent, accessible, and descriptive in-app disclosure detailing data access, collection, use, and sharing before requesting any permissions or obtaining consent.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

After providing the required prominent disclosure, developers must now collect explicit, affirmative consent from users via a clear and separate user action — passive acceptance or pre-checked boxes are not sufficient. This ensures users are making an informed, active choice before data collection begins. Developers relying on implied consent or consent bundled with other actions (e.g., agreeing to terms of service) will need to redesign their consent flows. Non-compliance could result in rejection or removal from Google Play.

Show full text

Added

Following disclosure, you are required to obtain clear user consent through a distinct, affirmative user action, ensuring informed user choice.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google has published the full policy text requiring prominent in-app disclosure whenever data access, collection, use, or sharing may not align with what a reasonable user would expect — including background data collection scenarios. The disclosure must occur within the app, not just in external documentation. This is the authoritative policy language developers and compliance teams should reference when evaluating their data practices. Apps with any background or non-obvious data collection must implement compliant disclosure before their next update submission.

Show full text

Added

Full Policy In cases where your app's access, collection, use, or sharing of personal and sensitive user data may not be within the reasonable expectation of the user of the product or feature in question (for example, if data collection occurs in the background when the user is not engaging with your app), you must meet the following requirements: Prominent disclosure: You must provide an in-app disclosure of your data access, collection, use, and sharing.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

A new policy summary section has been introduced that specifically targets apps accessing financial data, contact data, or persistent identifiers, signaling that these data categories are subject to stricter handling rules on Google Play. While the full details of these restrictions are not included in this excerpt, the creation of a named policy section indicates formal, enforceable requirements are attached. Developers building apps in fintech, communication, or any domain using advertising or device identifiers should review the full policy text for compliance obligations. This is a substantive policy addition that could affect app approval.

Show full text

Added

Restrictions for Personal and Sensitive Data Access Policy Summary Google Play enforces specific restrictions on apps that handle financial, contact, or persistent identifier data.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google has introduced a formal requirement that child-directed apps must use SDKs that have been approved for use in apps targeting children. Previously, SDK choice may have been evaluated less prescriptively. Developers of apps in the Families program or otherwise directed at children must audit every third-party SDK they integrate and confirm it holds the appropriate approval. Using a non-approved SDK in a child-directed app is now grounds for rejection.

Show full text

Added

Apps for children must use approved SDKs.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google now explicitly restricts the practice of associating persistent identifiers (such as hardware IDs or IMEIs) with other user or device data to narrow legitimate use cases: telephony functions and enterprise device management. Apps outside these categories that currently link persistent identifiers to behavioral, personal, or ad-related data will need to restructure their data practices. Clear user disclosure is also required where this linking is permitted, adding a transparency obligation.

Show full text

Added

Apps that link persistent identifiers to other data must be for specific telephony or enterprise management purposes, with clear user disclosures.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This entry restates the child SDK requirement from index 42 as an explicit action item within the Key Considerations table. The dual placement — as both a standalone rule and a table directive — reinforces that this is a hard requirement, not a recommendation. Developers must verify each SDK in a child-directed app against Google's approved SDK list before submission. Unapproved SDKs in Families-eligible apps are a clear rejection risk.

Show full text

Added

Ensure any SDKs used in child-directed apps are approved for that purpose.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google is adding an explicit prohibition on using unapproved SDKs in apps designed for or targeting children. This builds on existing Families Policy requirements and clarifies that third-party SDKs integrated into children's apps must be on Google's approved list. Developers with apps in children's categories must audit all integrated SDKs and remove any that are not approved, or risk rejection.

Show full text

Added

Don't use unapproved SDKs for children's apps.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This entry reiterates and formalizes the prohibition on unapproved SDKs in children's apps as a standalone policy statement. It reinforces index 55 and makes this a clearly stated, independently enforceable rule rather than an implied restriction. Developers should treat this as a firm rejection criterion: any unapproved SDK in a children's-targeted app is a policy violation.

Show full text

Added

Do not include unapproved SDKs in apps targeting children.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This is a new policy section establishing that Google Play requires complete transparency about what user data an app collects and how it is used. There was no prior formal Data Safety section requirement of this scope. All developers are now on notice that opacity around data collection is a policy violation. This sets the foundation for the more specific obligations described in subsequent policy items.

Show full text

Added

Data safety section Policy Summary Google Play requires full transparency about the user data your app collects and how it's used.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

The full policy language formally states that every developer must provide a clear and accurate Data Safety section for each app, covering collection, use, and sharing of user data. This is the binding policy text (as opposed to the summary) and applies universally to all apps on Google Play. Developers with multiple apps must ensure each one has its own complete and accurate disclosure — there is no blanket or inherited exemption.

Show full text

Added

Full Policy All developers must complete a clear and accurate Data safety section for every app detailing collection, use, and sharing of user data.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

A new rule directly bans any attempt to obscure or conceal data collection and usage practices from users. While deceptive practices have generally been prohibited, this addition makes hiding data practices an explicit, named violation. Developers using obfuscation, vague language, or buried disclosures to downplay data collection should revise their approach, as this now constitutes a clear grounds for rejection or removal.

Show full text

Added

Don't attempt to hide data collection or usage from users.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google now mandates that any app supporting account creation must offer a clear and easily accessible mechanism for users to delete their accounts. This formalizes a requirement that many developers may not have fully implemented. Apps lacking a dedicated, user-facing deletion option risk rejection or removal from Google Play.

Show full text

Added

Implement a clear, accessible process for user account deletion.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Apps are now explicitly prohibited from retaining user data after an account deletion request is fulfilled. Previously, data retention practices post-deletion were less clearly governed in this policy section. Developers need to ensure their backend systems and third-party services actually purge all associated user data upon deletion, not just deactivate the account.

Show full text

Added

Don't fail to permanently delete all user data upon account deletion.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This requirement reinforces that deleting an account must trigger the removal of all data associated with that user across the app and its services. Developers should map all data stores — including third-party integrations, analytics, and backups — to ensure complete data removal is achievable. Failure to fully delete user data upon account deletion is now a policy violation.

Show full text

Added

Upon account deletion, ensure all associated user data is deleted.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

Google has introduced a named Account Deletion Requirement Policy, formally codifying that any app allowing users to create accounts must also provide a clear option to delete them. This is a significant policy addition that consolidates several related requirements into an explicit, enforceable standard. Apps that support account creation but lack a deletion mechanism are now at risk of rejection or removal from the Play Store.

Show full text

Added

Account Deletion Requirement Policy Summary To comply with Google Play policy and respect user data control, apps that allow account creation must provide a clear option for account deletion.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This is a newly added policy section with no prior equivalent in the Developer Program Policy. Apps that handle personal data from users in the EEA, UK, or Switzerland must now explicitly comply with applicable privacy and data protection laws under this framework. Developers targeting these regions need to review whether their data practices meet GDPR and equivalent standards. Non-compliance is treated as a policy violation, making this directly relevant to app eligibility on Google Play.

Show full text

Added

EU-U.S., UK, and Swiss Data Privacy Frameworks Policy Summary If your app handles personal data from users in the European Economic Area, UK, or Switzerland, you must comply with their privacy and data protection laws.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This is the core full-policy text of the newly added EU-U.S., UK, and Swiss Data Privacy Frameworks section. It defines 'EU Personal Information' as any personal data originating from the EEA, UK, or Switzerland that Google makes available to developers, and sets binding obligations around lawful processing and consent. Developers who access such data through Google APIs or services must ensure their usage aligns with the user consent obtained and applicable laws. This is a substantive new enforceable requirement with potential rejection consequences.

Show full text

Added

Full Policy If you access, use, or process personal information made available by Google that directly or indirectly identifies an individual and that originated in the European Economic Area, United Kingdom, or Switzerland ("EU Personal Information"), then you must: Comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules; Access, use or process EU Personal Information only for purposes that are consistent with the consent obtained from the individual to whom the EU Personal Information relates; Implement appropriate organizational and technical measures to protect EU Personal Information against loss, misuse, and unauthorized or unlawful access, disclosure, alteration and destruction; and Provide the same level of protection as is required by the Data Privacy Framework Principles or the applicable transfer mechanism as described in the Google Controller-Controller Data Protection Terms.

developer-program-policyDeveloper Program PolicycriticalDeveloper Program Policy
Added

This addition makes it unambiguous that non-compliance with applicable privacy laws (e.g., GDPR) is itself a violation of Google's Developer Program Policy, not merely a legal risk. Previously, privacy law compliance was a legal matter separate from Play Store policy enforcement. Now, developers can face app rejection or removal on policy grounds for legal non-compliance. This is a significant enforcement escalation for any developer handling EEA, UK, or Swiss user data.

Show full text

Added

Don't ignore privacy laws, as failing to comply with applicable laws is a policy violation.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesscriticalRestrictions for Personal and Sensitive…
Added

A new requirement has been added stating that apps designed for children must use SDKs approved by Google Play. This likely ties into the Families Policy and the Play SDK console approval process. Developers of kids' apps need to audit all third-party SDKs in their app and replace any that are not on Google Play's approved list, or risk non-compliance and potential removal.

Show full text

Added

Apps for children must use approved SDKs.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesscriticalRestrictions for Personal and Sensitive…
Added

A new rule specifies that apps may only link persistent identifiers (such as device IDs) to other personal data for specific purposes: telephony functions or enterprise device management. Any such linking must also be accompanied by clear user disclosures. Developers using persistent identifiers for analytics, advertising, or other purposes outside these categories need to reassess their data practices.

Show full text

Added

Apps that link persistent identifiers to other data must be for specific telephony or enterprise management purposes, with clear user disclosures.

privacy-policyPrivacy PolicycriticalPrivacy Policy
Added

Google now explicitly requires that when a user requests account deletion, apps must delete all associated user data rather than simply deactivating or freezing the account. This is a new and specific requirement that raises the bar beyond what many developers may currently implement. Developers need to ensure their backend systems are capable of fully purging user data upon request, and that this behavior is documented. Non-compliance could result in app rejection or removal.

Show full text

Added

Importantly, you must delete all associated user data upon receiving an account deletion request, rather than merely freezing the account.

privacy-policyPrivacy PolicycriticalPrivacy Policy
Added

Google now explicitly requires that when a user deletes their account, all associated data must be permanently deleted. Retaining data beyond what is legally required or previously disclosed is a violation. Developers should audit their backend data retention practices and ensure deletion requests propagate to all storage systems and third-party processors.

Show full text

Added

Don't fail to permanently delete all user data upon account deletion.

privacy-policyPrivacy PolicycriticalPrivacy Policy
Added

This requirement reinforces index 188, explicitly stating that account deletion must result in deletion of all data associated with that user. This applies to data held by the app, its backend, and potentially third-party services the app shares data with. Developers need to ensure their deletion pipeline is comprehensive and verifiable.

Show full text

Added

Upon account deletion, ensure all associated user data is deleted.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkscriticalEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google explicitly prohibits developers from selling or transferring user data unless every applicable legal and policy requirement is met. This targets data monetization and third-party sharing practices that may not have a compliant legal basis. Developers who share user data with advertisers, data brokers, analytics providers, or acquire/merge with other companies must ensure full compliance before any such transfer occurs, or risk violating this policy.

Show full text

Added

Don't sell or transfer user data without meeting all legal and policy requirements.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

This new rule specifically calls out three categories that are now explicitly prohibited: content associated with predatory behavior, illegal themes, or bestiality. While some of these may have been covered under prior policies, naming them explicitly signals stricter enforcement. Developers distributing any user-generated or catalog content should ensure moderation systems catch and block these categories.

Show full text

Added

Don't distribute content associated with predatory behavior, illegal themes, or bestiality.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

Google Play now limits permissible sexual content distribution to a specific app type: book or video catalog apps. Apps of other types — games, utilities, social platforms, etc. — cannot distribute sexual content under any circumstances. Developers outside the book/video catalog category who include any sexual content must remove it to avoid rejection.

Show full text

Added

Distribute sexual content only within a book/video catalog app.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

Apps must not promote any services that could be interpreted as soliciting sexual acts, nor distribute or promote non-consensual sexual content. This new explicit rule targets apps that facilitate escort-type services, certain adult classified ads, or content depicting non-consensual scenarios. Developers in dating, social, or classifieds categories should review their content and service descriptions carefully.

Show full text

Added

Don't promote services interpreted as soliciting sexual acts or non-consensual sexual content.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

Google has formally added a full hate speech and violence policy to its Inappropriate Content section. Apps may not promote violence or incite hatred against individuals or groups based on a broad list of characteristics including race, religion, gender identity, caste, immigration status, and more. This is a codified rejection category — apps containing such content are at direct risk of removal or rejection.

Show full text

Added

Full Policy We don't allow apps that promote violence, or incite hatred against individuals or groups based on race or ethnic origin, religion, disability, age, nationality, veteran status, sexual orientation, gender, gender identity, caste, immigration status, or any other characteristic that is associated with systemic discrimination or marginalization.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new explicit 'Don't' rule prohibits publishing apps that incite hatred or violence against individuals or groups. While this aligns with general platform norms, its formal addition to the policy as a named violation makes it an actionable rejection criterion. Developers with user-generated content or community features should pay particular attention.

Show full text

Added

Don't publish apps that incite hatred or violence against individuals or groups.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new Violence Policy summary section has been added, stating that apps containing gratuitous violence or depictions of dangerous activities are prohibited. This formalizes violence as a distinct rejection category within the Inappropriate Content section. Developers of games, action, or extreme sports apps should review content to ensure violence is not presented gratuitously or framed as instructional for dangerous real-world acts.

Show full text

Added

Violence Policy Summary Apps that contain gratuitous violence or dangerous activities are prohibited.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new Violent Extremism policy summary has been introduced stating that Google does not allow apps from dangerous organizations or apps whose content promotes or glorifies violent extremism. This is a newly surfaced policy section that makes the rule more discoverable and enforceable. Any app with content that could be interpreted as glorifying or promoting violent extremism is at risk of removal, even if not created by a formally designated organization.

Show full text

Added

Violent Extremism Policy Summary We don't allow apps from dangerous organizations or those with content that promote or glorifies violent extremism.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

The full policy text now explicitly states that terrorist organizations and other dangerous organizations or movements that have engaged in, prepared for, or claimed responsibility for violence against civilians are prohibited from publishing apps on Google Play for any purpose, including recruitment. This is a newly surfaced full-policy statement that formalizes a broad ban. Developers should ensure their organization or any affiliated entity cannot be classified under these categories.

Show full text

Added

Full Policy We do not permit terrorist organizations, or other dangerous organizations or movements that have engaged in, prepared for, or claimed responsibility for acts of violence against civilians to publish apps on Google Play for any purpose, including recruitment.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A specific 'Don't' directive has been added stating that developers must not publish apps from terrorist or other dangerous organizations. This reinforces and makes more prominent the broader ban introduced in the full policy statement. Developers who build or distribute apps on behalf of third-party organizations should verify those organizations are not designated as terrorist or dangerous entities.

Show full text

Added

Don't publish apps from terrorist or other dangerous organizations.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new compliance requirement states that developers must ensure their app and all of its content do not belong to or promote a terrorist or dangerous organization. This extends accountability beyond the app's origin to its content, meaning even third-party or user-generated content that promotes such organizations could trigger a violation. Developers should implement content moderation policies accordingly.

Show full text

Added

Ensure your app and its content do not belong to or promote a terrorist or dangerous organization.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

Google has added an explicit ban on using apps as recruitment tools for dangerous organizations. This is a new named prohibition that goes beyond general violence policies. Developers building community, messaging, or social apps should ensure their platforms cannot be used for such recruitment, as this could constitute a rejection-level violation.

Show full text

Added

Don't use your app for recruitment into dangerous organizations.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

Google has introduced a formal Bullying and Harassment Policy, explicitly prohibiting apps that contain or facilitate harassment, exploitation, or bullying in any form. This is a new named policy section, not just a guideline tweak. Developers of social, messaging, gaming, or community apps need to ensure their platforms have adequate safeguards against these behaviors.

Show full text

Added

Bullying and Harassment Policy Summary You must not create apps containing or facilitating harassment, exploitation or bullying of any kind.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

The full policy text has been added, confirming that apps containing or facilitating threats, harassment, or bullying are not allowed on Google Play. This formalizes what may have been implied before into an explicit, enforceable policy. Any app that enables direct user-to-user communication should review its moderation and reporting capabilities against this standard.

Show full text

Added

Full Policy We don't allow apps that contain or facilitate threats, harassment, or bullying.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

Google has introduced a formal Dangerous Products Policy that explicitly bans the sale of explosives, firearms, ammunition, and certain firearm accessories through apps on the Play Store. This is a new named policy and a clear rejection category for any app facilitating such transactions. Developers running e-commerce, marketplace, or classified-ad apps must ensure these product categories are excluded from their platforms.

Show full text

Added

Dangerous Products Policy Summary The sale of explosives, firearms, ammunition or certain firearms accessories through your app is forbidden.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

This addition introduces a full policy statement explicitly prohibiting apps that facilitate the sale of explosives, firearms, ammunition, or certain firearms accessories. While similar rules have existed in spirit, this formal policy entry makes the prohibition explicit and enforceable. Any app that enables browsing, purchasing, or transacting in these categories is at risk of rejection or removal.

Show full text

Added

Full Policy We don't allow apps that facilitate the sale of explosives, firearms, ammunition, or certain firearms accessories.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new 'Don't' rule has been added stating that developers must not publish apps facilitating the sale of explosives, firearms, or ammunition. This moves what may have previously been implied policy into a concrete, listed prohibition. Apps that include any purchase flow, marketplace listing, or order facilitation for these items are now explicitly in violation and subject to removal.

Show full text

Added

Don't publish an app that facilitates the sale of explosives, firearms, or ammunition.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new rule explicitly requires that apps must not include instructions on converting firearms to automatic firing capabilities. This is a new, specific prohibition targeting how-to content, not just sales facilitation. Developers with any user-generated content, forums, guides, or instructional material related to firearms should audit and remove any such conversion instructions to avoid rejection.

Show full text

Added

Remove any instructions on converting firearms to automatic firing capabilities.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new 'Don't' rule prohibits apps from facilitating the sale of accessories that simulate or enable automatic fire — such as bump stocks or similar devices. This extends the firearms accessory prohibition to a specific, clearly defined subcategory. Apps in the firearms retail or accessories space must ensure no such products are listable or purchasable through their platform.

Show full text

Added

Don't allow the sale of firearm accessories that simulate or enable automatic fire.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new prohibition has been added barring apps from including instructions for creating weapons or restricted firearm accessories. This goes beyond sales facilitation to cover instructional or DIY content. Developers running content platforms, forums, or educational apps that could host such material need to implement moderation or content policies to prevent violations.

Show full text

Added

Don't include instructions for creating weapons or restricted firearm accessories.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new dedicated Marijuana Policy section has been introduced, stating that apps facilitating the sale of marijuana or its products are not allowed on Google Play regardless of whether such sales are legal in the user's jurisdiction. This is a significant policy addition for developers in cannabis-legal markets who may have assumed compliance was region-dependent. Any app with a marijuana sales or ordering feature must remove it to remain on the platform.

Show full text

Added

Marijuana Policy Summary Apps that facilitate the sale of marijuana or its products are not allowed irrespective of legality.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

Building on the new Marijuana Policy, this addition specifically calls out in-app shopping cart or ordering features as a prohibited mechanism for marijuana sales. This level of specificity means even indirect facilitation — such as a cart or checkout flow that happens to include cannabis products — is a violation. Developers of delivery, retail, or dispensary apps must remove any such transactional functionality.

Show full text

Added

You must not allow users to order marijuana through an in-app shopping cart feature.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

Google has added a formal full-policy statement making clear that apps facilitating marijuana or marijuana product sales are not allowed on the Play Store, regardless of whether such sales are legal in the user's jurisdiction. Previously this may not have been stated this explicitly in the policy text. Developers building cannabis commerce, delivery, or marketplace apps must remove sale-facilitation features or risk rejection.

Show full text

Added

Full Policy We don't allow apps that facilitate the sale of marijuana or marijuana products, regardless of legality.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

A new summary section has been added covering tobacco and alcohol policy. Apps that facilitate the sale of tobacco or nicotine-containing products — including e-cigarettes, vape pens, and nicotine pouches — are prohibited. Apps that encourage illegal or inappropriate use of alcohol, tobacco, or nicotine are also banned. Developers should audit any app that touches these product categories to ensure it does not cross into facilitated sales or irresponsible promotion.

Show full text

Added

Tobacco and Alcohol Policy Summary Apps that facilitate the sale of tobacco or products containing nicotine (such as e-cigarettes, vape pens and nicotine pouches) OR encourage the illegal or inappropriate use of alcohol, tobacco, or nicotine are not allowed.

inappropriate-contentInappropriate ContentcriticalInappropriate Content
Added

The full policy text now explicitly states that apps facilitating the sale of tobacco or any nicotine-containing products (e-cigarettes, vape pens, nicotine pouches) are not permitted, nor are apps that encourage illegal or inappropriate use of alcohol, tobacco, or nicotine. This gives the policy binding weight beyond the summary. Any app in the food, grocery, lifestyle, or health space that includes purchasing flows for these products must remove them to avoid rejection.

Show full text

Added

Full Policy We don't allow apps that facilitate the sale of tobacco or products containing nicotine (such as e-cigarettes, vape pens and nicotine pouches) or encourage the illegal or inappropriate use of alcohol, tobacco, or nicotine.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

The full policy statement is now explicitly published, prohibiting apps that contain or promote sexual content, profanity, pornography, or any content or services intended to be sexually gratifying. This formalizes and consolidates the rules into a clearly stated policy section. Developers should note the broad scope — it covers not just content within the app but also associated services. Any app that connects users to sexually gratifying services externally could be in violation.

Show full text

Added

Full Policy We don't allow apps that contain or promote sexual content or profanity, including pornography, or any content or services intended to be sexually gratifying.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

Google Play has added an explicit prohibition on distributing content associated with predatory behavior, illegal themes, or bestiality. While some of these topics may have been covered implicitly by prior policies, this new rule names them directly. Any app hosting or distributing user-generated or curated content must ensure none of it falls into these categories. Violations could result in immediate removal or account termination.

Show full text

Added

Don't distribute content associated with predatory behavior, illegal themes, or bestiality.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

The full Hate Speech policy now explicitly enumerates protected characteristics including race, religion, disability, age, nationality, veteran status, sexual orientation, gender identity, caste, immigration status, and others linked to systemic discrimination. Previously, the scope of protected groups may not have been this explicitly detailed in policy text. Any app that promotes violence or incites hatred against individuals or groups on these bases is prohibited. Developers of social, news, or user-generated content apps must ensure their content moderation policies align with this expanded list.

Show full text

Added

Full Policy We don't allow apps that promote violence, or incite hatred against individuals or groups based on race or ethnic origin, religion, disability, age, nationality, veteran status, sexual orientation, gender, gender identity, caste, immigration status, or any other characteristic that is associated with systemic discrimination or marginalization.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

A new Violent Extremism policy summary has been introduced, stating that apps from dangerous organizations or containing content that promotes or glorifies violent extremism are not allowed. This consolidates and surfaces an extremism-specific prohibition at the summary level. Developers of news, political, or community apps should audit their content to ensure nothing could be interpreted as promoting or glorifying violent extremist groups or acts.

Show full text

Added

Violent Extremism Policy Summary We don't allow apps from dangerous organizations or those with content that promote or glorifies violent extremism.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

The full policy text now explicitly states that terrorist organizations and dangerous organizations or movements that have engaged in, prepared for, or claimed responsibility for violence against civilians are prohibited from publishing apps on Google Play for any purpose, including recruitment. This is a formal, detailed articulation of a ban covering all use cases — not just violent content but organizational identity itself. Developers who build apps on behalf of third-party organizations should vet those organizations carefully before publishing.

Show full text

Added

Full Policy We do not permit terrorist organizations, or other dangerous organizations or movements that have engaged in, prepared for, or claimed responsibility for acts of violence against civilians to publish apps on Google Play for any purpose, including recruitment.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

A new 'Don't' rule has been added explicitly prohibiting the publication of apps from terrorist or other dangerous organizations. This reinforces the full policy statement (index 125) in a concise actionable format. Developers acting as publishers or aggregators for third-party apps should perform due diligence to confirm no affiliated organization falls into this category.

Show full text

Added

Don't publish apps from terrorist or other dangerous organizations.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

A new guideline requires that neither the app itself nor any of its content should belong to or promote a terrorist or dangerous organization. This extends the prohibition beyond just the publisher identity to encompass in-app content as well. Developers must audit both their organizational affiliations and their app's content — including user-generated content pipelines — for any material that could be construed as promoting such groups.

Show full text

Added

Ensure your app and its content do not belong to or promote a terrorist or dangerous organization.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

Google has introduced a Dangerous Products Policy Summary explicitly prohibiting the sale of explosives, firearms, ammunition, and certain firearms accessories through apps on the Play Store. Previously, such restrictions may have been addressed through broader dangerous goods policies; this now makes the prohibition explicit and named. Developers of e-commerce, marketplace, or classified-ad apps must ensure their platforms cannot be used to transact these items. Violation of this policy is grounds for rejection or removal.

Show full text

Added

Dangerous Products Policy Summary The sale of explosives, firearms, ammunition or certain firearms accessories through your app is forbidden.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

Following the Dangerous Products policy summary, Google adds a direct prohibition: developers must not provide services facilitating the sale of the listed dangerous items. This reinforces that the ban covers the service layer — not just hosting listings, but any transactional or facilitation functionality. Marketplace, auction, or peer-to-peer selling app developers should audit their category restrictions and seller agreements to ensure compliance. This is an enforceable requirement that applies at the app functionality level.

Show full text

Added

You must not provide these services.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

This addition explicitly codifies that apps enabling the sale of explosives, firearms, ammunition, or certain firearms accessories are prohibited on Google Play. While this aligns with long-standing policy intent, the formal addition as a full policy statement makes the prohibition more explicit and enforceable. Developers running gun shops, marketplaces, or any commerce app that includes these product categories should ensure their app does not facilitate such transactions.

Show full text

Added

Full Policy We don't allow apps that facilitate the sale of explosives, firearms, ammunition, or certain firearms accessories.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

A clear 'Don't' rule has been added stating that apps facilitating the sale of explosives, firearms, or ammunition are not permitted on Google Play. This makes an existing policy stance more explicit and actionable as a rejection criterion. Any app—including third-party marketplaces or general e-commerce platforms—that allows these product categories to be sold must remove that functionality to remain compliant.

Show full text

Added

Don't publish an app that facilitates the sale of explosives, firearms, or ammunition.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

A new Marijuana Policy Summary section explicitly states that apps enabling the sale of marijuana or marijuana-derived products are not allowed on Google Play, regardless of whether such sales are legal in the user's jurisdiction. This removes any ambiguity that legal markets (e.g., US states or countries where cannabis is legal) might have created. Developers building dispensary apps, cannabis delivery platforms, or any app with marijuana commerce features must remove that functionality.

Show full text

Added

Marijuana Policy Summary Apps that facilitate the sale of marijuana or its products are not allowed irrespective of legality.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

A specific rule has been added banning the use of in-app shopping cart or ordering mechanisms to purchase marijuana through a Google Play app. This clarifies that even if an app is primarily informational (e.g., a dispensary locator), adding transactional marijuana ordering features is prohibited. Developers must ensure no checkout, cart, or order flow within their app processes marijuana purchases.

Show full text

Added

You must not allow users to order marijuana through an in-app shopping cart feature.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

Google has added an explicit, standalone policy stating that apps facilitating the sale of marijuana or marijuana products are not allowed on the Play Store, regardless of whether such sales are legal in a given jurisdiction. Previously this prohibition may have been implied under broader drug policies, but it is now stated outright. Developers running cannabis dispensary apps, delivery platforms, or any marketplace that includes marijuana products must remove that functionality or face removal from the store.

Show full text

Added

Full Policy We don't allow apps that facilitate the sale of marijuana or marijuana products, regardless of legality.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

Google has introduced a dedicated Tobacco and Alcohol policy section with a summary card that explicitly prohibits apps facilitating the sale of tobacco or nicotine-containing products (including e-cigarettes, vape pens, and nicotine pouches) and apps that encourage illegal or inappropriate use of alcohol, tobacco, or nicotine. This formalizes and expands on rules that may not have been this clearly delineated before. Developers of any app touching nicotine product sales or substance-related content should review this new section immediately.

Show full text

Added

Tobacco and Alcohol Policy Summary Apps that facilitate the sale of tobacco or products containing nicotine (such as e-cigarettes, vape pens and nicotine pouches) OR encourage the illegal or inappropriate use of alcohol, tobacco, or nicotine are not allowed.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

The full policy text formally prohibits apps that facilitate the sale of tobacco or nicotine-containing products (e-cigarettes, vape pens, nicotine pouches) or that encourage illegal or inappropriate use of alcohol, tobacco, or nicotine. This is the authoritative policy statement backing the summary in index 151. Developers of grocery, delivery, or lifestyle apps that include any nicotine or tobacco sales functionality need to assess whether their app violates this rule.

Show full text

Added

Full Policy We don't allow apps that facilitate the sale of tobacco or products containing nicotine (such as e-cigarettes, vape pens and nicotine pouches) or encourage the illegal or inappropriate use of alcohol, tobacco, or nicotine.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLcriticalCOLLAPSE ALL EXPAND ALL
Added

As part of the new Key Considerations guidance, Google has added an explicit 'Don't' rule prohibiting apps from facilitating the sale of tobacco, e-cigarettes, or nicotine pouches. This reinforces the full policy statement and makes clear that dedicated nicotine/tobacco sales flows are not permissible. Apps offering vape shops, tobacco delivery, or nicotine product marketplaces will be in violation and risk removal.

Show full text

Added

Don't facilitate the sale of tobacco, e-cigarettes, or nicotine pouches.

google-play-families-policiesGoogle Play Families PolicieshighGoogle Play Families Policies
Added

Google has announced that the updated Families Policies article will take effect on August 26, 2026, and a preview of the updated content is available via a linked page. This gives developers advance notice to review the forthcoming changes and adjust their apps before the enforcement date. Developers with child-directed or mixed-audience apps should review the preview immediately to identify any required changes.

Show full text

Added

(effective August 26, 2026) To preview the updated "Google Play Families Policies" article, visit this page.

google-play-families-policiesGoogle Play Families PolicieshighGoogle Play Families Policies
Added

Apps targeting a mixed audience (both children and adults) are now explicitly required in the summary to implement a neutral age screen—one that does not nudge users toward any age group—ensuring that child users are served only non-personalized ads. Previously this requirement existed in the full policy but is now prominently surfaced. Developers of mixed-audience apps without a compliant age screen should implement one before the August 2026 effective date.

Show full text

Added

If your app is for a mixed audience, you must include a neutral age screen to ensure children only see non-personalized ads.

google-play-families-policiesGoogle Play Families PolicieshighGoogle Play Families Policies
Added

Google has introduced a structured Do/Don't summary section to the Families Policies page. One of the explicit 'Do' items requires adhering to children's data laws such as COPPA and GDPR-K. This makes compliance with these regulations an explicit, documented expectation on the policy page, meaning failure to comply is more directly tied to potential app rejection.

Show full text

Added

Key Considerations Do Don't Adhere to laws like COPPA and GDPR regarding children's data.

google-play-families-policiesGoogle Play Families PolicieshighGoogle Play Families Policies
Added

Google has added a clear prohibition against serving personalized or interest-based ads to children in the Families Policies Do/Don't guidance. Previously this may have been implied through broader ad policy rules, but it is now a stated 'Don't' in the Families section. Developers whose apps target children or have a mixed audience must ensure their ad implementations do not serve personalized ads to child users.

Show full text

Added

Don't serve personalized ads to children.

google-play-families-policiesGoogle Play Families PolicieshighGoogle Play Families Policies
Added

A new requirement has been added stating that apps serving ads to children must use ad SDKs that are certified under Google's Families Ads program. If your app targets children or a mixed audience and serves ads, any ad SDK you use must appear on Google's approved list. Using uncertified ad SDKs in child-directed apps is grounds for removal from Google Play.

Show full text

Added

Use certified ad SDKs for apps serving ads to children.

google-play-families-policiesGoogle Play Families PolicieshighGoogle Play Families Policies
Added

Google has added an explicit prohibition on collecting persistent device identifiers — including the Advertising ID (AAID) and IMEI — from child users. This applies to apps that target children or are aware they are serving children. Developers must audit their SDKs and data collection flows to ensure no persistent identifiers are gathered from child users, as violations could result in app removal.

Show full text

Added

Don't collect personal data persistent identifiers (like AAID or IMEI)from children.

google-play-families-policiesGoogle Play Families PolicieshighGoogle Play Families Policies
Added

Apps that target both children and adults are now explicitly required to implement a neutral age gate or age screen to differentiate users before serving content or ads. The screen must not nudge users toward a particular age selection. This is a behavioral and UX requirement that developers of mixed-audience apps must implement to remain compliant.

Show full text

Added

Use a neutral age screen if your app's audience is mixed.

google-play-families-policiesGoogle Play Families PolicieshighGoogle Play Families Policies
Added

Google has added a 'Don't' item prohibiting the use of any SDK that has not been approved or certified for use in child-directed apps. This reinforces and expands on the certified ad SDK requirement to cover all SDKs, not just advertising ones. Developers must vet every third-party SDK integrated into apps that target children or mixed audiences against Google's approved list.

Show full text

Added

Don't use unapproved SDKs that are not certified for use in child-directed services.

google-play-families-policiesGoogle Play Families PolicieshighGoogle Play Families Policies
Added

Google has added an explicit content prohibition to the Families Policies Do/Don't guidance, banning adult themes, excessive violence, and other age-inappropriate content from apps targeting children. While content restrictions have existed in broader Play policies, this addition makes inappropriate content a named violation within the Families Policy specifically. Developers should review all content — including ads, user-generated content, and linked materials — for age-appropriateness.

Show full text

Added

Don't include inappropriate content such as adult themes, excessive violence, or other inappropriate content.

google-play-families-policiesGoogle Play Families PolicieshighGoogle Play Families Policies
Added

Google has added an explicit requirement for developers to accurately declare their app's target age group when submitting or updating an app in Play Console. Misrepresenting the intended audience — for example, claiming an adult audience to avoid Families Policy requirements — is now a stated violation. Developers should ensure their Play Console age group declaration truthfully reflects who the app is designed for.

Show full text

Added

Accurately declare your app's target age group in Play Console.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google has added a new Key Considerations table for child-directed apps, with the first item explicitly requiring adherence to laws like COPPA and GDPR regarding children's data. Previously, this compliance expectation may have been implied but is now surfaced as a direct, named obligation. Developers with apps that target or include children must ensure their data practices are fully compliant with these regulations or risk rejection.

Show full text

Added

Key Considerations Do Don't Adhere to laws like COPPA and GDPR regarding children's data.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new 'Don't' rule has been added stating that personalized ads must not be served to children. This codifies a restriction that developers may have previously navigated less formally. Any app targeting children — or with a mixed audience that includes children — must ensure its ad configurations disable personalization for child users, or face potential rejection.

Show full text

Added

Don't serve personalized ads to children.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

New guidance explicitly requires that apps serving ads to children use only certified ad SDKs. This is a concrete technical requirement, not just a policy principle. Developers must audit their ad SDK integrations and replace any non-certified SDKs to remain compliant — failure to do so could result in app rejection.

Show full text

Added

Use certified ad SDKs for apps serving ads to children.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

New guidance specifically calls out that persistent identifiers such as AAID and IMEI must not be collected from child users. This makes concrete what was previously a broader privacy principle by naming specific identifier types. Developers must review their data collection logic to ensure these identifiers are not gathered when children are or may be using the app.

Show full text

Added

Don't collect personal data persistent identifiers (like AAID or IMEI)from children.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Apps that target both children and adults are now explicitly required to implement a neutral age screen — one that does not encourage users to select a particular age. This is a new implementation requirement for mixed-audience apps. Developers must add or update their age-gate UI to be neutral and non-directed, or risk non-compliance.

Show full text

Added

Use a neutral age screen if your app's audience is mixed.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

New guidance adds a clear 'Don't' rule prohibiting the use of SDKs that are not certified for child-directed services. This reinforces the certified SDK requirement from a different angle by framing uncertified SDK use as an explicit violation. Developers building child-directed apps must verify every third-party SDK in their stack is certified for this context.

Show full text

Added

Don't use unapproved SDKs that are not certified for use in child-directed services.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

New guidance explicitly prohibits including adult themes, excessive violence, or other inappropriate content in apps directed at children. While content policies have existed, this addition places the prohibition directly within the children's Key Considerations checklist, making it a more prominent and enforceable rule. Developers must review all content — including ads, user-generated content, and linked media — for compliance.

Show full text

Added

Don't include inappropriate content such as adult themes, excessive violence, or other inappropriate content.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

New guidance requires developers to accurately declare their app's target age group in Play Console. Misrepresenting the intended audience — whether to avoid child-directed restrictions or for any other reason — is now explicitly called out as a violation. Developers should review their current age group declarations and ensure they genuinely reflect the app's intended user base.

Show full text

Added

Accurately declare your app's target age group in Play Console.

examples-of-common-device-and-network-abuse-violationsExamples of common Device and Network Abuse violations:highExamples of common Device and Network A…
Added

Google Play has published a new section enumerating concrete examples of Device and Network Abuse violations, where no such explicit list existed before. Prohibited behaviors called out include ad-blocking apps that interfere with other apps' ads, game-cheating tools, hacking or security-bypass instructions, API/service usage that violates that service's terms, unapproved bypasses of system power management, and proxy services offered to third parties without meeting specific conditions. Developers should audit their apps and any bundled SDKs against these examples, as matching behaviors are grounds for rejection or removal.

Show full text

Added

Apps that block or interfere with another app displaying ads. Game cheating apps that affect the gameplay of other apps. Apps that facilitate or provide instructions on how to hack services, software or hardware, or circumvent security protections. Apps that access or use a service or API in a manner that violates its terms of service. Apps that are not eligible for allowlisting and attempt to bypass system power management. Apps that facilitate proxy services to third parties may only do so in apps where that is the primary, user-facing core purpose of the app. Apps or third party code (for example, SDKs) that download executable code, such as dex files or native code, from a source other than Google Play. Apps that install other apps on a device without the user's prior consent. Apps that link to or facilitate the distribution or installation of malicious software. Apps or third party code (for example, SDKs) containing a webview with added JavaScript Interface that loads untrusted web content (for example, http:// URL) or unverified URLs obtained from untrusted sources (for example, URLs obtained with untrusted Intents). Apps that use the full-screen intent permission to force user interaction with disruptive ads or notifications. Apps that circumvent Android sandbox protections in order to derive user activity or user identity from other apps.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Removed

Google has removed the explicit enumeration of what constitutes personal and sensitive user data (including PII, location, health data, Health Connect data, microphone, camera, etc.) from the Developer Program Policy. Previously, this definition served as the foundational reference for all downstream privacy requirements. Developers should check whether this definition has moved to a different section or document, as it directly affects how you scope your data handling obligations and Data Safety disclosures.

Show full text

Removed

Personal and Sensitive User Data Personal and sensitive user data includes, but isn't limited to, personally identifiable information, financial and payment information, authentication information, phonebook, contacts, device location, SMS and call-related data, health data, Health Connect data, inventory of other apps on the device, microphone, camera, and other sensitive device or usage data.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Removed

The explicit rule requiring an in-app prominent disclosure when your app accesses, collects, uses, or shares personal data in ways users wouldn't reasonably expect — such as background data collection — has been removed from this section. This requirement was a key rejection trigger for apps that collect data silently. Developers should verify whether this rule has been relocated elsewhere in Google's policies, as its removal here does not necessarily mean the obligation is gone.

Show full text

Removed

Prominent Disclosure & Consent Requirement In cases where your app’s access, collection, use, or sharing of personal and sensitive user data may not be within the reasonable expectation of the user of the product or feature in question (for example, if data collection occurs in the background when the user is not engaging with your app), you must meet the following requirements: Prominent disclosure: You must provide an in-app disclosure of your data access, collection, use, and sharing.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Removed

The explicit mandate that all developers must complete an accurate Data Safety section in Play Console — covering data collection, use, and sharing — has been removed from this area of the Developer Program Policy. This was a high-visibility requirement tied directly to app store listings and user trust. Developers should confirm whether this obligation persists in another part of Google's policies before assuming it no longer applies.

Show full text

Removed

Data safety section All developers must complete a clear and accurate Data safety section for every app detailing collection, use, and sharing of user data.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Removed

The section detailing obligations for developers who access or process personal data originating from the EEA, UK, or Switzerland under the EU-U.S., UK, and Swiss Data Privacy Frameworks has been removed. This covered compliance with applicable privacy laws and restrictions on how EU personal information could be used. Developers handling EU/UK/Swiss user data should verify whether these obligations have been relocated or superseded by updated guidance.

Show full text

Removed

EU-U.S., UK, and Swiss Data Privacy Frameworks If you access, use, or process personal information made available by Google that directly or indirectly identifies an individual and that originated in the European Economic Area, United Kingdom, or Switzerland (“EU Personal Information”), then you must: Comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules; Access, use or process EU Personal Information only for purposes that are consistent with the consent obtained from the individual to whom the EU Personal Information relates; Implement appropriate organizational and technical measures to protect EU Personal Information against loss, misuse, and unauthorized or unlawful access, disclosure, alteration and destruction; and Provide the same level of protection as is required by the Data Privacy Framework Principles or the applicable transfer mechanism as described in the Google Controller-Controller Data Protection Terms.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

A new 'Full Policy' definition of personal and sensitive user data has been added, providing a broader and more explicit list of data types covered. Notably, it now calls out Health Connect data, inventory of other apps on the device, and other sensitive device or usage data alongside previously understood categories. Developers should review this expanded definition to ensure their data collection, handling, and disclosure practices cover all newly enumerated data types.

Show full text

Added

Personal and Sensitive User Data Full Policy Personal and sensitive user data includes, but isn't limited to, personally identifiable information, financial and payment information, authentication information, phonebook, contacts, device location, SMS and call-related data, health data, Health Connect data, inventory of other apps on the device, microphone, camera, and other sensitive device or usage data.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

A new 'Key Considerations' section with Do/Don't guidance has been added, explicitly stating that developers must have a valid privacy policy in both the app's Play Store listing and within the app itself. Previously this requirement may have existed elsewhere but was not surfaced in this format. Developers who only link a privacy policy in their store listing — but not inside the app — may need to update their apps to comply.

Show full text

Added

Key Considerations Do Don't Have a valid privacy policy in both the app's store listing and within the app itself.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

A new 'Don't' rule has been added explicitly prohibiting developers from providing misleading or inaccurate information about their data practices. This reinforces and formalizes the expectation that privacy disclosures — including the Data Safety section and privacy policy — must accurately reflect what the app actually does. Developers with inaccurate or outdated data disclosures risk policy violations and potential rejection or removal.

Show full text

Added

Don't provide misleading or inaccurate information about your data practices.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Previously, the Data Safety section in Play Console was introduced as a feature but requirements around it were less prescriptive in policy text. This addition makes it an explicit policy obligation to accurately disclose what data your app collects and shares. Developers who have incomplete or inaccurate Data Safety declarations now face a clearer policy violation risk. Audit your Data Safety form to ensure it fully reflects your app's actual data handling.

Show full text

Added

Disclose your data collection and sharing practices in the Play Console's Data safety section.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

There was no previously stated blanket rule in this section prohibiting excess data collection by name. This new rule requires that every data point your app collects must be directly tied to its core functionality. Developers who collect broad or speculative data for future use cases or analytics beyond core purpose may now be in violation. Review your data collection scope and trim anything that cannot be justified as essential to what your app does.

Show full text

Added

Don't collect data that is not critical to your app's core purpose.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This addition codifies that passive or implied consent is insufficient — users must actively and clearly agree before any personal or sensitive data is collected. Apps that rely on pre-ticked boxes, buried consent in terms of service, or no consent mechanism at all are now explicitly non-compliant. This is particularly important for apps that collect location, contacts, health, financial, or device identifiers. Developers should implement prominent, plain-language consent prompts tied directly to each data type collected.

Show full text

Added

Obtain clear, affirmative user consent before collecting any personal or sensitive data.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This new rule requires developers to protect all user data with suitable security practices, with modern encryption for data in transit called out specifically. Apps that transmit user data over unencrypted or outdated protocols (e.g., plain HTTP, weak TLS versions) are now explicitly non-compliant at the policy level. This applies to any data exchanged between the app and backend servers, third-party APIs, or SDKs. Developers should audit all network communication and ensure TLS is implemented correctly and kept up to date.

Show full text

Added

Protect all user data with appropriate security measures, including modern cryptography for data in transit.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This rule introduces a data minimization principle, stating that apps may only collect and use data that is genuinely necessary for the app to function. This complements index 21 (no non-critical data collection) and together they form a clear data minimization framework. Developers must be able to justify each data type collected as directly required for a specific feature. Apps with broad permissions or data collection practices driven by SDKs rather than core app needs are at particular risk.

Show full text

Added

Only collect and use data that is necessary for your app's functionality.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This new rule bans both collecting data without consent and using dark patterns or manipulation to obtain consent. It closes a loophole where technically a consent dialog exists but is designed to deceive users into agreeing. This includes deceptive UI patterns, misleading language, false urgency, or making app functionality contingent on consenting to non-essential data collection. Developers should review all consent flows for fairness, clarity, and genuine user choice.

Show full text

Added

Don't collect data without the user's consent or manipulate them into giving it.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now explicitly requires that your app's privacy policy (or relevant data disclosure) be available in two places: within the app itself and on an external web resource. Previously, an external link alone may have been considered sufficient. Developers must ensure both access points are present and functional to avoid rejection.

Show full text

Added

This must be available both in-app and on an external web resource.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now explicitly requires that apps offer a straightforward mechanism for users to delete both their account and their data. This goes beyond simply closing or deactivating an account — the deletion process must be clear and user-friendly. Developers who support account creation must audit their flows to ensure full deletion capability is present, or risk rejection.

Show full text

Added

Provide a clear and easy way for users to delete their accounts and data.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added a direct clarification that freezing or suspending an account does not satisfy the account deletion requirement. Previously, some developers may have implemented account deactivation as a workaround. Apps must now provide true deletion of account and user data, not just a disabled state, to comply with policy.

Show full text

Added

Account freezing is not a valid substitute.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has introduced a formal policy summary section covering prominent disclosure and consent requirements for sensitive personal or device data. It specifically calls out scenarios where data collection may be unexpected by users, such as background data collection. Developers handling any sensitive data — especially outside of direct user interaction — need to review whether their disclosure practices meet the new documented standard.

Show full text

Added

Prominent Disclosure & Consent Requirement Policy Summary Google Play policy mandates stringent requirements for handling sensitive personal or device data, particularly when its collection or use might not be expected by the user (e.g., background data collection).

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now requires that developers provide a prominent, accessible, and descriptive in-app disclosure explaining what data is accessed, collected, used, and shared — and this must happen before any permission request or consent prompt is shown. This is a sequencing requirement: disclosure must precede the consent action. Apps that request permissions without prior contextual explanation are at risk of non-compliance.

Show full text

Added

You must provide prominent, accessible, and descriptive in-app disclosure detailing data access, collection, use, and sharing before requesting any permissions or obtaining consent.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

After providing the required in-app disclosure, developers must obtain user consent through a clear and distinct affirmative action — passive acceptance or pre-checked boxes are not sufficient. This formalizes a two-step process: disclose first, then obtain active consent. Apps that rely on implied consent or bundle consent into general terms acceptance will need to update their flows.

Show full text

Added

Following disclosure, you are required to obtain clear user consent through a distinct, affirmative user action, ensuring informed user choice.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added an explicit prohibition on publicly exposing financial information or government ID numbers (e.g., SSNs, tax IDs, bank account numbers). Previously this may have been covered implicitly under general privacy rules, but it is now a standalone stated requirement. Developers handling any such data must ensure it is never surfaced publicly — failure to comply could result in app rejection or removal.

Show full text

Added

You must never publicly expose financial or government ID numbers.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added an explicit rule prohibiting the unauthorized publication of users' private contact information. This formalizes a restriction that may have previously been implied under broader privacy policies. Developers building apps that access contacts must ensure they have proper authorization before sharing or publishing any contact data, and should audit their data handling flows accordingly.

Show full text

Added

Unauthorized publishing of private contacts is forbidden.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This entry adds a clear, actionable Do/Don't rule explicitly prohibiting the public disclosure of financial information or government ID numbers, reinforcing the standalone rule added at index 40. Having it appear in a Do/Don't table increases its visibility and enforceability during app review. Developers should treat this as a hard rejection criterion and ensure no such data is ever exposed publicly by their app.

Show full text

Added

Don't publicly disclose any financial information or government ID numbers.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This entry reinforces the child-directed SDK requirement introduced at index 42, now presented as an actionable directive within the policy's structured guidance section. The duplication in different policy formats (standalone rule and Do/Don't table) emphasizes that Google considers this a firm enforcement point. Developers of apps in the Families program or otherwise targeting children must verify SDK approval status before submission.

Show full text

Added

Ensure any SDKs used in child-directed apps are approved for that purpose.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added a broad rule prohibiting the public disclosure of sensitive data, serving as a general catch-all that complements the more specific rules about financial IDs and contact information added elsewhere. This broader framing means developers need to consider any category of sensitive data — not just the explicitly named types — when evaluating their app's data exposure risks. Apps that surface any sensitive user data publicly should be reviewed for compliance.

Show full text

Added

Don't disclose sensitive data publicly.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

A new rule has been added stating that apps must not make users' financial data or government-issued IDs public. Previously there was no explicit standalone prohibition on this specific data exposure. Apps that display, store, or transmit such sensitive data must ensure it is never exposed publicly. Developers should audit any feature that surfaces user-submitted financial or identity documents.

Show full text

Added

Do not make financial data or government IDs public.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added a new requirement targeting apps with security or anti-virus functionality, mandating explicit disclosure of data use. This is a headline-level addition that precedes more detailed guidance in the following policy item. Developers shipping security-oriented apps should review their privacy policies to ensure data collection and sharing practices are clearly explained. Failure to comply could result in rejection or removal.

Show full text

Added

Disclose data use for security apps.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Apps that include anti-virus, anti-malware, or other security features are now required to have a privacy policy that clearly and comprehensively describes every type of data collected and every party data is shared with. There was no prior explicit standalone rule singling out security apps for this level of disclosure detail. This matters because vague or generic privacy policies will no longer be acceptable for this app category. Developers should update privacy policies to enumerate specific data types and third-party recipients.

Show full text

Added

If your app has anti-virus or security features, its privacy policy must clearly explain all data collection and sharing.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

A new policy explicitly forbids apps from exposing or distributing contact information that users have not made public, unless the user has authorized it. This closes a gap where apps accessing the contacts permission might share that data without a clear prohibition. Developers building social, messaging, or productivity apps that read contacts must ensure they have explicit user authorization before sharing any contact data externally. Unauthorized sharing of contacts could now be a direct grounds for rejection.

Show full text

Added

Don’t publish or share people's non-public contacts without authorization.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added a rule limiting the pairing of persistent hardware identifiers like IMEI with other user data to narrowly defined purposes: telephony functions and enterprise device management. Previously, restrictions on persistent identifiers focused mainly on advertising use; this broadens the restriction to general data linking. Developers who combine IMEI or similar identifiers with behavioral, demographic, or analytics data outside these permitted scopes will be in violation. Apps should be audited to ensure persistent identifiers are isolated unless a qualifying use case applies.

Show full text

Added

Only link persistent identifiers (like IMEI) to other user data for specific telephony or enterprise management purposes.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has introduced a new rule requiring apps to disclose when they use persistent identifiers such as IMEI, serial numbers, or similar hardware IDs. This is a headline-level addition introducing a disclosure obligation that did not previously exist as a standalone rule. Developers using any persistent device identifier must now inform users of this practice, likely through the privacy policy and/or in-app disclosure. This is especially relevant for enterprise, telephony, and device management apps.

Show full text

Added

Disclose use of identifiers.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Building on the headline rule at index 57, this detailed addition specifies that disclosure of persistent identifier use must be prominent—not buried in a privacy policy. Developers cannot rely on a general data collection statement; the use of persistent identifiers must be surfaced clearly to users. This affects any app that reads IMEI, device serial numbers, or similar persistent hardware IDs for legitimate purposes like enterprise management. Update both in-app disclosures and privacy policies to satisfy this requirement.

Show full text

Added

All permitted uses of persistent identifiers must be prominently disclosed to users.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

A new rule prohibits unnecessarily linking persistent device identifiers to other user or behavioral data, reinforcing the principle of data minimization. This complements the restriction at index 54 by adding a general-purpose 'necessity' test: if there is no clear, permitted reason to associate a persistent identifier with other data, it must not be done. Developers should review data pipelines to ensure persistent identifiers are not passively joined to user profiles, analytics events, or other data stores without justification. This could require architectural changes in apps with centralized user data stores.

Show full text

Added

Don't link identifiers unnecessarily.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

A new rule explicitly prohibits associating persistent identifiers (such as advertising IDs or device IDs) with other user data unless the use case falls within two specifically approved exceptions. Previously, this restriction was less explicitly stated. Developers using persistent identifiers for analytics, personalization, or targeting should audit their data practices immediately. Non-compliance could result in app rejection or removal.

Show full text

Added

Avoid linking persistent identifiers to other user data unless for the two approved use cases.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

The policy now explicitly requires every app to have a completed and up-to-date Data Safety section in the Play Console, covering not just the app's own data practices but also those of any third-party SDKs integrated into the app. This is a significant expansion of accountability — developers are now responsible for auditing their SDKs for data collection behavior. Apps with inaccurate or incomplete sections risk policy violations.

Show full text

Added

You must complete and maintain an accurate Data safety section for each of your apps in the Play Console, detailing data collection, use, and sharing (including by any SDKs in your app).

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

The new policy requires that the information declared in the Play Console Data Safety section must match what is disclosed in the app's privacy policy. If there are discrepancies between the two, the app could be flagged for a violation. Developers should review both documents together to ensure alignment. This adds a cross-document consistency requirement that didn't previously exist as explicit policy.

Show full text

Added

The information in this section must consistently match your app's privacy policy disclosures.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

The full policy text now formally mandates that every app in the Play Store — without exception — must have a clear and accurate Data Safety section covering collection, use, and sharing of user data. This applies to all developers, including those with apps that collect minimal data. Even declaring that no data is collected is a required action. This is a universal compliance requirement.

Show full text

Added

Full Policy All developers must complete a clear and accurate Data safety section for every app detailing collection, use, and sharing of user data.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Where applicable, the Data Safety section must be consistent with the app's privacy policy disclosures. This reinforces index 63 at the full-policy level, making cross-document consistency an enforceable requirement rather than a recommendation. Developers with long-standing privacy policies should re-evaluate them against the new Data Safety form fields. Mismatches may be treated as a violation.

Show full text

Added

Where relevant, the section must be consistent with the disclosures made in the app's privacy policy.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

There was no explicit policy mandating that data disclosures be both prominent and accessible inside the app itself. Developers must now surface data disclosures clearly within the app UI and, where consent is required, obtain it through an affirmative user action rather than passive acceptance. This directly affects any app that collects, shares, or processes user data — which is most apps — and non-compliance could trigger rejection.

Show full text

Added

Provide prominent and accessible in-app data disclosure and obtain user consent via affirmative action when required.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added an explicit definition clarifying that affirmative consent requires the user to take a deliberate action — such as tapping an 'Accept' button — rather than passively encountering a notice. Pre-checked boxes, implied consent, or simply displaying a disclosure no longer qualify where affirmative consent is required. Developers need to audit their consent flows to ensure they meet this definition.

Show full text

Added

Affirmative action means that the user must complete an action in order to indicate that they agree.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added an explicit rule prohibiting permission requests that appear before the user has consented to the app's data practices. Previously, the timing of permission prompts was largely a UX recommendation. Now it is a policy requirement, meaning apps that show runtime permission dialogs before presenting a consent flow may be non-compliant and subject to rejection.

Show full text

Added

Don't request device permissions before users have provided their consent.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has codified that app developers are responsible for auditing the data practices of every third-party SDK included in their app. This was previously implied but not an explicit policy obligation. Developers can no longer treat SDK data behavior as a black box — they must understand and be able to accurately disclose what each SDK collects and shares, or risk policy violations tied to third-party code.

Show full text

Added

Verify data handling procedures of all third parties (SDKs).

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added a specific prohibition against consent dialogs that close automatically without user interaction in contexts where affirmative consent is required. Any popup that times out and dismisses itself — even if it records implied consent — violates this new rule. Developers using auto-dismiss patterns in consent or data disclosure flows must replace them with dialogs that require an explicit user action to proceed.

Show full text

Added

Don't use auto-dismissing consent popups when affirmative action is required to obtain user consent.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now explicitly requires that privacy policies cover all types of user and device data across the full data lifecycle: access, collection, use, and sharing. Partial or vague disclosures no longer satisfy the requirement. Developers should review their privacy policies to ensure every data type their app or its SDKs touches is accurately and completely described, as gaps could result in rejection or removal.

Show full text

Added

This policy must accurately disclose how your app accesses, collects, uses, and shares all types of user and device data.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Previously, there was no explicit Play policy mandate requiring an in-app account deletion mechanism. Apps that allow users to create accounts must now offer a clear and accessible method for users to delete those accounts. This is a direct requirement that affects any app with user registration or account functionality, and missing it could lead to rejection or removal.

Show full text

Added

For apps that offer account creation, you are also required to provide users with a clear and accessible method to delete their account.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This new rule clarifies that when a user requests account deletion, developers must fully delete all associated user data rather than simply deactivating or freezing the account. Apps that retain data after a deletion request — even in a suspended state — will be non-compliant. Developers should audit their backend data pipelines to ensure a true deletion flow is implemented end-to-end.

Show full text

Added

Importantly, you must delete all associated user data upon receiving an account deletion request, rather than merely freezing the account.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now explicitly requires every app to include a privacy policy link in the designated Play Console field and either a link or the full privacy policy text inside the app. This applies to all apps, not just those collecting sensitive data. Developers who have not yet added an in-app privacy policy link are at risk of rejection or removal.

Show full text

Added

Full Policy All apps must post a privacy policy link in the designated field within Play Console, and a privacy policy link or text within the app itself.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now explicitly requires that your app's privacy policy fully and accurately discloses every way user data is accessed, collected, used, and shared. Previously, general privacy policy guidance existed but this specificity is newly codified. Apps with vague or incomplete data disclosures risk policy violations. Developers should audit their privacy policies to ensure every data practice is clearly described.

Show full text

Added

Accurately disclose all data access, collection, use, and sharing in the policy.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google explicitly prohibits offering account freezing or deactivation as a substitute for true account deletion. If your app allows users to 'deactivate' or 'suspend' an account, that option cannot be presented as the equivalent of deleting it. Users must have a distinct, genuine path to permanently delete their account. Apps that conflate these options will be out of compliance.

Show full text

Added

Don't present account freezing as a substitute for deletion.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now explicitly bans any UX patterns that make account deletion unnecessarily difficult, such as burying the option in menus, requiring excessive confirmations, or adding friction steps. The previous guidance focused on providing a deletion option; this addition targets deliberate obfuscation of that path. Developers should review their account deletion flow for any dark patterns or confusing navigation. Non-compliance is a direct rejection risk.

Show full text

Added

Don't create any difficulties or hidden steps for users deleting their account.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now explicitly requires that the Data Safety section in the Play Console be completed accurately and maintained over time as app data practices change. Previously, filling out the Data Safety form was required at submission, but the ongoing maintenance obligation is now codified as a policy rule. Developers who update their app's data practices without updating the Data Safety section will be in violation. Regular audits of this section are now a compliance necessity.

Show full text

Added

Don't neglect to complete and maintain the Data safety section accurately.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now requires that your app's privacy policy URL be accessible globally — it must not be geo-restricted or blocked in any region where the app is available. This is a new explicit requirement beyond simply having a privacy policy link. Developers hosting privacy policies on region-locked domains or behind access controls risk non-compliance. Ensure your policy URL resolves correctly from all countries where your app is distributed.

Show full text

Added

Ensure your privacy policy is globally accessible.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now explicitly requires that account deletion functionality be accessible in two places: directly within the app itself and through a designated external web resource (e.g., a webpage). Previously, in-app deletion alone may have been considered sufficient. Developers must audit their deletion flows to ensure both surfaces are covered, or risk non-compliance.

Show full text

Added

This option must be available both from within your app and externally through a designated web resource.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now explicitly states that when a user requests account deletion, all associated user data must be permanently deleted. Simply freezing, suspending, or deactivating the account does not satisfy this requirement. Developers who currently offer only account deactivation must update their systems to perform full data deletion, and should review any backend data retention pipelines accordingly.

Show full text

Added

When a user requests account deletion, you are required to delete all associated user data; merely freezing the account is not sufficient.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now requires that the account deletion process be straightforward, with no dark patterns or unnecessary friction. Additionally, if any user data must be retained after deletion (e.g., for legal or financial compliance), developers must clearly disclose this in their privacy policy. Developers should review their deletion UX for confusing steps or discouraging patterns, and update privacy policies to reflect any lawful retention practices.

Show full text

Added

Ensure the deletion process is clear and free of obstacles, and accurately disclose any necessary data retention practices in your privacy policy.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google's policy now explicitly requires that if your app allows users to create an account from within the app, it must also allow users to request deletion of that account from within the app. This is a symmetry requirement — creation and deletion pathways must both exist in-app. Developers who only handle account deletion via external support channels or email requests will need to add an in-app deletion flow.

Show full text

Added

Full Policy If your app allows users to create an account from within your app, then it must also allow users to request for their account to be deleted.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This addition reinforces that account deletion is not just about removing login credentials — all user data tied to that account must also be deleted. Developers cannot retain profile data, usage history, or other personal data after an account is deleted at the user's request. This has implications for database design, third-party data processors, and any analytics or marketing platforms that receive user data.

Show full text

Added

When you delete an app account based on a user's request, you must also delete the user data associated with that app account.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now explicitly lists it as a violation to fail to provide both an in-app deletion option and an external web-based deletion method. This 'Don't' rule makes it a clear policy breach to offer only one of the two required deletion surfaces. Developers must ensure both pathways exist and are functional before submitting or updating their app.

Show full text

Added

Don't fail to provide both an in-app and external deletion method.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

In addition to in-app deletion, Google now explicitly requires developers to provide an external web resource — such as a webpage or web form — where users can request account deletion. This is particularly important for users who may have lost access to the app itself. Developers should create and link to a publicly accessible deletion request page and reference it appropriately in their store listing.

Show full text

Added

Provide an accessible external web resource for account deletion.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now explicitly prohibits hidden patterns (dark patterns) and undue rigor in the account deletion process. This means developers cannot use tactics like repeated confirmation dialogs, guilt-tripping language, excessive re-authentication, or multi-step barriers designed to discourage deletion. Developers should audit their deletion UX against these criteria to avoid policy violations.

Show full text

Added

Don't create any hidden patterns or undue rigor in the deletion process.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Previously, apps could suspend or freeze accounts instead of fully deleting them when users requested deletion. Google now explicitly prohibits using account freezing as a substitute for actual account deletion. Developers who offer a 'freeze' or 'deactivate' state must ensure it does not replace a true deletion flow. Apps that route deletion requests into a frozen-account state risk policy violations and potential rejection.

Show full text

Added

Don't use account freezing as a substitute for deletion.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added an explicit requirement that apps must delete all data associated with a user's account upon their request. This goes beyond simply removing login credentials — all stored user data tied to the account must be purged. Developers need to audit their data deletion pipelines to ensure nothing is retained without a disclosed legal basis. Failure to fully delete account data is now a policy violation.

Show full text

Added

Upon user request, delete all data associated with their account.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This new rule reinforces that partial deletion of user data when an account is deleted is not acceptable under Google Play policy. Where index 111 states the affirmative obligation, this rule frames the same requirement as a prohibition, making it a clear enforcement target. Developers must ensure that all backend systems, third-party SDKs, and data stores associated with a user account are included in the deletion flow. Incomplete deletion pipelines could lead to app removal.

Show full text

Added

Don't fail to delete all associated user data upon account deletion request.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Complementing the requirement in index 113, Google now explicitly prohibits privacy policies that leave out necessary data retention disclosures. If your app retains any user data after deletion for legal or operational reasons, omitting that information from your privacy policy is a direct violation. Developers should review their privacy policies to confirm that any post-deletion data retention is documented clearly and accurately. This omission could be treated as a deceptive privacy practice.

Show full text

Added

Don't omit necessary data retention information from your privacy policy.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

App Set ID must not be used for ads personalization or ads measurement, and it must not be associated with personally identifiable information or other device identifiers such as the Android Advertising ID (AAID). This is a new explicit prohibition that closes off potential misuse of App Set ID as an advertising tracking workaround. Developers who pass App Set ID to ad networks, measurement SDKs, or any system that joins it with user-level identifiers are now in violation. Immediate review of any third-party SDK integrations involving App Set ID is recommended.

Show full text

Added

It must not be used for ads personalization and ads measurement or associated with personally-identifiable information or other device identifiers (for example, Android Advertising ID).

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Android is rolling out a new identifier called the App Set ID, designed to support essential non-advertising use cases such as analytics and fraud prevention. Previously, no dedicated policy-governed ID existed for these purposes under this framework. Developers using other identifiers for analytics or fraud detection should evaluate migrating to or incorporating the App Set ID. This is a significant structural addition to how Google manages device identifiers.

Show full text

Added

Full Policy Android will introduce a new ID to support essential use cases such as analytics and fraud prevention.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

The policy now explicitly states that developers must obtain legally valid user consent before collecting or using the App Set ID where consent is required by law. This aligns with existing privacy regulations such as GDPR and CCPA. Developers operating in regulated jurisdictions must ensure their consent flows are adequate before implementing App Set ID. Failing to obtain proper consent where required could result in policy violations.

Show full text

Added

You must obtain users' legally valid consent where required.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

The policy introduces explicit 'Do/Don't' guidance stating that the App Set ID may be used for essential functions such as analytics and fraud prevention. This sets a clear boundary for acceptable use cases. Developers must ensure any implementation of the App Set ID stays within these permitted categories. Using it outside these bounds — particularly for advertising — is prohibited per accompanying policy changes.

Show full text

Added

Key Considerations Do Don't Use the App Set ID for essential functions such as analytics and fraud prevention.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Developers must now disclose their collection and use of the App Set ID in both a legally adequate in-app privacy notification and their app's privacy policy. This extends existing privacy disclosure obligations to cover this new identifier. Developers who implement the App Set ID without updating their privacy documentation will be non-compliant. Privacy policies should be reviewed and updated before shipping any App Set ID integration.

Show full text

Added

Disclose the collection and usage of the App Set ID in a legally adequate privacy notification and your privacy policy.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This entry reinforces and elaborates on the consent requirement introduced in index 122, making explicit that consent must be obtained prior to both collecting and using the App Set ID in jurisdictions where it is legally required. Developers should build consent gate logic before any App Set ID collection begins, not after. This requirement applies at the point of data collection, so runtime consent prompts must precede API calls. Non-compliance in applicable regions could trigger policy enforcement.

Show full text

Added

Obtain legally valid consent from users where required before collecting and using App Set ID.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Developers are explicitly prohibited from omitting App Set ID usage from their privacy policy. This complements the broader disclosure requirement in index 125 by calling out omission as a specific violation. Even apps that consider their use of the App Set ID minor or incidental must document it. Developers should audit their privacy policies to ensure this identifier is mentioned wherever it is used.

Show full text

Added

Don't omit from your privacy policy.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

As part of the new Data Privacy Frameworks policy, developers must obtain explicit user consent before processing personal data from EEA, UK, or Swiss users. Data must also be actively protected against misuse. This directly affects how apps design consent flows and data handling practices for European audiences.

Show full text

Added

You must obtain user consent and protect this data from misuse.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

The new policy introduces an ongoing self-monitoring obligation for developers handling EU personal data. Critically, if a developer determines they cannot meet the policy's requirements, they must notify Google immediately rather than waiting for enforcement action. This creates an active compliance duty beyond simply following the rules at launch.

Show full text

Added

You also have a duty to monitor your compliance and notify Google immediately if you cannot meet these requirements.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added a structured Do/Don't reference table as part of the new Data Privacy Frameworks policy. The 'Do' column explicitly calls out adherence to laws such as GDPR. This makes compliance with applicable privacy law a named, enforceable policy requirement rather than just an implied obligation.

Show full text

Added

Key Considerations Do Don't Adhere to all applicable privacy, data security, and data protection laws (e.g., GDPR).

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

The Do/Don't guidance reinforces that personal data from EU/UK/Swiss users may only be accessed and used for purposes the user has consented to. This is a named 'Do' requirement, meaning any data use beyond consented purposes is a policy violation. Developers should audit their data pipelines to ensure they align with stated consent purposes.

Show full text

Added

Only access and use personal data for purposes consistent with user consent.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

The new policy requires developers to put in place both technical controls (e.g., encryption, access controls) and organizational measures (e.g., data handling procedures, staff training) to secure EU personal data. This aligns with GDPR Article 32 obligations and means security practices are now a Play policy requirement, not just a legal one. Apps lacking adequate security for European user data are at risk of policy enforcement.

Show full text

Added

Implement technical and organizational measures to secure EU Personal Information.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has explicitly added a prohibition against insecurely handling personal data. Previously, secure data handling was implied through broader privacy policies, but this makes it an explicit named violation. Developers must ensure their data storage, transmission, and processing practices are secure. Failing to do so is now a clearly stated policy breach that could trigger enforcement action.

Show full text

Added

Don't avoid insecurely handling personal data, which could lead to loss or misuse.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

A new requirement has been added mandating that developers who cannot meet Google's data handling conditions must immediately contact data-protection-office@google.com and take corrective action. This formalizes an incident-response obligation that did not previously exist in explicit policy text. Developers should have a process in place to identify compliance gaps and report them promptly, as failing to notify Google is itself a violation.

Show full text

Added

If you are unable to meet these conditions, you must immediately notify Google's data-protection-office@google.com and take corrective action.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added a standalone prohibition against failing to notify them when a developer cannot comply with data conditions. This reinforces index 141 by making non-notification itself a named offense rather than just an implied duty. Developers should treat this as a mandatory reporting obligation and build internal workflows to detect and escalate compliance failures quickly.

Show full text

Added

Don't fail to notify Google.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added an explicit ban on selling or transferring user data unless all legal and policy requirements are satisfied. While data sale restrictions have existed in broader privacy policy, this makes it a named, standalone prohibition. Developers who share user data with third parties, monetize data, or transfer data in acquisitions or partnerships must ensure full compliance before doing so or risk policy violation.

Show full text

Added

Don't sell or transfer user data without meeting all legal and policy requirements.

prominent-disclosure-consent-requirementProminent Disclosure & Consent RequirementhighProminent Disclosure & Consent Requirem…
Added

Previously, disclosure requirements were less explicitly structured. Apps must now show a prominent, accessible, and descriptive in-app notice detailing exactly what data is accessed, collected, used, and shared — and this must happen before any permission prompt or consent request is triggered. This affects any app that requests permissions or collects user data, and failure to include this disclosure upfront could lead to rejection.

Show full text

Added

You must provide prominent, accessible, and descriptive in-app disclosure detailing data access, collection, use, and sharing before requesting any permissions or obtaining consent.

prominent-disclosure-consent-requirementProminent Disclosure & Consent RequirementhighProminent Disclosure & Consent Requirem…
Added

Following the required disclosure, apps must now obtain consent through a clear and separate affirmative user action — passive acceptance or bundled consent is not sufficient. This ensures users are making an informed, deliberate choice. Developers should audit their consent flows to ensure consent is never assumed or implied, and that it follows, rather than accompanies, the disclosure step.

Show full text

Added

Following disclosure, you are required to obtain clear user consent through a distinct, affirmative user action, ensuring informed user choice.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

A new explicit rule states that apps must never publicly expose financial or government ID numbers. While this likely reflects existing intent within broader data protection rules, codifying it as a standalone requirement increases the risk of rejection for apps that surface such data in shared or publicly accessible contexts. Developers handling payment, banking, or identity data should audit how this information is displayed or transmitted.

Show full text

Added

You must never publicly expose financial or government ID numbers.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

Google has added an explicit prohibition against publishing users' private contacts without authorization. Apps that access the Contacts API or aggregate contact data must ensure they have proper authorization and are not exposing that data publicly or to unauthorized parties. This formalizes a restriction that developers should already be following, but now carries clearer policy grounds for rejection.

Show full text

Added

Unauthorized publishing of private contacts is forbidden.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

Previously, this specific prohibition was not explicitly called out in this section. Apps must not publicly expose financial data (e.g., bank account numbers, credit card details) or government-issued ID numbers (e.g., SSNs, passport numbers). This matters if your app handles any such data — even incidental exposure in logs, APIs, or UI could trigger a violation.

Show full text

Added

Don't publicly disclose any financial information or government ID numbers.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

This is a newly added requirement targeting apps that are directed at children. Any third-party SDK integrated into a child-directed app must be approved for that purpose — unapproved SDKs are not permitted. Developers should audit all SDKs in children's apps and confirm each one is certified or approved for child-directed use to avoid rejection.

Show full text

Added

Ensure any SDKs used in child-directed apps are approved for that purpose.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

This newly added rule is a broad prohibition on making sensitive personal data publicly accessible. While some specific cases (financial data, government IDs, contacts) are covered by other rules in this section, this catch-all clause extends the restriction to any sensitive data category. Developers should review any feature that surfaces user data externally to ensure nothing sensitive is exposed.

Show full text

Added

Don't disclose sensitive data publicly.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

This addition reinforces and restates the prohibition on publicly exposing financial information and government identification numbers. It appears to serve as a summary-level restatement of index 160 within the same section. Developers handling sensitive financial or identity data must ensure this information is never surfaced in public-facing endpoints, logs, or interfaces.

Show full text

Added

Do not make financial data or government IDs public.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

Apps that offer anti-virus, anti-malware, or other security features are now required to have a privacy policy that comprehensively describes all data collection and sharing practices. This is a more detailed elaboration of the rule at index 164. If your app has any security feature — even as a secondary function — your privacy policy must be thorough and explicit, or the app may be rejected.

Show full text

Added

If your app has anti-virus or security features, its privacy policy must clearly explain all data collection and sharing.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

This new rule prohibits apps from exposing or sharing contact data that is not already public, unless the user has explicitly authorized it. Developers who build apps accessing the contacts API — such as messaging, CRM, or social apps — must ensure they have clear user consent before sharing any contact information externally or making it discoverable.

Show full text

Added

Don’t publish or share people's non-public contacts without authorization.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

Apps may only associate persistent hardware identifiers like IMEI with other user data for narrowly defined purposes: telephony functions or enterprise device management. Previously, this restriction may not have been so explicitly scoped. Developers using device identifiers for analytics, advertising, or other purposes outside these categories need to reassess their data practices to avoid policy violations.

Show full text

Added

Only link persistent identifiers (like IMEI) to other user data for specific telephony or enterprise management purposes.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

This rule reiterates the prohibition (also stated at index 161) on using unapproved SDKs in apps targeting children. The repeated emphasis signals that Google considers this a significant enforcement area. Developers of children's apps should immediately audit all integrated SDKs and remove or replace any that lack explicit child-directed approval.

Show full text

Added

Don't use unapproved SDKs for children's apps.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

This is another restatement of the child-directed SDK restriction (see indexes 161 and 168), further underscoring Google's firm stance on this requirement. Any SDK without approval for child-directed use is prohibited in apps targeting children. Developers should treat this as a potential rejection trigger and proactively verify SDK compliance before submission.

Show full text

Added

Do not include unapproved SDKs in apps targeting children.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

A new rule explicitly requires apps to disclose their use of persistent identifiers. Previously, this requirement was not called out as a standalone obligation in this section. Apps must now make this disclosure prominent, meaning burying it in a long privacy policy may not be sufficient. Developers should audit any use of persistent identifiers and ensure disclosures are clearly surfaced to users.

Show full text

Added

Disclose use of identifiers.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

This new rule clarifies and strengthens the disclosure requirement: all permitted uses of persistent identifiers must be prominently disclosed to users, not just mentioned somewhere in app documentation. This is a meaningful escalation from a general privacy expectation to a specific, enforceable standard. Developers should review how and where they communicate identifier use and ensure it is visible and clear, not hidden in fine print.

Show full text

Added

All permitted uses of persistent identifiers must be prominently disclosed to users.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

A new standalone rule explicitly prohibits linking persistent identifiers to other user data without justification. This signals Google is tightening restrictions on identifier-based data correlation practices. Developers who aggregate or join persistent identifiers with behavioral, demographic, or other user data need to ensure they fall within the approved use cases or risk policy violations.

Show full text

Added

Don't link identifiers unnecessarily.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

This new rule specifies that persistent identifiers may only be linked to other user data in two approved use cases defined by Google. Previously, this restriction was not explicitly stated in this form. Developers who link device or advertising identifiers to user profiles, analytics data, or third-party data must verify their use case is among those approved or refactor their data practices to comply.

Show full text

Added

Avoid linking persistent identifiers to other user data unless for the two approved use cases.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

A new requirement mandates that any app offering account creation must provide users with a clear and accessible way to delete their account. This was not previously stated explicitly in this section. Developers who offer user accounts need to implement and surface an account deletion flow that is easy for users to find and use, or risk non-compliance.

Show full text

Added

For apps that offer account creation, you are also required to provide users with a clear and accessible method to delete their account.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Previously, privacy policy requirements were more general. Google now explicitly prohibits omitting any user or device data handling from your privacy policy. Developers must audit their policy to ensure every category of data their app touches — including device identifiers, sensors, and background data — is documented. Incomplete disclosures risk rejection or removal.

Show full text

Added

Don't omit any user or device data handling from your privacy policy.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Google has added an explicit requirement that your privacy policy be reachable from inside the app, not just from the Play Store listing or an external website. Apps that only link to a privacy policy on their store listing or require users to leave the app to find it may no longer comply. Developers should add an in-app link (e.g., in Settings or an About screen) to their privacy policy.

Show full text

Added

Make your privacy policy accessible from within the app.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Google has added a rule explicitly prohibiting privacy policies that lack required app or company identification. Your privacy policy must clearly name the app and the developer or company responsible for it. This ensures users can identify whose policy they are reading and who is accountable for data handling. Missing this information is now a direct compliance failure.

Show full text

Added

Don't fail to include required app/company identification in the privacy policy.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Google now explicitly requires that privacy policies accurately reflect every dimension of data handling: what data is accessed, collected, how it is used, and with whom it is shared. Vague, incomplete, or misleading disclosures are prohibited. Developers should cross-check their policy against actual app behavior, including third-party SDKs, to ensure full accuracy. Discrepancies can lead to app removal.

Show full text

Added

Accurately disclose all data access, collection, use, and sharing in the policy.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Google has added an explicit prohibition against presenting account freezing, suspension, or deactivation as an equivalent to account deletion. Previously, some apps offered a 'freeze' option in place of true deletion. Users must be given a genuine deletion path that removes their account and data, not just a dormant-account state. Apps that only offer account freezing as their 'deletion' option will need to implement a real deletion flow.

Show full text

Added

Don't present account freezing as a substitute for deletion.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Google now explicitly prohibits designing the account deletion flow in a way that is confusing, buried, or artificially difficult — sometimes called 'dark patterns.' Previously, the focus was on offering deletion; now the ease and clarity of the process is also enforceable. Developers should review their deletion UX to ensure it is straightforward, easy to find, and free of unnecessary confirmation loops or hidden steps.

Show full text

Added

Don't create any difficulties or hidden steps for users deleting their account.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Google has added a positive requirement that apps provide a clear and accessible account deletion mechanism, not just avoid blocking deletion. This means the option must be easy to discover — for example, in a prominent settings menu — and the steps must be straightforward. Apps that bury deletion behind multiple menus or require contacting support without an in-app path may no longer comply.

Show full text

Added

Implement a clear, accessible process for user account deletion.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

A new explicit reminder has been added stating that developers must not neglect completing and maintaining an accurate Data safety section. While this expectation existed implicitly before, it is now called out as a distinct requirement. Developers who have incomplete or outdated Data safety declarations are at greater risk of policy violations or app rejection.

Show full text

Added

Don't neglect to complete and maintain the Data safety section accurately.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Google has added an explicit requirement that your app's privacy policy must be globally accessible — meaning it cannot be geo-restricted or otherwise unavailable to users in certain regions. Previously this was not called out as a separate rule. Developers should verify that their privacy policy URL works from all countries and is not blocked by region-based restrictions.

Show full text

Added

Ensure your privacy policy is globally accessible.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkshighEU-U.S., UK, and Swiss Data Privacy Fra…
Added

A new 'Don't' item states that ignoring privacy laws constitutes a direct policy violation. While non-compliance was always against policy implicitly, this explicit labeling in a Do/Don't list makes enforcement intent clearer. Apps operating in EEA, UK, or Swiss markets that fail to meet applicable privacy laws now have an explicit policy basis for rejection or removal.

Show full text

Added

Don't ignore privacy laws, as failing to comply with applicable laws is a policy violation.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkshighEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Previously, consent requirements for EU personal data were implied under broader privacy policies. Google now explicitly states that apps must not access or process personal data for any purpose a user has not consented to. This applies to all apps handling EU Personal Information under the Data Privacy Frameworks. Developers must audit their data processing activities to ensure every use case has clear, documented user consent.

Show full text

Added

Don't access or process personal data for any purpose that a user has not consented to.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkshighEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google has added an explicit requirement that developers put in place both technical (e.g., encryption, access controls) and organizational (e.g., policies, training) measures to secure EU Personal Information. This goes beyond general best-practice advice and is now a stated policy obligation under the EU-U.S., UK, and Swiss Data Privacy Frameworks. Failure to demonstrate such measures in place could result in policy violations. Developers should review and document their security posture specifically for EU data handling.

Show full text

Added

Implement technical and organizational measures to secure EU Personal Information.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkshighEU-U.S., UK, and Swiss Data Privacy Fra…
Added

A new rule explicitly prohibits insecure handling of personal data under the EU-U.S., UK, and Swiss Data Privacy Frameworks, specifically calling out risks of data loss or misuse. While secure data handling was an implied expectation before, this addition codifies it as a concrete, enforceable requirement. Developers should ensure data storage, transmission, and access controls meet a defensible security standard. Lapses could now be cited as a direct policy violation.

Show full text

Added

Don't avoid insecurely handling personal data, which could lead to loss or misuse.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkshighEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google has added a formal obligation requiring developers to contact data-protection-office@google.com immediately and take corrective action if they are unable to comply with EU-U.S., UK, and Swiss Data Privacy Framework conditions. This is a new, specific procedural requirement with a named contact point that did not previously exist in the policy. Developers should establish an internal process to monitor compliance and trigger this notification if a gap is identified. Failing to notify could compound a violation.

Show full text

Added

If you are unable to meet these conditions, you must immediately notify Google's data-protection-office@google.com and take corrective action.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkshighEU-U.S., UK, and Swiss Data Privacy Fra…
Added

In addition to requiring notification when conditions cannot be met, Google has separately called out that failing to notify is itself a prohibited action. This makes the notification duty a standalone enforceable rule under the Data Privacy Frameworks, not just a procedural step. Developers who identify a compliance issue and stay silent now face a dual violation. This underscores the importance of having a clear escalation and notification workflow in place.

Show full text

Added

Don't fail to notify Google.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkshighEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google has added a requirement for developers to actively and regularly monitor their compliance with the EU-U.S., UK, and Swiss Data Privacy Framework conditions, with a specific call-out to reassess after any regulatory or legal updates. This moves compliance from a one-time review to a continuous obligation. Developers operating in affected regions should build periodic compliance reviews into their release cycles or legal review processes. Ignoring updates to applicable laws or policies could now directly constitute a policy violation.

Show full text

Added

Regularly monitor compliance, ensuring you consistently meet these conditions, especially following regulatory or legal updates to applicable policies.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

The explicit standalone section prohibiting apps that contain or promote sexual content, profanity, or pornography has been removed from the Inappropriate Content page. This does not necessarily mean the policy no longer exists — it may have been consolidated elsewhere or restructured. Developers should locate the current authoritative version of this policy to confirm whether their compliance obligations have changed. Treat this as a structural change requiring verification, not a relaxation of rules.

Show full text

Removed

COLLAPSE ALL EXPAND ALL Sexual Content and Profanity We don't allow apps that contain or promote sexual content or profanity, including pornography, or any content or services intended to be sexually gratifying.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

The explicit section prohibiting apps that promote violence or incite hatred based on protected characteristics (including race, religion, gender identity, disability, and others) has been removed from the Inappropriate Content page. This may reflect a consolidation or restructuring of the policy rather than its elimination. Developers building apps with user-generated content or community features should verify where this policy now lives and confirm their compliance approach remains valid.

Show full text

Removed

Hate Speech We don't allow apps that promote violence, or incite hatred against individuals or groups based on race or ethnic origin, religion, disability, age, nationality, veteran status, sexual orientation, gender, gender identity, caste, immigration status, or any other characteristic that is associated with systemic discrimination or marginalization.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

The dedicated section prohibiting apps that depict or facilitate gratuitous violence or other dangerous activities has been removed from the Inappropriate Content guidelines page. As with other removals in this update, this likely reflects a reorganization rather than policy elimination. Developers of games, action apps, or any content involving violence should confirm where this policy now resides to ensure ongoing compliance.

Show full text

Removed

Violence We don't allow apps that depict or facilitate gratuitous violence or other dangerous activities.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

The section explicitly banning terrorist and dangerous organizations from publishing apps — including for recruitment purposes — has been removed from the Inappropriate Content page. This is a significant structural removal that developers and compliance teams should investigate to confirm whether equivalent language exists elsewhere in the current policy set. Platform integrity tools or app review processes likely still enforce equivalent restrictions.

Show full text

Removed

Violent Extremism We do not permit terrorist organizations, or other dangerous organizations or movements that have engaged in, prepared for, or claimed responsibility for acts of violence against civilians to publish apps on Google Play for any purpose, including recruitment.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

The dedicated section prohibiting apps that contain or facilitate threats, harassment, or bullying has been removed from the Inappropriate Content page. For developers of social, messaging, or community-driven apps, this was a key policy reference. Its removal likely reflects reorganization rather than policy abandonment, but developers should locate the current policy location to ensure their moderation and content policies remain aligned.

Show full text

Removed

Bullying and Harassment We don't allow apps that contain or facilitate threats, harassment, or bullying.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

The section explicitly prohibiting apps that facilitate the sale of explosives, firearms, ammunition, or certain accessories has been removed from the Inappropriate Content page. Developers building marketplace, classifieds, or commerce apps that could touch on these product categories should verify where this restriction is now documented. The underlying prohibition is expected to remain in force under a different section.

Show full text

Removed

Dangerous Products We don't allow apps that facilitate the sale of explosives, firearms, ammunition, or certain firearms accessories.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

The section explicitly prohibiting apps that facilitate the sale of marijuana or marijuana products — regardless of local legality — has been removed from the Inappropriate Content page. Developers building cannabis-adjacent apps should not interpret this as a policy relaxation without confirming what the current guidelines state. This may have been moved to a different section of the developer policy center.

Show full text

Removed

Marijuana We don't allow apps that facilitate the sale of marijuana or marijuana products, regardless of legality.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

The section prohibiting apps that facilitate the sale of tobacco or nicotine products (e-cigarettes, vape pens, nicotine pouches) or encourage inappropriate alcohol use has been removed from the Inappropriate Content page. Developers in this space should urgently verify whether equivalent restrictions exist elsewhere in the current policy, as enforcement likely continues even if the section has been restructured or relocated.

Show full text

Removed

Tobacco and Alcohol We don't allow apps that facilitate the sale of tobacco or products containing nicotine (such as e-cigarettes, vape pens and nicotine pouches) or encourage the illegal or inappropriate use of alcohol, tobacco, or nicotine.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

The policy now explicitly calls out pornography and content or services intended to be sexually gratifying or to solicit sexual acts for compensation as prohibited categories. Previously, the scope may not have been this explicitly enumerated in this section. Apps that offer any form of compensated sexual services or explicitly gratifying content are squarely within the rejection category. Developers in adjacent categories (e.g., dating, adult entertainment) should carefully audit their content.

Show full text

Added

This includes pornography and content or services intended to be sexually gratifying or to solicit sexual acts for compensation.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Developers are now explicitly required to ensure their apps do not promote or facilitate prohibited sexual activities or material. This extends responsibility beyond just hosting content — it includes features, links, or flows that could be seen as facilitation. This is a direct developer obligation, not just a content rule, meaning the app's design and user journeys are in scope. Apps with user-generated content or third-party integrations should pay close attention.

Show full text

Added

You must ensure your apps are not promoting or facilitating such activities or material.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Under the new catalog app exemption, apps may distribute a minor fraction of sexual content provided it is not actively promoted and access is restricted from minors. This means passive availability in a broad catalog is treated differently from featuring or surfacing such content. Developers must implement robust age-gating and avoid algorithmic promotion of sexual content to remain compliant. Failure to restrict minor access would likely void this exemption and result in rejection.

Show full text

Added

These apps can distribute a minor fraction of sexual content as long as it is not actively promoted and access is restricted to minors.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

The full policy text has been added, explicitly prohibiting apps that contain or promote sexual content, profanity, pornography, or any content or services intended to be sexually gratifying. This formalizes and consolidates rules that may have existed in scattered form, giving them a single authoritative location. For developers, this full-text addition is the enforceable standard, and the summary sections are subordinate to it. Any app with adult or mature content should be reviewed against this explicit language.

Show full text

Added

Full Policy We don't allow apps that contain or promote sexual content or profanity, including pornography, or any content or services intended to be sexually gratifying.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new Key Considerations section with Do/Don't guidance has been added, with at least one explicit directive to protect minors by restricting their access to sexual content. This positions minor protection not just as best practice but as a named compliance requirement within the policy framework. Developers offering any content that could be rated mature or above must implement age verification or access restriction mechanisms. This could affect app store rating selections, login requirements, and content gating logic.

Show full text

Added

Key Considerations Do Don't Protect minors by restricting access to sexual content.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Previously, restrictions on sexual imagery were less explicitly enumerated. Google Play now explicitly prohibits depictions of sexual nudity, sexually suggestive poses, and sex acts within apps. Developers with any user-generated content, media, or imagery features should audit their content pipelines immediately, as violations can lead to removal.

Show full text

Added

Don't include depictions of sexual nudity, sexually suggestive poses, or sex acts.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Google Play has added a proportionality rule: sexual content cannot dominate an app's catalog and must remain a minor fraction of the total offering. Apps that primarily or heavily feature sexual content will likely be non-compliant even if individual items might otherwise be permissible. Developers should review their catalog composition and ensure sexual content is clearly subordinate to the broader content library.

Show full text

Added

Ensure sexual content is a minor fraction of the overall catalog.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Google Play now explicitly requires that app store listings — including descriptions, titles, and promotional copy — are free of lewd, profane, or sexually explicit text. This extends content restrictions beyond the app itself to the storefront presentation. Developers should review all metadata fields in their Play Console listings and update any language that could be flagged under this rule.

Show full text

Added

Don't have content that is lewd, profane, or includes explicit text in your store listing.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new 'Key Considerations' section has been added to the Inappropriate Content policy, establishing a do/don't framework for hate speech compliance. The first item instructs developers to familiarize themselves with what legally and policy-wise constitutes a protected group. This signals that Google expects developers to proactively educate themselves rather than rely solely on reactive enforcement. Apps with any community, social, or content-sharing features are most likely to be affected.

Show full text

Added

Key Considerations Do Don't Familiarize yourself with what constitutes a protected group.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new guidance item advises developers to review local laws concerning Educational, Documentary, Scientific, or Artistic (EDSA) content related to Nazism. Some countries permit such content in educational contexts while others restrict it broadly. This matters for history, education, documentary, or media apps that may include WWII or related content — developers must ensure their content complies with the laws of every region where their app is distributed.

Show full text

Added

Review local laws regarding EDSA (Educational, Documentary, Scientific, or Artistic) content related to Nazism.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Google now explicitly prohibits content that frames any protected group as evil, corrupt, or dangerous. This goes beyond direct incitement and covers more subtle forms of harmful characterization, such as conspiracy-style narratives or stereotyping tropes. Developers of news aggregators, opinion platforms, or apps with user-generated content need to assess whether their content moderation policies catch this type of material. Non-compliance could lead to rejection or removal.

Show full text

Added

Don't include content that suggests a protected group is evil, corrupt, or a threat.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Developers are now explicitly required to remove content that promotes hate symbols, slurs, or stereotypes targeting protected groups. This is a direct, actionable requirement rather than general guidance, meaning apps found containing such content face policy enforcement. This affects any app where users can post, share, or display text or images — robust content moderation or filtering systems are essential to remain compliant.

Show full text

Added

Remove any content that promotes hate symbols, slurs or stereotypes.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new rule explicitly bans content that encourages others to discriminate against individuals or groups. This extends the hate speech policy beyond direct hate speech to cover content that promotes discriminatory behavior or attitudes. Developers with social, marketplace, or community apps should review how their platforms could be used to facilitate or promote discrimination, and update moderation policies accordingly.

Show full text

Added

Don't encourage others to discriminate against any individual or group.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Apps must not contain content asserting that any group is inferior or inhuman — a standard dehumanization test commonly used in hate speech frameworks. This is now a written, enforceable requirement. Developers should treat this as a hard content line: any user-generated or editorial content meeting this description must be detectable and removable. Failure to moderate such content could result in app suspension.

Show full text

Added

Ensure your app does not assert that any group is inferior or inhuman.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Google now explicitly prohibits the use of flags, symbols, or insignia associated with hate groups within apps. This applies to all content types — icons, images, stickers, avatars, and user-generated media. Developers of creative or social apps that allow image sharing or custom avatars need to implement detection or moderation for known hate group symbols. This is an enforceable content requirement, not just a recommendation.

Show full text

Added

Don't use flags, symbols, or insignia associated with hate groups.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new clause has been added stating that apps must not promote or encourage CSAM-related material. While this type of content was already implicitly prohibited, the explicit addition of a promotion/encouragement ban broadens the scope. Developers whose apps involve user-generated content, links, or community features should ensure no pathways exist that could facilitate such promotion.

Show full text

Added

You must not promote representation or encouragement of such material.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A formal full-policy statement has been added making it explicit that apps depicting or facilitating gratuitous violence or other dangerous activities are not allowed. This formalizes and surfaces a rule that may have existed in spirit but was not stated as a standalone full-policy clause. Developers of action, combat, or edgy content apps should review whether their content crosses into 'gratuitous' territory.

Show full text

Added

Full Policy We don't allow apps that depict or facilitate gratuitous violence or other dangerous activities.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Developers seeking an exception to violent extremism content restrictions must now explicitly provide Educational, Documentary, Scientific, or Artistic (EDSA) context. Without this justification, exceptions will not be granted. Apps covering extremism-related topics for legitimate informational or artistic purposes must proactively document and demonstrate that context.

Show full text

Added

You must provide EDSA context to attain an exception.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new compliance requirement has been added stating that developers must ensure their app and all its content neither belongs to nor promotes a terrorist or dangerous organization. This places an affirmative due-diligence obligation on developers, not just a passive prohibition. Apps with user-generated content, third-party integrations, or community features must have safeguards to prevent such associations.

Show full text

Added

Ensure your app and its content do not belong to or promote a terrorist or dangerous organization.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

This is a newly added rule under Google's Inappropriate Content policy. Apps must not contain any content that promotes or incites violence. Previously this may have been implied, but it is now an explicit written requirement. Developers should audit all user-generated content systems, static content, and messaging features to ensure nothing promotes or incites violent acts.

Show full text

Added

Don't include content that promotes or incites violence.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Google has added an explicit developer obligation to proactively review their apps for content that glorifies, plans, or celebrates acts of violence. This goes beyond passive compliance — it places an affirmative duty on developers to audit their content. Apps with user-generated content or editorial content touching on violence are especially at risk if no review process is in place.

Show full text

Added

Review your app to ensure it doesn't glorify, plan, or celebrate acts of violence.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new rule has been added prohibiting apps from being used as recruitment tools for dangerous organizations. This is a new explicit restriction that was not previously stated in this section. Developers running community, social, or messaging apps should ensure their platforms cannot be exploited for this purpose, as facilitating such recruitment — even passively — could violate this policy.

Show full text

Added

Don't use your app for recruitment into dangerous organizations.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

This newly added rule forbids posting content that glorifies violence or helps users prepare for violent acts. While similar to index 50's prohibition on inciting violence, this rule specifically targets content that celebrates violence or provides instructional/preparatory material. Developers of gaming, educational, news, or community apps should carefully consider whether any content could be interpreted as glorifying or enabling violence.

Show full text

Added

Don't post content that glorifies or prepares for violent acts.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Google has added a formally labeled 'Full Policy' statement explicitly prohibiting apps that facilitate the sale of explosives, firearms, ammunition, or certain firearms accessories. Previously this prohibition may have existed in less structured form; this addition gives it a clear, authoritative policy designation. Any app involved in commerce, marketplaces, or listings that could include these items must ensure it is not enabling such transactions.

Show full text

Added

Full Policy We don't allow apps that facilitate the sale of explosives, firearms, ammunition, or certain firearms accessories.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new 'Key Considerations' section has been introduced with structured Do/Don't guidance, specifically calling out that apps must not facilitate the sale of restricted firearms accessories. This structured format makes the expectations more concrete and actionable compared to general policy language. Developers building any e-commerce, marketplace, or classifieds-style app should check whether their category filters or listing controls could allow restricted accessories to be sold.

Show full text

Added

Key Considerations Do Don't Ensure your app does not facilitate the sale of restricted firearms accessories.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

As part of the new Key Considerations section, Google has added a specific 'Don't' item prohibiting apps from facilitating the sale of explosives, firearms, or ammunition. This makes the prohibition actionable and directly tied to app rejection criteria. Developers with marketplace, auction, or commerce apps must ensure their platforms cannot be used to list or transact these items.

Show full text

Added

Don't publish an app that facilitates the sale of explosives, firearms, or ammunition.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new rule requires that apps must not include or provide instructions for converting firearms to automatic firing capabilities. This is a specific and concrete content prohibition that goes beyond sales facilitation into informational content. Developers with apps covering firearms education, guides, forums, or user-generated content must audit and remove any such conversion instructions to avoid rejection.

Show full text

Added

Remove any instructions on converting firearms to automatic firing capabilities.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Google has added an explicit prohibition against apps facilitating the sale of firearm accessories that simulate or enable automatic fire, such as bump stocks or auto-sears. This extends the firearms policy beyond traditional weapons to specific accessory categories. Developers running any firearms-related retail, marketplace, or classifieds apps must ensure such accessories are not listable or purchasable through their platforms.

Show full text

Added

Don't allow the sale of firearm accessories that simulate or enable automatic fire.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new 'Don't' rule explicitly bans apps from containing instructions on how to create weapons or restricted firearm accessories. This covers not just sales facilitation but also how-to content, guides, and potentially user-generated content within apps. Developers with content, community, or instructional apps must ensure no such content is hosted or accessible, including in user-submitted material.

Show full text

Added

Don't include instructions for creating weapons or restricted firearm accessories.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new 'Do/Don't' guidance table has been introduced. The one permitted exception is age-gated sale of alcohol and limited tobacco products, but only within food or grocery apps. This narrows the scope of what is acceptable — standalone tobacco or alcohol commerce apps are not covered by this exception. Developers of grocery or food delivery apps that include alcohol or tobacco must implement age-gating to remain compliant.

Show full text

Added

Key Considerations Do Don't Provide age-gating safeguards for the sale of alcohol and for limited sale of tobacco in food/grocery apps.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Google has added an explicit rule prohibiting apps from encouraging the use of alcohol or tobacco by minors. While age-gating was implied by previous policy, this 'Don't' makes targeting or appealing to minors for alcohol or tobacco use a direct violation. Apps with alcohol or tobacco content that lack robust age controls, or that use marketing language appealing to younger audiences, are now at clear rejection risk.

Show full text

Added

Don't encourage the use of alcohol or tobacco by minors.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new explicit prohibition prevents apps from advertising or promoting tobacco products, and specifically calls out links to sites that sell tobacco. This goes beyond commerce facilitation — even informational or content apps that link to tobacco sellers could be in violation. Developers should audit any tobacco-related content, affiliate links, or promotional material within their apps.

Show full text

Added

Don't advertise or promote tobacco products, including links to selling sites.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Google now explicitly prohibits apps from implying that tobacco use enhances a user's social, professional, or intellectual standing. This rule targets lifestyle-style tobacco marketing and brand association rather than direct sales. Developers creating any content — including games, social apps, or media — where tobacco use is glamorized or positively associated with success or status should revise that content to avoid rejection.

Show full text

Added

Don't imply that using tobacco improves social, professional, or intellectual standing.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Google has added an explicit prohibition against apps that portray excessive drinking in a favorable light. Previously, the alcohol policy focused on facilitating illegal or inappropriate use of alcohol but did not call out favorable depictions of excessive consumption. This new rule affects apps in entertainment, social, gaming, and lifestyle categories that include alcohol-related content or themes. Developers should audit any content, imagery, or messaging that could be interpreted as glamorizing binge drinking or overindulgence.

Show full text

Added

Don't portray excessive drinking favorably.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

This addition explicitly names pornography and content or services designed to be sexually gratifying or to solicit sexual acts for compensation as prohibited categories. Previously, these may have been implied under broader content policies. Developers running any platform with user-generated content or adult-adjacent services should audit their offerings to ensure they do not fall into these newly enumerated categories.

Show full text

Added

This includes pornography and content or services intended to be sexually gratifying or to solicit sexual acts for compensation.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google Play now explicitly states that developers must ensure their apps do not promote or facilitate prohibited sexual activities or material, not just avoid hosting such content directly. This extends developer responsibility to indirect facilitation, such as linking out to or enabling access to prohibited content. App developers — particularly those with third-party integrations or user-generated content — need to actively audit their facilitation pathways.

Show full text

Added

You must ensure your apps are not promoting or facilitating such activities or material.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Building on the catalog app exemption, Google Play specifies that such apps may include a small proportion of sexual content under two conditions: it must not be actively promoted, and access must be restricted so minors cannot reach it. Developers relying on this exemption must implement robust age-gating mechanisms and avoid surfacing or advertising the sexual content portion of their catalog.

Show full text

Added

These apps can distribute a minor fraction of sexual content as long as it is not actively promoted and access is restricted to minors.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google Play has added a Do/Don't key considerations section, with the first 'Do' item explicitly requiring developers to protect minors by restricting their access to sexual content. This formalizes minor-protection as an active developer obligation rather than an implicit expectation. Any app that could be accessed by minors and contains any level of mature content needs robust age-verification or access control mechanisms.

Show full text

Added

Key Considerations Do Don't Protect minors by restricting access to sexual content.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google Play's new key considerations section explicitly lists depictions of sexual nudity, sexually suggestive poses, and sex acts as prohibited content. While the general prohibition existed, this level of explicit enumeration in a Do/Don't format makes enforcement criteria clearer and more actionable. Developers should audit all visual assets, user-generated content, and in-app imagery against these specific categories to avoid rejection.

Show full text

Added

Don't include depictions of sexual nudity, sexually suggestive poses, or sex acts.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new rule explicitly states that sexual content must represent only a small portion of an app's total content catalog. Previously, there was no explicit proportionality requirement. Apps that are primarily or heavily focused on sexual content — even if individually permissible — may now be at risk of removal. Developers running content catalog apps should audit their ratio of sexual to non-sexual titles.

Show full text

Added

Ensure sexual content is a minor fraction of the overall catalog.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google Play now restricts the distribution of sexual content to apps that function specifically as book or video catalog apps. Previously, the permitted app types for such content were less explicitly defined. Developers in other app categories — such as games, social, or utility apps — that include any sexual content must remove it or risk policy violations. This is a meaningful narrowing of who is allowed to host this content type.

Show full text

Added

Distribute sexual content only within a book/video catalog app.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new guideline explicitly bans lewd, profane, or sexually explicit content within an app's Play Store listing, including descriptions, screenshots, and promotional text. This clarifies that the content restrictions extend beyond the app itself to its storefront presence. Developers with mature apps should carefully review their listing copy and assets to ensure compliance, even if the app's internal content is permitted.

Show full text

Added

Don't have content that is lewd, profane, or includes explicit text in your store listing.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new explicit 'Don't' rule has been added stating that apps inciting hatred or violence against individuals or groups are prohibited. While this concept existed in spirit under general hate speech rules, it is now a formally stated standalone requirement in the policy checklist. Developers should audit any user-generated content features, editorial content, or community tools in their apps that could facilitate or amplify hateful or violent rhetoric.

Show full text

Added

Don't publish apps that incite hatred or violence against individuals or groups.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google has added a new requirement for developers to review local laws regarding Educational, Documentary, Scientific, or Artistic (EDSA) content that references Nazism. Previously, the policy did not explicitly call out this regional legal review obligation. This is particularly relevant for developers targeting European markets where such content is heavily regulated. Failing to comply with local law in this area could result in both legal liability and app removal.

Show full text

Added

Review local laws regarding EDSA (Educational, Documentary, Scientific, or Artistic) content related to Nazism.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new explicit 'Don't' item forbids including content that characterizes a protected group as evil, corrupt, or dangerous. This goes beyond incitement and targets subtler forms of dehumanizing narrative within app content. Developers building news, entertainment, educational, or user-generated content platforms need to ensure moderation and editorial policies screen for this type of framing. This could affect apps that aggregate or display third-party content without sufficient moderation.

Show full text

Added

Don't include content that suggests a protected group is evil, corrupt, or a threat.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google now explicitly requires developers to remove any content promoting hate symbols, slurs, or stereotypes. This is a new affirmative action item — 'remove' implies an ongoing moderation obligation, not just a one-time review at submission. Apps with user-generated content, chat, or community features are particularly at risk if they lack robust moderation for this type of content. Non-compliance could lead to app rejection or removal from the Play Store.

Show full text

Added

Remove any content that promotes hate symbols, slurs or stereotypes.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new checklist item explicitly prohibits apps from encouraging others to discriminate against any individual or group. This extends the hate speech policy beyond the app's own content to include how the app may prompt or incentivize user behavior. Developers should review calls-to-action, prompts, recommendations, and algorithmic features that could be interpreted as nudging users toward discriminatory behavior.

Show full text

Added

Don't encourage others to discriminate against any individual or group.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google has added an explicit requirement that apps must not contain content asserting any group is inferior or subhuman. Dehumanizing language and content is now a named, standalone violation in the policy checklist. This is broader than incitement — it covers content that demeans without necessarily calling for action. Developers should audit static content, dynamic content feeds, and AI-generated content within their apps for compliance.

Show full text

Added

Ensure your app does not assert that any group is inferior or inhuman.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new explicit 'Don't' rule prohibits the use of flags, symbols, or insignia associated with hate groups anywhere in an app. This is a newly formalized standalone rule in the policy checklist. Developers building historical, educational, gaming, or customization apps (e.g., sticker packs, avatars) need to carefully vet any symbolic imagery included. Context may be considered under EDSA provisions, but the default prohibition is clear.

Show full text

Added

Don't use flags, symbols, or insignia associated with hate groups.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google has added a new Violence Policy Summary section explicitly stating that apps containing gratuitous violence or dangerous activities are prohibited. While violence restrictions existed in prior policy text, this summary section formalizes and consolidates the policy's scope in a new prominent location. Developers of gaming, action, or extreme sports apps should ensure their content does not cross the line into gratuitous territory, as this summary signals heightened enforcement focus.

Show full text

Added

Violence Policy Summary Apps that contain gratuitous violence or dangerous activities are prohibited.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Complementing the Violence Policy Summary, a new explicit rule states that apps must not promote or encourage gratuitous violence or dangerous activities. This extends the prohibition from merely containing such content to actively promoting it — a broader behavioral standard. Developers should review in-app messaging, reward structures, and content framing to ensure they are not inadvertently incentivizing dangerous behavior. This applies equally to user-generated content platforms.

Show full text

Added

You must not promote representation or encouragement of such material.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A formal full-policy declaration has been added stating that apps depicting or facilitating gratuitous violence or other dangerous activities are not allowed on Google Play. While this likely reflects existing enforcement practice, its explicit addition to the policy text makes the rule more prominent and enforceable. Developers with apps containing graphic violence or content that enables real-world dangerous behavior should review their content carefully to avoid rejection.

Show full text

Added

Full Policy We don't allow apps that depict or facilitate gratuitous violence or other dangerous activities.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Developers seeking an exception to the Violent Extremism policy must now explicitly provide EDSA (Educational, Documentary, Scientific, or Artistic) context. Without this context, no exception will be granted. Developers building apps that legitimately cover extremism-related topics — such as news, research, or educational tools — must ensure they clearly document and communicate their EDSA justification.

Show full text

Added

You must provide EDSA context to attain an exception.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new 'Key Considerations' section has been added to the Violent Extremism policy, outlining a Do/Don't framework. The 'Do' side requires developers to provide EDSA (Educational, Documentary, Scientific, or Artistic) context for any content related to violent extremism. This is now a documented best practice and likely a factor in exception reviews. Apps in journalism, education, or research that touch on extremism topics must ensure their EDSA framing is explicit and credible.

Show full text

Added

Key Considerations Do Don't Provide relevant EDSA (Educational, Documentary, Scientific, or Artistic) context for any content related to violent extremism.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Developers are now explicitly required to confirm that their app — including its content — does not belong to or promote a terrorist or dangerous organization. This extends responsibility beyond just the app's publishing account to the actual content within the app. Developers whose apps reference, platform, or amplify content from any such organization, even indirectly, may be at risk of policy violations.

Show full text

Added

Ensure your app and its content do not belong to or promote a terrorist or dangerous organization.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

An explicit rule has been added stating that apps must not include content that promotes or incites violence. Previously, this may have been implied under broader violence or extremism policies, but it is now a standalone enumerated prohibition. Developers should audit user-generated content features, community sections, and any editorial content to ensure nothing could be interpreted as promoting or inciting real-world violence.

Show full text

Added

Don't include content that promotes or incites violence.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Previously this prohibition may have been implied under broader content policies. Google now explicitly requires developers to review their apps to ensure they do not glorify, plan, or celebrate violent acts. This matters because apps with user-generated content, gaming narratives, or community features could be flagged if they permit or promote such content. Developers should audit content moderation systems and community guidelines accordingly.

Show full text

Added

Review your app to ensure it doesn't glorify, plan, or celebrate acts of violence.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google has added a new explicit prohibition against using apps to recruit members into dangerous organizations. This is a new standalone rule rather than a clarification of an existing one. Apps with community, messaging, or social features are most at risk if their platforms can be exploited for such recruitment. Developers should ensure their terms of service and moderation policies actively prevent this use case.

Show full text

Added

Don't use your app for recruitment into dangerous organizations.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google has introduced an explicit requirement that apps adhere to local laws concerning sensitive content, which goes beyond Google's own policy rules. This is significant for developers distributing apps across multiple regions, as what is permissible in one jurisdiction may be illegal in another. Developers operating internationally should conduct jurisdiction-specific legal reviews of their content. Non-compliance could result in regional removal or broader enforcement action.

Show full text

Added

Adhere to all local laws regarding sensitive content.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

This new rule explicitly prohibits posting content that glorifies or prepares users to commit violent acts. While related to index 130, this is framed as a direct content posting prohibition rather than an app-level review requirement. Apps that host user-generated content, forums, or instructional material are particularly affected. Developers should update moderation pipelines to detect and remove such content proactively.

Show full text

Added

Don't post content that glorifies or prepares for violent acts.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new 'Key Considerations' section has been introduced with explicit Do/Don't directives. The key 'Don't' here is that apps must not facilitate the sale of restricted firearms accessories. This structured guidance makes it easier for Google reviewers to flag violations, raising the rejection risk for apps in adjacent categories such as sporting goods, hunting, or general marketplaces that lack sufficient content controls.

Show full text

Added

Key Considerations Do Don't Ensure your app does not facilitate the sale of restricted firearms accessories.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google has added a specific directive requiring developers to remove any content or instructions that explain how to convert a firearm to automatic firing capability. Previously, this may have been covered under broader dangerous content rules, but it is now called out explicitly. Apps containing user-generated content, forums, guides, or instructional media related to firearms must actively moderate for this content.

Show full text

Added

Remove any instructions on converting firearms to automatic firing capabilities.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new explicit prohibition has been added against apps facilitating the sale of firearm accessories that simulate or enable automatic fire, such as bump stocks or auto-sear devices. This goes beyond general firearms accessory restrictions by targeting a specific product class. Marketplace, e-commerce, or classifieds apps must ensure their category filters, listing policies, and moderation tools block these products.

Show full text

Added

Don't allow the sale of firearm accessories that simulate or enable automatic fire.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google has added a 'Don't' rule prohibiting apps from including instructions for creating weapons or restricted firearm accessories, such as 3D-printing guides or DIY conversion kits. This applies to both first-party app content and user-generated content hosted within an app. Developers of content, community, or DIY apps must review and enforce content policies to avoid violation.

Show full text

Added

Don't include instructions for creating weapons or restricted firearm accessories.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new Tobacco and Alcohol Policy Summary has been introduced, explicitly prohibiting apps that facilitate the sale of tobacco or nicotine-containing products (including e-cigarettes, vape pens, and nicotine pouches) and apps that encourage illegal or inappropriate use of alcohol, tobacco, or nicotine. This summary serves as an introductory overview before the full policy details. Developers with any app touching these categories should review the full policy immediately to assess compliance.

Show full text

Added

Tobacco and Alcohol Policy Summary Apps that facilitate the sale of tobacco or products containing nicotine (such as e-cigarettes, vape pens and nicotine pouches) OR encourage the illegal or inappropriate use of alcohol, tobacco, or nicotine are not allowed.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new 'Key Considerations' section has been introduced with explicit Do/Don't guidance. The 'Do' item requires that apps selling alcohol — and any limited tobacco sales within food or grocery apps — must implement age-gating safeguards. This is new prescriptive guidance that defines a compliant path for grocery or delivery apps that include alcohol. Developers in this space must ensure age verification mechanisms are in place.

Show full text

Added

Key Considerations Do Don't Provide age-gating safeguards for the sale of alcohol and for limited sale of tobacco in food/grocery apps.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new rule prohibits apps from encouraging the use of alcohol or tobacco by minors. This adds an explicit minor-protection clause that was not previously stated in this form. Apps with content, marketing, or features that could appeal to or target underage users in relation to these substances need to be reviewed and updated accordingly.

Show full text

Added

Don't encourage the use of alcohol or tobacco by minors.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Apps are now explicitly banned from advertising or promoting tobacco products, and this prohibition extends to including links to sites that sell tobacco. Even if an app does not directly sell tobacco, linking out to tobacco retailers or featuring promotional tobacco content is now grounds for rejection. Developers of lifestyle, content, or social apps should audit any tobacco-related advertising integrations or outbound links.

Show full text

Added

Don't advertise or promote tobacco products, including links to selling sites.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Removed

The explicit enumerated definition of personal and sensitive user data — which listed categories such as location, contacts, health data, Health Connect data, camera, microphone, and others — has been removed from the Developer Program Policy. This definition previously anchored many data-handling requirements. Developers should check whether this definition has moved to another section or document, as its removal may signal a restructuring of privacy policy content rather than a relaxation of requirements.

Show full text

Removed

Personal and Sensitive User Data Personal and sensitive user data includes, but isn't limited to, personally identifiable information, financial and payment information, authentication information, phonebook, contacts, device location, SMS and call-related data, health data, Health Connect data, inventory of other apps on the device, microphone, camera, and other sensitive device or usage data.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Removed

The section requiring apps to display a prominent in-app disclosure when collecting or sharing personal data outside of user expectations (e.g., background data collection) has been removed from this policy location. This was a core enforcement requirement that could cause rejections. Developers must verify whether this requirement has been relocated to another policy document, as ignoring it could still result in enforcement action if the rule persists elsewhere.

Show full text

Removed

Prominent Disclosure & Consent Requirement In cases where your app’s access, collection, use, or sharing of personal and sensitive user data may not be within the reasonable expectation of the user of the product or feature in question (for example, if data collection occurs in the background when the user is not engaging with your app), you must meet the following requirements: Prominent disclosure: You must provide an in-app disclosure of your data access, collection, use, and sharing.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Removed

The explicit policy statement requiring all developers to complete a clear and accurate Data Safety section in Play Console — covering data collection, use, and sharing — has been removed from this location. This was a widely enforced requirement tied to app approval. Developers should verify whether this obligation has moved to another policy page, as non-compliance could still trigger enforcement.

Show full text

Removed

Data safety section All developers must complete a clear and accurate Data safety section for every app detailing collection, use, and sharing of user data.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Removed

The rule mandating that all apps include a privacy policy link in the designated Play Console field and within the app itself has been removed from this policy section. This was a baseline requirement that applied to virtually every app on Google Play. Developers must confirm whether this requirement has been relocated, as its intent is unlikely to have been abandoned entirely.

Show full text

Removed

Privacy Policy All apps must post a privacy policy link in the designated field within Play Console, and a privacy policy link or text within the app itself.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Removed

The standalone 'Account Deletion Requirement' paragraph — which explicitly stated that apps allowing in-app account creation must also allow users to request account deletion — has been removed from this section. This does not necessarily mean the requirement is gone; it may have been consolidated or moved elsewhere in the policy. Developers should verify whether this rule still exists in another section before assuming the obligation has been lifted.

Show full text

Removed

Account Deletion Requirement If your app allows users to create an account from within your app, then it must also allow users to request for their account to be deleted.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Removed

The clause requiring developers to delete all user data associated with an account when honoring an account deletion request has been removed from this section. As with the preceding account deletion rule, this may reflect a restructuring rather than a true policy rollback. Developers with account-based apps should check the full current policy to confirm whether this data deletion obligation persists elsewhere.

Show full text

Removed

When you delete an app account based on a user’s request, you must also delete the user data associated with that app account.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Removed

The section outlining obligations for developers who access or process EU Personal Information — including compliance with applicable privacy laws and restricting use to consistent purposes — has been removed from this location in the policy. Developers operating in or serving users from the EEA, UK, or Switzerland should check whether this content has been moved elsewhere, as the underlying legal obligations under these frameworks have not changed.

Show full text

Removed

EU-U.S., UK, and Swiss Data Privacy Frameworks If you access, use, or process personal information made available by Google that directly or indirectly identifies an individual and that originated in the European Economic Area, United Kingdom, or Switzerland (“EU Personal Information”), then you must: Comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules; Access, use or process EU Personal Information only for purposes that are consistent with the consent obtained from the individual to whom the EU Personal Information relates; Implement appropriate organizational and technical measures to protect EU Personal Information against loss, misuse, and unauthorized or unlawful access, disclosure, alteration and destruction; and Provide the same level of protection as is required by the Data Privacy Framework Principles or the applicable transfer mechanism as described in the Google Controller-Controller Data Protection Terms.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

A new introductory definition of 'personal and sensitive user data' has been added, explicitly listing covered categories including PII, financial data, authentication data, contacts, location, SMS/call data, health data, Health Connect data, device app inventory, microphone, and camera. This is a broader or more explicit enumeration than what previously appeared in this section. Developers should review this list to assess whether their app collects any of these data types and ensure their data handling, disclosure, and consent practices comply.

Show full text

Added

Personal and Sensitive User Data Full Policy Personal and sensitive user data includes, but isn't limited to, personally identifiable information, financial and payment information, authentication information, phonebook, contacts, device location, SMS and call-related data, health data, Health Connect data, inventory of other apps on the device, microphone, camera, and other sensitive device or usage data.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

A new 'Key Considerations' section with Do/Don't formatting has been added, with the first 'Do' item requiring a valid privacy policy to be present in both the app's Play Store listing and within the app itself. While a privacy policy has long been required for certain app types, this explicit dual-location requirement (store listing AND in-app) is now stated as a key consideration. Apps that only link a privacy policy from the store listing but not from within the app UI may be at risk of non-compliance.

Show full text

Added

Key Considerations Do Don't Have a valid privacy policy in both the app's store listing and within the app itself.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

A new prohibition has been added stating that developers must not provide misleading or inaccurate information about their data practices. This formalizes a transparency expectation that was previously implicit or spread across other policy sections. Developers should ensure that their privacy policy, Data Safety form, and any in-app disclosures accurately and consistently reflect how user data is actually collected, used, and shared.

Show full text

Added

Don't provide misleading or inaccurate information about your data practices.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

There was no previous explicit requirement at this level of the policy to complete the Data safety section in Play Console. Developers must now formally disclose what data their app collects and shares directly within the Play Console's Data safety form. Inaccurate or missing disclosures can result in app rejection or removal, so all apps with any data collection need to audit and update their Data safety section.

Show full text

Added

Disclose your data collection and sharing practices in the Play Console's Data safety section.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This is a newly added data minimization requirement. Previously, data collection limits may not have been stated this explicitly at the policy level. Developers must now ensure every data point they collect is directly tied to the app's core functionality. Apps that collect broad or speculative data for future use cases may need to reduce their data collection scope to remain compliant.

Show full text

Added

Don't collect data that is not critical to your app's core purpose.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This newly added rule makes clear that passive or implied consent is not sufficient for collecting personal or sensitive data. Developers must implement explicit, affirmative consent mechanisms — such as clearly worded prompts — before any such data is collected. Apps that rely on pre-ticked boxes, buried disclosures, or assume consent from app usage may face rejection or removal.

Show full text

Added

Obtain clear, affirmative user consent before collecting any personal or sensitive data.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This newly added requirement formalizes the obligation to secure user data, with a specific call-out for modern cryptography (e.g., TLS) for data transmitted over networks. Developers must audit their apps' data handling and transmission practices to ensure encryption and other security controls are in place. Apps transmitting data over unencrypted channels or using outdated cryptographic protocols are now explicitly at risk of policy violation.

Show full text

Added

Protect all user data with appropriate security measures, including modern cryptography for data in transit.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This newly added rule reinforces a principle of data minimization, requiring that data collection and use be strictly tied to what the app actually needs to function. While similar in spirit to index 21 (no collection beyond core purpose), this rule extends the constraint to data use as well as collection. Developers should audit both what they collect and how they use it, removing any surplus data pipelines or analytics that exceed functional necessity.

Show full text

Added

Only collect and use data that is necessary for your app's functionality.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This newly added rule bars both unauthorized data collection and the use of manipulative design patterns to coerce or trick users into giving consent. This means consent flows must be genuinely voluntary, clearly worded, and free from pressure tactics or confusing UI. Developers using dark patterns in permission prompts or consent dialogs — such as misleading button labels or guilt-tripping language — must redesign those flows.

Show full text

Added

Don't collect data without the user's consent or manipulate them into giving it.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This newly added rule mandates that any app offering account creation must also offer account deletion. There was no prior standalone rule at this policy level requiring account deletion functionality. Developers must implement an accessible, functional account deletion option within their app or via a clearly linked web flow. Failing to offer this will be a direct policy violation and grounds for rejection or removal.

Show full text

Added

Allow account deletion.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added a requirement that privacy-related disclosures (likely the privacy policy) must be available in two places: within the app itself and on an externally hosted web resource. Previously, a single location may have sufficed. Developers who only link to a privacy policy from the Play Store listing or only show it in-app will need to ensure both access points exist. Failing to comply could result in app rejection.

Show full text

Added

This must be available both in-app and on an external web resource.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now explicitly requires that apps offer a straightforward mechanism for users to delete both their account and their associated data. This goes beyond simply closing or deactivating an account — actual data deletion must be supported. Developers building apps with user accounts need to implement and surface a deletion flow that is easy to find and use. Apps lacking this feature risk non-compliance and potential rejection.

Show full text

Added

Provide a clear and easy way for users to delete their accounts and data.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has clarified that temporarily suspending or freezing a user's account does not satisfy the account deletion requirement. Previously, some developers may have implemented account freezing as a workaround; this is now explicitly prohibited. Apps must support true, permanent account and data deletion rather than a suspended state. Developers relying on freezing as their offboarding mechanism must update their flows.

Show full text

Added

Account freezing is not a valid substitute.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added an explicit prohibition against publicly exposing financial information or government ID numbers (such as SSNs, tax IDs, or account numbers). Previously this may have been implied under broader privacy rules, but it is now a stated requirement. Developers whose apps handle, display, or transmit such data must ensure none of it is ever surfaced publicly. Violations could result in app rejection or removal.

Show full text

Added

You must never publicly expose financial or government ID numbers.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added a direct prohibition on publishing private contact information without authorization. This goes beyond general data handling guidance by specifically targeting the act of publicly disclosing contacts. Developers building apps that access the contacts permission or store user contact data must ensure there is no pathway for that data to be publicly exposed. This could affect social, communication, or data-sharing apps.

Show full text

Added

Unauthorized publishing of private contacts is forbidden.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This entry reinforces the prohibition introduced in index 40, now restated as an explicit 'Don't' within the Key Considerations table. Having it appear in both a declarative rule and a Do/Don't table underscores its importance to Google. Developers should treat this as a firm rejection criterion and review any feature that surfaces, logs, or transmits financial data or government IDs. Even accidental or indirect public exposure would likely be considered a violation.

Show full text

Added

Don't publicly disclose any financial information or government ID numbers.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added a broad catch-all prohibition against publicly disclosing sensitive data, complementing the more specific rules about financial IDs and contacts. This general rule is significant because it can be applied to a wide range of data types beyond those explicitly named elsewhere in the policy. Developers should audit any feature that outputs, shares, or publishes user data to ensure nothing that could be classified as 'sensitive' is exposed publicly, even in edge cases.

Show full text

Added

Don't disclose sensitive data publicly.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This is a new explicit requirement: apps must not expose financial data (e.g., bank account details, credit card numbers) or government-issued ID information in any public-facing way. Previously this may have been implied under general privacy rules, but it is now a stated prohibition. Developers handling such data must audit their data exposure points — public profiles, shared links, or APIs — to ensure this information cannot be publicly accessed.

Show full text

Added

Do not make financial data or government IDs public.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Apps offering antivirus, anti-malware, or other security features must now ensure their privacy policy fully and clearly describes every type of data collected and every party it is shared with. This goes beyond a general privacy policy requirement by specifically targeting security-category apps, which often collect sensitive system-level data. Failure to provide this disclosure could result in rejection or removal from the Play Store.

Show full text

Added

If your app has anti-virus or security features, its privacy policy must clearly explain all data collection and sharing.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

A new rule explicitly bans apps from exposing or distributing personal contacts that are not already public, without the contact owner's authorization. This affects any app that accesses the device contact list or manages address book data. Developers must ensure that contacts accessed by their app are only used for the purpose the user authorized and are never surfaced publicly or shared with third parties without consent.

Show full text

Added

Don’t publish or share people's non-public contacts without authorization.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This new rule restricts the conditions under which persistent identifiers (such as IMEI, serial numbers, or similar hardware IDs) can be associated with other user data. Previously, linking such identifiers may have fallen under broader privacy guidance; now it is explicitly limited to specific telephony functions or enterprise device management scenarios. Developers using persistent identifiers for analytics, advertising, or other purposes must stop linking them to user profiles.

Show full text

Added

Only link persistent identifiers (like IMEI) to other user data for specific telephony or enterprise management purposes.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This rule elaborates on the identifier disclosure requirement: even where use of a persistent identifier is allowed under policy, it must still be prominently disclosed to users. 'Prominent' disclosure means it cannot be buried in fine print — users must be clearly informed. Developers using identifiers for telephony or enterprise purposes must review how and where they communicate this to users.

Show full text

Added

All permitted uses of persistent identifiers must be prominently disclosed to users.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This new rule prohibits unnecessary linkage of persistent device identifiers to other user data or profiles. It complements the restriction in index 54 by setting a broader principle: if there is no specific, permitted justification, identifiers must not be associated with user data. Developers should review their data models and analytics pipelines to ensure they are not combining device hardware IDs with behavioral or personal data without a valid, policy-compliant reason.

Show full text

Added

Don't link identifiers unnecessarily.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Previously there was no explicit restriction on how persistent identifiers could be combined with other user data. The new rule prohibits linking persistent identifiers (e.g., advertising ID, device ID) to other user data unless the use case falls within two specifically approved exceptions. Developers using persistent identifiers for analytics, personalization, or targeting should audit their data practices immediately, as violations could lead to rejection.

Show full text

Added

Avoid linking persistent identifiers to other user data unless for the two approved use cases.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

A new requirement mandates that every app in the Play Console has a completed, accurate Data Safety section disclosing data collection, usage, and sharing — including data handled by any third-party SDKs integrated into the app. This is a new obligation with no direct predecessor rule. Developers must audit all SDKs in their apps to ensure their disclosures are complete, as inaccurate or missing information can result in policy violations or app removal.

Show full text

Added

You must complete and maintain an accurate Data safety section for each of your apps in the Play Console, detailing data collection, use, and sharing (including by any SDKs in your app).

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

The new rule requires that information submitted in the Play Console's Data Safety section aligns with what is disclosed in the app's privacy policy — discrepancies between the two are now a policy violation. Previously there was no explicit consistency requirement linking these two disclosures. Developers should review both documents together to eliminate contradictions, as mismatches could trigger enforcement action.

Show full text

Added

The information in this section must consistently match your app's privacy policy disclosures.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

The full policy reinforces that where applicable, the Data Safety section must align with the disclosures in the app's privacy policy. This mirrors the summary-level guidance but carries the weight of binding policy language. Developers should treat consistency between the two as a hard requirement, not a best practice, and should update both documents in tandem whenever data practices change.

Show full text

Added

Where relevant, the section must be consistent with the disclosures made in the app's privacy policy.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

There was no explicit mandate in this section requiring apps to surface data disclosures prominently inside the app itself. The new rule requires that data disclosures be clearly visible and accessible within the app, and that user consent — where needed — must be obtained through an affirmative action by the user. Apps that rely on passive or implied consent flows may need redesign to comply and avoid rejection.

Show full text

Added

Provide prominent and accessible in-app data disclosure and obtain user consent via affirmative action when required.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This is a new explicit definition clarifying what 'affirmative action' means in the context of user consent. Passive mechanisms — such as continuing to use the app, pre-ticked checkboxes, or auto-dismissing dialogs — do not qualify. Developers must ensure consent UIs require a deliberate user action (e.g., tapping an 'I Agree' button). This definition directly informs how consent flows must be implemented across the app.

Show full text

Added

Affirmative action means that the user must complete an action in order to indicate that they agree.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This is a new explicit requirement prohibiting permission prompts from appearing before the user has consented to the app's data practices. Previously, many apps displayed runtime permission dialogs at launch without any prior consent flow. Developers need to ensure consent disclosures are shown and accepted before any device permission requests are triggered, which may require reordering app onboarding flows.

Show full text

Added

Don't request device permissions before users have provided their consent.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This new requirement makes clear that responsibility for third-party SDK data practices lies with the developer, not just the SDK provider. Developers must actively audit and confirm how every integrated SDK collects, uses, and shares data. Ignorance of an SDK's behavior is not a defense under this policy. Apps with unvetted SDKs that violate data policies risk rejection or removal.

Show full text

Added

Verify data handling procedures of all third parties (SDKs).

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Previously, there was no explicit prohibition on consent dialogs that close automatically without user interaction. This new rule bans auto-dismissing popups in any scenario where affirmative user consent is required. Any consent dialog that disappears after a timeout — without the user actively agreeing — is now non-compliant. Developers must audit their consent UI patterns and replace auto-dismiss behavior with explicit user actions.

Show full text

Added

Don't use auto-dismissing consent popups when affirmative action is required to obtain user consent.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This addition introduces a labeled 'Privacy Policy Policy Summary' section, explicitly stating that every app on Google Play must have a comprehensive privacy policy that is both accessible within the app and linked in the Play Console. While a privacy policy has long been required, this formal summary consolidates and elevates the requirement within the policy document. Apps missing an in-app accessible privacy policy link are at risk of rejection.

Show full text

Added

Privacy Policy Policy Summary To promote user trust and privacy, Google Play requires every app to have a comprehensive privacy policy accessible within the app and linked in the Play Console.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This new clause specifies the minimum content standard for privacy policies: they must accurately cover how the app accesses, collects, uses, and shares all user and device data. Vague or incomplete privacy policies that omit certain data types or data flows will not meet this requirement. Developers should review their privacy policies against every data point their app and its SDKs touch to ensure full and accurate coverage.

Show full text

Added

This policy must accurately disclose how your app accesses, collects, uses, and shares all types of user and device data.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Previously there was no explicit Play policy requiring an in-app account deletion mechanism. Google now requires that any app offering account creation also offers a clear and accessible account deletion option. This directly affects apps with user registration flows and could cause rejection if the feature is absent.

Show full text

Added

For apps that offer account creation, you are also required to provide users with a clear and accessible method to delete their account.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has clarified that when a user requests account deletion, developers must fully delete all associated user data, not simply deactivate or freeze the account. This raises the bar beyond what some developers may have implemented. Apps that archive or suspend accounts instead of deleting data will need backend changes to comply.

Show full text

Added

Importantly, you must delete all associated user data upon receiving an account deletion request, rather than merely freezing the account.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now formally requires two privacy policy placements: a link in the designated Play Console field and a link or full text inside the app. This applies to all apps regardless of whether they collect data. Developers missing either placement risk policy violations and potential removal from the store.

Show full text

Added

Full Policy All apps must post a privacy policy link in the designated field within Play Console, and a privacy policy link or text within the app itself.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now explicitly requires that your app's privacy policy fully and accurately discloses all data access, collection, use, and sharing practices. Previously this expectation may have been implied, but it is now a stated requirement. Developers should audit their privacy policies to ensure nothing is omitted or misrepresented, as inaccurate disclosure could lead to policy violations.

Show full text

Added

Accurately disclose all data access, collection, use, and sharing in the policy.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added an explicit rule prohibiting apps from presenting account freezing or temporary deactivation as a substitute for permanent account deletion. If your app offers a 'freeze' or 'deactivate' option, it must still provide a true deletion path alongside it. Developers who currently use freezing as their only account removal option will need to implement a proper deletion flow.

Show full text

Added

Don't present account freezing as a substitute for deletion.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google is explicitly prohibiting apps from introducing unnecessary obstacles, hidden steps, or confusing flows that discourage or complicate account deletion. This builds on the broader account deletion requirement and targets dark patterns specifically. Developers should review their account deletion UX to ensure it is straightforward and not buried within settings or gated behind extra hurdles.

Show full text

Added

Don't create any difficulties or hidden steps for users deleting their account.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google is now explicitly calling out failure to complete or maintain the Data Safety section in the Play Console as a policy violation. This section requires developers to declare what data is collected, why, and how it is shared. Developers must not only fill this out at submission but also update it whenever their data practices change.

Show full text

Added

Don't neglect to complete and maintain the Data safety section accurately.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now requires that privacy policies linked from apps are accessible to users worldwide, without geo-restrictions or access barriers. A privacy policy hosted behind a login, blocked in certain regions, or otherwise inaccessible will violate this rule. Developers should verify their privacy policy URL is publicly reachable from any location.

Show full text

Added

Ensure your privacy policy is globally accessible.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now explicitly requires that account deletion be accessible in two places: within the app itself and through a designated external web page. Previously, in-app deletion alone may have been considered sufficient. Developers must audit their current deletion flow and ensure a working web-based deletion option also exists. Failing to provide both access points could result in policy violations.

Show full text

Added

This option must be available both from within your app and externally through a designated web resource.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has clarified that when a user requests account deletion, all data tied to that account must be permanently deleted, not merely frozen or deactivated. This closes a loophole where apps could disable accounts while retaining underlying user data. Developers who currently implement soft-deletes or account suspension instead of full data removal will need to update their backend processes to comply. Non-compliance could lead to enforcement action.

Show full text

Added

When a user requests account deletion, you are required to delete all associated user data; merely freezing the account is not sufficient.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Apps must not add unnecessary steps, confirmation loops, or confusing UI patterns that make it difficult for users to complete account deletion. Additionally, if any data must be retained for legal or operational reasons after deletion, this must be clearly disclosed in the app's privacy policy. Developers should review their deletion UX for dark patterns and ensure their privacy policy accurately reflects any retention timelines or categories. Both the UX and the policy disclosure are now explicit requirements.

Show full text

Added

Ensure the deletion process is clear and free of obstacles, and accurately disclose any necessary data retention practices in your privacy policy.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google's full policy now states a direct symmetry requirement: if your app lets users create an account from within the app, it must also let them request deletion from within the app. This means any app with an in-app sign-up flow is definitively in scope for this requirement. Developers who previously only offered deletion via email or external support channels may no longer meet the standard. A proper in-app deletion entry point is now mandatory.

Show full text

Added

Full Policy If your app allows users to create an account from within your app, then it must also allow users to request for their account to be deleted.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This addition reinforces that account deletion is not just about removing the account record — all user data linked to that account must also be deleted. Developers who store user data across multiple systems, databases, or third-party services need to ensure their deletion pipeline covers all of those data stores. This is a substantive data-handling requirement, not just a UI concern. Apps with complex data architectures should audit their full deletion scope.

Show full text

Added

When you delete an app account based on a user's request, you must also delete the user data associated with that app account.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added a direct 'Don't' item stating that apps must not fail to provide both an in-app deletion option and an external web-based deletion method. This makes the dual-method requirement an explicitly enumerated violation rather than an implied one. Developers who only offer one channel — even if it's in-app — are now clearly out of compliance. Both channels must be functional and accessible.

Show full text

Added

Don't fail to provide both an in-app and external deletion method.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

As part of the new Do/Don't guidance, Google explicitly requires developers to publish an accessible external web resource specifically for account deletion. This goes beyond in-app flows and means developers need a publicly reachable URL (such as a settings page or support page) where users can initiate deletion outside the app. This is particularly important for users who have uninstalled the app but still want to delete their account. Developers should create or verify this web resource now.

Show full text

Added

Provide an accessible external web resource for account deletion.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added a 'Don't' item that specifically calls out hidden patterns and undue rigor in the deletion flow as violations. This targets practices like excessive confirmation steps, misleading button labels, forced re-engagement prompts, or deliberately complex navigation to the deletion option. Developers should review their deletion UX against dark pattern definitions and simplify any steps that could be perceived as obstructive. This signals Google will actively look for manipulative deletion flows during review.

Show full text

Added

Don't create any hidden patterns or undue rigor in the deletion process.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This addition requires that the end-to-end user journey for deleting an account be simple and clear, with no unnecessary barriers. Combined with the dark patterns prohibition, this sets a usability standard for deletion flows, not just a feature-existence standard. Developers should user-test their deletion paths to identify and remove any confusing steps, excessive warnings, or UI elements that slow down or discourage deletion. Both the discoverability and the ease of completion are in scope.

Show full text

Added

Ensure the user process for deletion is straightforward and free of obstacles.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Previously, apps could potentially suspend or freeze accounts instead of fully deleting them when users requested deletion. Google now explicitly prohibits this practice. Developers must implement genuine account deletion rather than a frozen/disabled state that retains user data. Apps that currently freeze accounts in lieu of deletion will need to update their account management flows.

Show full text

Added

Don't use account freezing as a substitute for deletion.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

There was no prior explicit enumeration of this requirement in this form. Google now mandates that when a user requests account deletion, developers must delete all data tied to that account — not just the account credentials themselves. This means profile data, usage history, stored preferences, and any other associated records must be purged. Developers should audit what data is stored per account and ensure deletion pipelines cover everything.

Show full text

Added

Upon user request, delete all data associated with their account.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added an explicit prohibition against incomplete data deletion when a user requests their account be deleted. If any associated user data is retained beyond what is disclosed and justified, this is now a direct policy violation. This reinforces index 111 by framing incomplete deletion as a specific violation rather than just a requirement. Developers should ensure their deletion logic is comprehensive and verifiable.

Show full text

Added

Don't fail to delete all associated user data upon account deletion request.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Complementing index 113, Google now explicitly flags the omission of necessary data retention information from a privacy policy as a violation. Developers must not leave out details about what data is kept after deletion, for how long, and why. This means privacy policies need to be proactively reviewed to ensure retention disclosures are complete — gaps will be treated as a direct policy breach.

Show full text

Added

Don't omit necessary data retention information from your privacy policy.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google now explicitly prohibits using App Set ID for advertising personalization or measurement, and forbids associating it with personally identifiable information or other device identifiers such as the Android Advertising ID. This is a clear boundary that was not previously spelled out in this level of detail. Developers must audit any data pipelines that include App Set ID to ensure it is fully isolated from ad tech stacks and PII.

Show full text

Added

It must not be used for ads personalization and ads measurement or associated with personally-identifiable information or other device identifiers (for example, Android Advertising ID).

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

The policy now explicitly states that developers must obtain legally valid user consent where required before collecting data tied to the App Set ID. This formalizes a consent obligation that may vary by jurisdiction (e.g., GDPR regions). Developers should review their consent flows to ensure they meet legal standards in all markets they operate in.

Show full text

Added

You must obtain users' legally valid consent where required.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

The policy now explicitly bans using the App Set ID for personalized advertising or ad measurement. Previously there was no formal ID with these restrictions codified in this way. Developers currently using device or app identifiers for ad targeting must ensure the App Set ID is not substituted into those pipelines.

Show full text

Added

Don't use the App Set ID for personalized ads or ad measurement.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

A new requirement mandates that developers disclose the collection and use of the App Set ID in both a legally adequate privacy notification and their app's privacy policy. This is an explicit documentation obligation tied to this new identifier. Developers should update their privacy policies and in-app disclosures before adopting the App Set ID.

Show full text

Added

Disclose the collection and usage of the App Set ID in a legally adequate privacy notification and your privacy policy.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Developers are now prohibited from linking the App Set ID to Android identifiers or personal and sensitive user data for advertising purposes. This closes a potential workaround where the ID could be combined with other signals to build ad profiles. Apps that aggregate identifiers for ad targeting must ensure the App Set ID is excluded from those data joins.

Show full text

Added

Don't link the App Set ID to any Android identifiers or personal and sensitive user data for advertising purposes.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

The policy now requires developers to obtain legally valid consent from users before collecting and using the App Set ID in jurisdictions where such consent is required. This reinforces the consent obligation introduced elsewhere and makes it specifically actionable for App Set ID collection. Developers should implement consent gates in applicable regions prior to any App Set ID collection.

Show full text

Added

Obtain legally valid consent from users where required before collecting and using App Set ID.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Developers are now explicitly told they must not omit the App Set ID from their privacy policy. This makes the privacy policy disclosure a hard requirement rather than a best practice. Apps that adopt the App Set ID and fail to document it in their privacy policy risk non-compliance and potential rejection.

Show full text

Added

Don't omit from your privacy policy.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

As part of the new Data Privacy Frameworks policy, developers must obtain valid user consent before processing personal data from EEA, UK, or Swiss users, and must actively protect that data from misuse. This adds a clear consent obligation that goes beyond general privacy guidance previously offered. Developers should audit their consent flows and data handling practices to ensure they meet this requirement. Failure to do so could be grounds for policy enforcement.

Show full text

Added

You must obtain user consent and protect this data from misuse.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

The new policy introduces a proactive duty for developers to continuously monitor their own compliance with EU data privacy requirements. Critically, developers are now required to notify Google immediately if they determine they cannot meet these obligations — this is a new affirmative disclosure requirement with no prior equivalent. This affects any developer processing EEA, UK, or Swiss personal data and adds an ongoing operational responsibility beyond initial compliance. Ignoring this duty could result in enforcement action.

Show full text

Added

You also have a duty to monitor your compliance and notify Google immediately if you cannot meet these requirements.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added a 'Key Considerations' do/don't table as part of the new Data Privacy Frameworks policy, with GDPR cited as an example of applicable law. This makes explicit that compliance with laws like GDPR is not optional — it is a policy requirement. Developers operating in or serving users from the EEA, UK, or Switzerland should treat GDPR compliance as a baseline Play Store requirement, not just a legal obligation. Violation of applicable laws is now explicitly framed as a policy violation.

Show full text

Added

Key Considerations Do Don't Adhere to all applicable privacy, data security, and data protection laws (e.g., GDPR).

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This addition establishes a clear purpose-limitation rule for EU Personal Information: data can only be used in ways that align with the consent users have given. This mirrors GDPR's purpose limitation principle but is now also a Google Play policy requirement. Developers who repurpose user data — such as using data collected for one feature in an unrelated context — would be in violation. Developers should review their data use cases and ensure consent language covers all actual uses.

Show full text

Added

Only access and use personal data for purposes consistent with user consent.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

This is the corresponding 'Don't' rule to the consent-alignment requirement, explicitly prohibiting any processing of EU Personal Information beyond what users have consented to. This closes any ambiguity about whether implied or inferred consent is sufficient — it is not. Developers must ensure their consent mechanisms are specific enough to cover all data processing activities. Violating this rule is a direct policy breach that could lead to enforcement.

Show full text

Added

Don't access or process personal data for any purpose that a user has not consented to.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

The new policy requires developers to put in place both technical controls (e.g., encryption, access controls) and organizational measures (e.g., policies, training) to secure EU Personal Information. This is a new explicit security obligation tied to Google Play policy, not just a general best practice. Developers who lack formal data security practices for EEA, UK, or Swiss user data are now potentially non-compliant. This requirement should prompt a review of data security posture for any app in scope.

Show full text

Added

Implement technical and organizational measures to secure EU Personal Information.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has explicitly added a prohibition against insecurely handling personal data in a way that could result in data loss or misuse. Previously, this expectation may have been implied under broader data safety rules, but it is now a stated requirement. Developers must ensure their data handling practices — including storage, transmission, and access controls — are secure. Failure to comply could result in policy violations and potential rejection.

Show full text

Added

Don't avoid insecurely handling personal data, which could lead to loss or misuse.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

A new requirement mandates that developers who cannot meet specified data-handling conditions must immediately contact Google at data-protection-office@google.com and take corrective action. This is a new formal escalation obligation that did not previously exist in explicit written policy. Developers operating under data agreements or handling sensitive data need to be aware that non-compliance now triggers a mandatory notification duty, not just a corrective action requirement.

Show full text

Added

If you are unable to meet these conditions, you must immediately notify Google's data-protection-office@google.com and take corrective action.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added a concise, standalone rule stating that developers must not fail to notify Google when they cannot meet data-handling conditions. This reinforces the obligation introduced in the adjacent policy change (index 141) and makes non-notification itself a distinct policy violation. Developers should treat this as an enforceable rule, meaning failing to escalate a compliance issue could independently result in policy action against their app.

Show full text

Added

Don't fail to notify Google.

developer-program-policyDeveloper Program PolicyhighDeveloper Program Policy
Added

Google has added a direct prohibition against selling or transferring user data unless all applicable legal and policy requirements are fully satisfied. While data transfer restrictions have existed in broader policy, this new statement makes it an explicit named violation. Developers who share data with third parties, monetize data, or transfer user information as part of business transactions must ensure full compliance before doing so, or risk app removal.

Show full text

Added

Don't sell or transfer user data without meeting all legal and policy requirements.

prominent-disclosure-consent-requirementProminent Disclosure & Consent RequirementhighProminent Disclosure & Consent Requirem…
Added

Previously, disclosure requirements were less explicitly defined in terms of timing and presentation. Apps must now show a clear, descriptive, and accessible in-app notice detailing exactly what data is accessed, collected, used, and shared — and this must happen before any permission prompt or consent request. Developers need to audit their permission flows to ensure a compliant disclosure screen or dialog appears first, or risk rejection.

Show full text

Added

You must provide prominent, accessible, and descriptive in-app disclosure detailing data access, collection, use, and sharing before requesting any permissions or obtaining consent.

prominent-disclosure-consent-requirementProminent Disclosure & Consent RequirementhighProminent Disclosure & Consent Requirem…
Added

Following the required disclosure (see index 150), apps must now obtain explicit user consent via a clear, separate user action — passive acceptance or pre-ticked boxes are not sufficient. This formalizes that informed consent must be active and unambiguous. Developers should review any consent UI to ensure it includes a deliberate opt-in step that is separate from simply dismissing a dialog.

Show full text

Added

Following disclosure, you are required to obtain clear user consent through a distinct, affirmative user action, ensuring informed user choice.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

A new explicit rule has been added stating that apps must never publicly expose financial or government identification numbers. While this may have been implied by broader data protection policies, it is now a stated prohibition. Apps that display, log, or transmit such data in any publicly accessible way must ensure those flows are removed or properly secured.

Show full text

Added

You must never publicly expose financial or government ID numbers.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

A new rule has been added prohibiting the unauthorized publishing of private contact information. This adds a clear, standalone prohibition on top of existing data handling requirements. Developers building apps that access the contacts permission should verify they have explicit user authorization before sharing or surfacing any contact data externally.

Show full text

Added

Unauthorized publishing of private contacts is forbidden.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

Previously, general sensitive data rules applied broadly without calling out specific data types. This new rule explicitly prohibits apps from publicly exposing financial information or government ID numbers (e.g., SSNs, passport numbers). Developers must audit any feature that displays, shares, or logs such data to ensure it is never made publicly accessible. Violations could result in app rejection or removal.

Show full text

Added

Don't publicly disclose any financial information or government ID numbers.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

Google has added an explicit requirement that any third-party SDKs integrated into child-directed apps must be approved for that purpose. Previously, SDK usage in children's apps was governed by broader family policy rules, but this makes SDK vetting a distinct, called-out obligation. Developers of apps targeting children need to verify each SDK's approval status before including it. Using unapproved SDKs in child-directed apps is now a clear policy violation.

Show full text

Added

Ensure any SDKs used in child-directed apps are approved for that purpose.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

This rule reiterates and reinforces index 160's restriction, making clear that financial data and government IDs must never be made public by an app. The repetition signals that Google considers this a high-priority requirement. Developers should treat this as a firm rule requiring technical controls — not just policy acknowledgment — to prevent such data from being exposed. Apps with any financial or identity data flows need careful review.

Show full text

Added

Do not make financial data or government IDs public.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

Building on the general disclosure requirement, Google now specifically mandates that apps with anti-virus or security features include a comprehensive privacy policy covering all data collection and sharing practices. Previously, privacy policy requirements were uniform across app types; this creates a heightened standard for security apps. Developers in this category should review their privacy policies to ensure no data collection or sharing activity is omitted. Missing disclosures could lead to policy violations.

Show full text

Added

If your app has anti-virus or security features, its privacy policy must clearly explain all data collection and sharing.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

Google has added an explicit rule preventing apps from publishing or sharing contact data that is not already public, without the user's authorization. This targets scenarios where apps might scrape, aggregate, or redistribute private contact information. Developers with apps that access the contacts permission or aggregate user relationship data should verify they have proper consent flows in place. Unauthorized sharing of contacts could now be a direct policy violation.

Show full text

Added

Don’t publish or share people's non-public contacts without authorization.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

Google now explicitly limits the linking of persistent identifiers — such as IMEI numbers — to other user data, permitting it only for telephony or enterprise device management purposes. Previously, identifier linkage restrictions were less precisely scoped. Developers using device identifiers for analytics, advertising, or other purposes must not associate them with broader user profiles. Apps outside the permitted use cases will need to decouple persistent identifiers from user data to remain compliant.

Show full text

Added

Only link persistent identifiers (like IMEI) to other user data for specific telephony or enterprise management purposes.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

This rule directly prohibits the use of SDKs that have not been approved for child-directed apps within any app targeting children. This mirrors and reinforces index 161 and 169, underscoring the importance Google places on SDK vetting for the children's audience. Developers must confirm each SDK's approval status — not just its general data practices — before inclusion. Using a non-approved SDK, even inadvertently, is now a clear violation.

Show full text

Added

Don't use unapproved SDKs for children's apps.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

Google reaffirms that apps designed for children must not include SDKs that lack explicit approval for child-directed use. This is a reiteration of the requirement in indexes 161 and 168, indicating it is a firm, non-negotiable rule rather than guidance. Developers should maintain a documented list of approved SDKs and review all dependencies — including transitive ones — before publishing. Non-compliant SDK usage in children's apps is a rejection risk.

Show full text

Added

Do not include unapproved SDKs in apps targeting children.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

A new rule has been added requiring apps to disclose their use of persistent identifiers. Previously, there was no explicit disclosure requirement for identifier usage in this section. Apps must now make this disclosure prominent so users are aware of how identifiers are being used. Developers should audit their apps to ensure any use of persistent identifiers is clearly surfaced to users.

Show full text

Added

Disclose use of identifiers.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

Google has added a specific requirement that all permitted uses of persistent identifiers must be prominently disclosed to users. This goes beyond simply mentioning identifiers in a privacy policy — the disclosure must be noticeable and clear. Developers who use persistent identifiers (e.g., Android ID, advertising ID) need to review how and where they communicate this to users. Failure to provide prominent disclosure could result in policy violations.

Show full text

Added

All permitted uses of persistent identifiers must be prominently disclosed to users.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesshighRestrictions for Personal and Sensitive…
Added

Google has added an explicit rule prohibiting apps from linking persistent identifiers to other user data except in two approved use cases. Previously, restrictions on identifier linking were less explicitly defined in this section. Developers who combine persistent identifiers with other user or device data for analytics, personalization, or advertising purposes must now verify their use case is among those approved. Any out-of-scope linking could lead to policy violations or rejection.

Show full text

Added

Avoid linking persistent identifiers to other user data unless for the two approved use cases.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Google has added a requirement that any app offering account creation must also provide users with a clear and accessible way to delete their account. This is a new explicit obligation that was not previously stated in this section. Developers who offer user accounts need to implement and surface an account deletion flow if they haven't already. Apps lacking this feature could face rejection or removal from the Play Store.

Show full text

Added

For apps that offer account creation, you are also required to provide users with a clear and accessible method to delete their account.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Previously, privacy policy requirements were more general. Google now explicitly states that developers must not omit any user or device data handling from their privacy policy. This means every data type your app touches — even incidentally — must be documented. Apps with incomplete disclosures risk rejection or removal.

Show full text

Added

Don't omit any user or device data handling from your privacy policy.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Google has added a requirement that the privacy policy be reachable from inside the app, not just linked on the Play Store listing. If your app lacks an in-app link to the privacy policy, it may be flagged for non-compliance. Developers should add a visible privacy policy link in settings or an equivalent in-app location.

Show full text

Added

Make your privacy policy accessible from within the app.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Google has codified that failing to include required app and company identification in the privacy policy is a policy violation. Previously this may have been implied; it is now an explicit requirement. Developers should ensure the policy names the app and the legal entity or developer responsible for it.

Show full text

Added

Don't fail to include required app/company identification in the privacy policy.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

This new rule requires that privacy policies accurately reflect everything the app does with data — including access, collection, use, and sharing with third parties. Vague or partially accurate disclosures are no longer acceptable. Developers should audit their policy against actual app behavior to ensure full alignment.

Show full text

Added

Accurately disclose all data access, collection, use, and sharing in the policy.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Google now explicitly prohibits presenting account freezing, suspension, or deactivation as a substitute for actual account deletion. If your app offers a 'disable' or 'freeze' option but not true deletion, this is a policy violation. Developers must ensure a genuine deletion path exists and is clearly distinguished from any account suspension feature.

Show full text

Added

Don't present account freezing as a substitute for deletion.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

A new rule explicitly bans creating difficulties or hiding steps that make it harder for users to delete their accounts. This goes beyond simply offering deletion — the process must be straightforward and free of dark patterns. Developers should review their deletion flow for unnecessary confirmation loops, support ticket requirements, or buried menu options.

Show full text

Added

Don't create any difficulties or hidden steps for users deleting their account.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Google now requires that any app supporting account creation must provide a clear and accessible way for users to delete their account. This formalizes existing Play policy expectations into an explicit stated requirement. Developers whose apps lack a self-service deletion option should add one to avoid rejection or removal.

Show full text

Added

Implement a clear, accessible process for user account deletion.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Previously, completing the Data safety section was expected but this reminder was not surfaced as a distinct guideline bullet. Google now explicitly calls out that neglecting to complete or maintain the Data safety section accurately is a policy violation. Developers must ensure their declared data practices stay in sync with their app's actual behavior. Inaccurate or incomplete Data safety forms can result in app rejection or removal.

Show full text

Added

Don't neglect to complete and maintain the Data safety section accurately.

privacy-policyPrivacy PolicyhighPrivacy Policy
Added

Google has added an explicit requirement that privacy policies be accessible to users worldwide, not just in specific regions. Previously, the expectation was implied but not stated as a standalone rule. Developers must ensure their privacy policy URL works without geo-restrictions, login walls, or other barriers. Apps with inaccessible privacy policies risk rejection or removal from the Play Store.

Show full text

Added

Ensure your privacy policy is globally accessible.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkshighEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google added an explicit 'Don't' bullet stating that ignoring applicable privacy laws constitutes a policy violation under Play Store rules. Previously, non-compliance with laws was implied to be prohibited, but it was not called out as a distinct policy violation in this checklist format. This makes it unambiguous that legal non-compliance (e.g., GDPR violations) can be an independent basis for enforcement action. Developers must ensure their apps meet all relevant legal requirements, not just Play-specific policies.

Show full text

Added

Don't ignore privacy laws, as failing to comply with applicable laws is a policy violation.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkshighEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Previously, consent requirements under the EU-U.S., UK, and Swiss Data Privacy Frameworks were implied by broader policy. Google now explicitly states that apps must not access or process personal data for any purpose a user has not consented to. This directly affects any app that handles EU user data and repurposes it, shares it with third parties, or uses it for analytics, advertising, or other secondary uses. Developers should audit their data flows to ensure every processing purpose has a clear, valid consent basis.

Show full text

Added

Don't access or process personal data for any purpose that a user has not consented to.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkshighEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google has added an explicit requirement that developers put in place both technical controls (e.g., encryption, access controls) and organizational measures (e.g., policies, staff training) to protect EU Personal Information. This goes beyond a general security best-practice recommendation — it is now a stated policy condition under the Data Privacy Frameworks. Apps that handle EU user data without documented security practices risk non-compliance and potential rejection or removal.

Show full text

Added

Implement technical and organizational measures to secure EU Personal Information.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkshighEU-U.S., UK, and Swiss Data Privacy Fra…
Added

This new rule makes insecure personal data handling a direct policy violation, not just a risk to avoid. Previously, security obligations were more general; now Google specifically calls out that handling data in ways that could result in loss or misuse is prohibited. Developers must ensure their storage, transmission, and processing practices are robust enough to prevent data breaches or leakage, as failures here could constitute a policy violation in addition to a legal one.

Show full text

Added

Don't avoid insecurely handling personal data, which could lead to loss or misuse.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkshighEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google has added a formal notification obligation: if a developer is unable to comply with the EU-U.S., UK, or Swiss Data Privacy Framework conditions, they must immediately contact data-protection-office@google.com and begin corrective action. This is a new, specific procedural requirement with a named contact point. Developers should have an internal process for detecting compliance gaps and escalating them promptly, as failure to notify Google could itself be treated as a separate policy violation.

Show full text

Added

If you are unable to meet these conditions, you must immediately notify Google's data-protection-office@google.com and take corrective action.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkshighEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google has codified that not notifying them of an inability to comply is itself a prohibited action under the Data Privacy Frameworks. This reinforces the obligation introduced alongside it (index 203) and signals that silence in the face of non-compliance will not be tolerated. Developers should treat the notification requirement as mandatory and time-sensitive, not optional or discretionary.

Show full text

Added

Don't fail to notify Google.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkshighEU-U.S., UK, and Swiss Data Privacy Fra…
Added

This rule reiterates and reinforces the notification obligation (see index 203), emphasizing the immediacy of the requirement when compliance cannot be met. The repetition in policy language signals that Google considers prompt disclosure a critical obligation. Developers should ensure their compliance monitoring processes include a clear escalation path so that any identified gap triggers immediate communication with Google.

Show full text

Added

If you can't comply with these conditions, you must inform Google immediately.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

The Inappropriate Content section previously included a standalone policy statement explicitly prohibiting apps containing or promoting sexual content, profanity, or pornography. That text has been removed from this section. The underlying policy likely still exists elsewhere, but developers should verify where this rule now lives to ensure their apps remain compliant. Apps with any sexual or profanity-related content should audit against the current full policy.

Show full text

Removed

COLLAPSE ALL EXPAND ALL Sexual Content and Profanity We don't allow apps that contain or promote sexual content or profanity, including pornography, or any content or services intended to be sexually gratifying.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

The Inappropriate Content section previously contained a named 'Hate Speech' policy prohibiting apps that promote violence or incite hatred based on a broad list of protected characteristics. This text has been removed from this section. Developers building apps involving user-generated content, social features, or community platforms should verify where the hate speech rules now appear in the full policy. The removal from this section does not necessarily mean the rule is gone, but its location has changed.

Show full text

Removed

Hate Speech We don't allow apps that promote violence, or incite hatred against individuals or groups based on race or ethnic origin, religion, disability, age, nationality, veteran status, sexual orientation, gender, gender identity, caste, immigration status, or any other characteristic that is associated with systemic discrimination or marginalization.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

A standalone 'Violence' policy statement that prohibited apps depicting or facilitating gratuitous violence or dangerous activities has been removed from the Inappropriate Content section. Developers of games, action apps, or any content involving violence should locate where this rule now resides in the full policy to confirm compliance requirements haven't changed. Its removal from this section is a structural change that warrants review.

Show full text

Removed

Violence We don't allow apps that depict or facilitate gratuitous violence or other dangerous activities.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

The Inappropriate Content section previously included a 'Violent Extremism' policy explicitly barring terrorist or dangerous organizations from publishing apps, including for recruitment purposes. This text has been removed from this section. While the intent may be covered elsewhere in Google Play policy, developers should confirm where this restriction now lives. Apps involving news, community organizing, or political content should pay close attention.

Show full text

Removed

Violent Extremism We do not permit terrorist organizations, or other dangerous organizations or movements that have engaged in, prepared for, or claimed responsibility for acts of violence against civilians to publish apps on Google Play for any purpose, including recruitment.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

The named 'Bullying and Harassment' policy, which prohibited apps containing or facilitating threats, harassment, or bullying, has been removed from the Inappropriate Content section. Developers of social, messaging, gaming, or community apps that must guard against harassment use cases should find where this policy now appears in the full guidelines. Its structural relocation does not mean the rule is dropped, but developers need to reconfirm its current location.

Show full text

Removed

Bullying and Harassment We don't allow apps that contain or facilitate threats, harassment, or bullying.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

A 'Dangerous Products' policy statement prohibiting apps that facilitate the sale of explosives, firearms, ammunition, or certain accessories has been removed from this section. Developers building e-commerce, marketplace, or hobby apps in this space should verify where this restriction now appears in the full policy to ensure their compliance approach remains valid. The rule's relocation is significant for affected app categories.

Show full text

Removed

Dangerous Products We don't allow apps that facilitate the sale of explosives, firearms, ammunition, or certain firearms accessories.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

The 'Marijuana' policy — which prohibited apps facilitating the sale of marijuana or marijuana products regardless of local legality — has been removed from the Inappropriate Content section. Developers in cannabis-adjacent markets (dispensary apps, delivery platforms, etc.) should urgently identify where this rule now resides in the full policy, as the blanket ban on facilitating sales regardless of legality was a critical constraint for this app category.

Show full text

Removed

Marijuana We don't allow apps that facilitate the sale of marijuana or marijuana products, regardless of legality.

inappropriate-contentInappropriate ContenthighInappropriate Content
Removed

The 'Tobacco and Alcohol' policy, which banned apps facilitating the sale of tobacco or nicotine products (e-cigarettes, vapes, nicotine pouches) and prohibited encouraging illegal alcohol or nicotine use, has been removed from this section. Developers of apps in these regulated product categories should locate where this guidance now appears in the full policy. The previous rule explicitly named modern nicotine delivery products, so its current status matters for compliance.

Show full text

Removed

Tobacco and Alcohol We don't allow apps that facilitate the sale of tobacco or products containing nicotine (such as e-cigarettes, vape pens and nicotine pouches) or encourage the illegal or inappropriate use of alcohol, tobacco, or nicotine.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

The policy now explicitly names pornography and content or services intended to be sexually gratifying or to solicit sexual acts for compensation as prohibited. Previously these may have been implied; they are now called out directly. Developers of any app that touches adult content or services should verify they do not fall under these categories.

Show full text

Added

This includes pornography and content or services intended to be sexually gratifying or to solicit sexual acts for compensation.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new requirement explicitly places responsibility on developers to ensure their apps do not promote or facilitate prohibited sexual activities or material. This extends accountability beyond the app itself to any services, links, or third-party content the app surfaces. Developers acting as platforms or aggregators should audit user-generated or linked content carefully.

Show full text

Added

You must ensure your apps are not promoting or facilitating such activities or material.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Catalog apps using the new exemption may only distribute a minor fraction of sexual content, must not actively promote it, and must restrict access so minors cannot reach it. These are concrete compliance requirements tied to the catalog exemption. Developers relying on this exemption need age-gating mechanisms and must avoid featuring or surfacing the content prominently.

Show full text

Added

These apps can distribute a minor fraction of sexual content as long as it is not actively promoted and access is restricted to minors.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

The full policy section now explicitly prohibits apps that contain or promote sexual content, profanity, pornography, or any content or services intended to be sexually gratifying. While the prohibition on sexual content is not new, the explicit inclusion of 'services intended to be sexually gratifying' broadens and clarifies the scope. Developers offering any subscription, live, or on-demand adult-adjacent services should carefully evaluate this language.

Show full text

Added

Full Policy We don't allow apps that contain or promote sexual content or profanity, including pornography, or any content or services intended to be sexually gratifying.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new Key Considerations section introduces explicit Do/Don't guidance, with protecting minors by restricting access to sexual content listed as a required practice. This formalizes minor-protection as a named compliance action, not just an implied expectation. Developers whose apps could be accessed by minors and carry any mature content must implement and verify appropriate access controls.

Show full text

Added

Key Considerations Do Don't Protect minors by restricting access to sexual content.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Previously, restrictions on sexual content were implied under broader inappropriate content rules. Google Play now explicitly prohibits depictions of sexual nudity, sexually suggestive poses, or sex acts within apps. Developers whose apps display any such content — even in user-generated or catalog contexts — must audit and remove it or risk rejection.

Show full text

Added

Don't include depictions of sexual nudity, sexually suggestive poses, or sex acts.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Google Play has added a proportionality requirement: sexual content cannot dominate an app's catalog. Apps where sexual material makes up a significant or majority portion of available content will likely fall outside compliance. Developers running content platforms should review their catalog balance to ensure sexual titles are clearly a small minority.

Show full text

Added

Ensure sexual content is a minor fraction of the overall catalog.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new rule explicitly prohibits lewd, profane, or explicitly sexual text from appearing in an app's Play Store listing, including descriptions, titles, and promotional copy. This applies even if the app itself is otherwise compliant. Developers should review all store listing metadata and remove any content that could be interpreted as explicit or profane.

Show full text

Added

Don't have content that is lewd, profane, or includes explicit text in your store listing.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Google Play has introduced a named Hate Speech Policy section, explicitly stating that apps inciting hatred or promoting violence against individuals or protected groups are not allowed. While hate speech was broadly prohibited before, this formal policy designation signals stricter and more structured enforcement. Developers should audit any user-generated content, community features, or editorial content that could violate this policy.

Show full text

Added

Hate Speech Policy Summary Google Play does not allow apps that incite hatred or promote violence against individuals or protected groups.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new rule explicitly prohibits content that characterizes a protected group as evil, corrupt, or a societal threat. This goes beyond overt slurs and targets subtler forms of dehumanizing framing that could appear in storytelling, game narratives, or news-style content. Developers should audit app content and user-generated content moderation for this type of characterization.

Show full text

Added

Don't include content that suggests a protected group is evil, corrupt, or a threat.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Developers are now explicitly required to remove content that promotes hate symbols, slurs, or stereotypes targeting protected groups. This applies to app content, assets, and potentially user-generated content within the app. Apps in categories like games, social platforms, or sticker/emoji packs are especially at risk if this content appears anywhere in the experience.

Show full text

Added

Remove any content that promotes hate symbols, slurs or stereotypes.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new rule bars apps from encouraging users or others to discriminate against any individual or group. This extends the hate speech policy beyond direct content to include calls to action or features that facilitate discriminatory behavior. Apps with social, hiring, housing, or community-matching features should review whether their mechanics could be interpreted as encouraging discrimination.

Show full text

Added

Don't encourage others to discriminate against any individual or group.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new requirement states that apps must not assert that any group is inferior or subhuman. This targets dehumanizing language and framing that may appear in user-generated content, chat features, forums, or narrative content. Developers should ensure content moderation systems are capable of catching this type of language.

Show full text

Added

Ensure your app does not assert that any group is inferior or inhuman.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new rule prohibits using flags, symbols, or insignia associated with hate groups anywhere in an app. This includes imagery in game assets, stickers, avatars, or user-generated content. Developers should audit visual assets and ensure UGC moderation can detect and remove such symbols before they surface publicly.

Show full text

Added

Don't use flags, symbols, or insignia associated with hate groups.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new explicit prohibition has been added stating that apps must not promote or encourage child sexual abuse material (CSAM) or similar inappropriate content. While this type of content was already broadly disallowed, this addition makes the rule more explicit. Developers should ensure no app content, metadata, or user-generated content pathways could be construed as promoting such material.

Show full text

Added

You must not promote representation or encouragement of such material.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A formal full-policy statement has been added under Inappropriate Content explicitly prohibiting apps that depict or facilitate gratuitous violence or other dangerous activities. This codifies and surfaces the rule more prominently in the policy document. Developers with apps containing graphic violence should assess whether their content crosses into 'gratuitous' territory, as this explicit statement increases the likelihood of enforcement action.

Show full text

Added

Full Policy We don't allow apps that depict or facilitate gratuitous violence or other dangerous activities.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new requirement specifies that developers must provide Educational, Documentary, Scientific, or Artistic (EDSA) context in order to be granted an exception for content related to violent extremism. Previously, this exception pathway was not explicitly documented in this section. Developers publishing news, documentary, or educational apps that reference extremist content must now ensure that EDSA context is clearly articulated to avoid rejection.

Show full text

Added

You must provide EDSA context to attain an exception.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new Do/Don't guidance table has been added specifying that developers must provide relevant EDSA (Educational, Documentary, Scientific, or Artistic) context for any content related to violent extremism. This structured guidance makes it clearer what is expected of developers seeking to publish sensitive content legitimately. Failing to include appropriate EDSA framing could result in rejection even for otherwise legitimate educational or journalistic apps.

Show full text

Added

Key Considerations Do Don't Provide relevant EDSA (Educational, Documentary, Scientific, or Artistic) context for any content related to violent extremism.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Previously this prohibition may not have been stated in such direct terms. Google now explicitly forbids any content that promotes or incites violence. Developers should audit user-generated content pipelines, marketing copy, and in-app content to ensure nothing could be interpreted as encouraging violent acts, or risk rejection.

Show full text

Added

Don't include content that promotes or incites violence.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

This new rule places an affirmative review obligation on developers, not just a passive prohibition. Apps must not glorify, plan, or celebrate acts of violence in any form. This means pre-submission self-review is now an explicit expectation, and failing to catch such content could result in rejection or removal.

Show full text

Added

Review your app to ensure it doesn't glorify, plan, or celebrate acts of violence.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

This rule extends the violence prohibition to cover content that prepares users for violent acts, not just content that promotes violence outright. Instructional or glorifying content related to violence — even framed as fiction or gaming — may now fall under this rule. Developers should review tutorials, walkthroughs, and narrative content for anything that could be interpreted as preparation guidance for real-world violence.

Show full text

Added

Don't post content that glorifies or prepares for violent acts.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Google has added a direct prohibition statement making clear that apps must not provide services related to restricted dangerous goods categories. This is a new explicit directive rather than implied guidance. Developers whose apps touch any of the related content areas (firearms, explosives, marijuana, etc.) should treat this as a firm line, not a grey area.

Show full text

Added

You must not provide these services.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new Key Considerations section has been added with explicit Do/Don't guidance. On the 'Do' side, developers are told to ensure their app does not facilitate the sale of restricted firearms accessories. This structured guidance makes enforcement expectations clearer and gives reviewers a concrete checklist. Apps in the firearms or sporting goods space should audit any accessory-sale features immediately.

Show full text

Added

Key Considerations Do Don't Ensure your app does not facilitate the sale of restricted firearms accessories.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new 'Key Considerations' section introduces a narrow carve-out: food and grocery apps may facilitate limited tobacco sales provided they implement age-gating safeguards; age-gating is also required for alcohol sales. This is new explicit guidance that did not exist before. Developers of grocery or food-delivery apps that include alcohol or tobacco in their catalog must implement proper age verification to remain compliant.

Show full text

Added

Key Considerations Do Don't Provide age-gating safeguards for the sale of alcohol and for limited sale of tobacco in food/grocery apps.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

As part of the new Key Considerations 'Don't' list, Google now explicitly calls out facilitating the sale of tobacco, e-cigarettes, and nicotine pouches as prohibited behaviors. This operationalizes the broader policy prohibition with concrete examples. Developers must ensure no in-app purchasing, ordering, or brokering flows exist for these product types.

Show full text

Added

Don't facilitate the sale of tobacco, e-cigarettes, or nicotine pouches.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new explicit 'Don't' item prohibits apps from encouraging alcohol or tobacco use by minors. While this may have been implied by broader policies, it is now stated as a concrete prohibited behavior. Developers whose apps include any alcohol or tobacco content — even informational — should ensure that content is not accessible to or targeted at minors.

Show full text

Added

Don't encourage the use of alcohol or tobacco by minors.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

Apps must not advertise or promote tobacco products, and this prohibition now explicitly extends to including links to sites where tobacco can be purchased. This goes beyond direct sales facilitation — even affiliate links, partner banners, or informational pages with purchase links could trigger a violation. Developers should audit all outbound links and ad placements related to tobacco.

Show full text

Added

Don't advertise or promote tobacco products, including links to selling sites.

inappropriate-contentInappropriate ContenthighInappropriate Content
Added

A new rule has been added stating that apps must not portray excessive drinking in a favorable light. Previously, the alcohol policy focused on facilitating illegal or inappropriate use of alcohol; this addition targets content that glamorizes or positively frames heavy drinking, even without a transactional element. Developers of lifestyle, social, gaming, or entertainment apps that include alcohol-themed content should review whether that content could be seen as endorsing excessive consumption, as violations could lead to rejection or removal.

Show full text

Added

Don't portray excessive drinking favorably.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google Play has published a new policy summary section explicitly stating that apps containing or promoting sexual content or profanity are not allowed. Previously, this policy existed but the structured summary format is newly surfaced. Developers should review whether their app's content, metadata, or associated services could be interpreted as sexual or profane. This affects any app category, not just adult-oriented apps.

Show full text

Added

Sexual Content and Profanity Policy Summary We don't allow apps on Google Play that contain or promote sexual content or profanity.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

The policy now explicitly includes pornography and content or services designed to be sexually gratifying or to solicit sexual acts for compensation as prohibited categories. This expands the written scope beyond just 'sexual content' to cover transactional or service-based sexual offerings. Developers running platforms that connect users for services should carefully audit whether their app could be interpreted as facilitating such exchanges. Failure to comply risks rejection or removal.

Show full text

Added

This includes pornography and content or services intended to be sexually gratifying or to solicit sexual acts for compensation.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new affirmative obligation is added requiring developers to actively ensure their apps do not promote or facilitate prohibited sexual activities or material. This shifts some responsibility onto developers rather than relying solely on Google's detection. Apps with user-generated content, external links, or third-party integrations are particularly at risk if those channels could surface such material. Developers should implement appropriate moderation and content controls.

Show full text

Added

You must ensure your apps are not promoting or facilitating such activities or material.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Under the catalog app exemption, a small portion of sexual content is permitted provided it is not actively promoted within the app and access is restricted so minors cannot reach it. This sets two clear conditions developers must meet to use the exemption: no active promotion of sexual content and age-gating. Developers relying on this exemption should implement robust age verification and ensure their content discovery features do not surface sexual content prominently.

Show full text

Added

These apps can distribute a minor fraction of sexual content as long as it is not actively promoted and access is restricted to minors.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A structured Do/Don't section is introduced, with protecting minors by restricting access to sexual content listed as a required practice. This makes minor protection an explicit, documented compliance requirement rather than an implied expectation. Developers with any adult content — even within exemptions — must implement access restrictions for minors. Failing to include age-gating or similar controls could now be cited directly as a policy violation.

Show full text

Added

Key Considerations Do Don't Protect minors by restricting access to sexual content.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

The policy now lists specific prohibited content types: sexual nudity, sexually suggestive poses, and sex acts. This level of specificity is newly documented and gives developers clearer criteria for evaluating their content. Apps featuring user-generated images, AI-generated imagery, or curated media should audit their content against these explicit categories. Even suggestive (not explicitly sexual) poses are now clearly called out as prohibited, which may affect apps in fitness, fashion, or social categories.

Show full text

Added

Don't include depictions of sexual nudity, sexually suggestive poses, or sex acts.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new explicit rule states that sexual content must represent only a small portion of an app's total content catalog. Previously, there was no clear proportionality requirement. Apps that are primarily or heavily focused on sexual content will now be at risk of removal. Developers running content catalog apps should audit their ratio of sexual to non-sexual content.

Show full text

Added

Ensure sexual content is a minor fraction of the overall catalog.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google Play now explicitly limits sexual content distribution to apps that operate as book or video catalog platforms. Other app types — such as games, utilities, or social apps — are not permitted to distribute sexual content under this new rule. Developers outside the book/video catalog category who currently include any sexual content must remove it to remain compliant. This is a significant scoping restriction that could affect a wide range of app categories.

Show full text

Added

Distribute sexual content only within a book/video catalog app.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new rule prohibits developers from including lewd, profane, or explicitly sexual text in their app's store listing — covering titles, descriptions, and related metadata. This extends content restrictions beyond the app itself to its Play Store presence. Developers should review all store listing copy to ensure it meets this standard. Non-compliance could result in listing removal or app suspension.

Show full text

Added

Don't have content that is lewd, profane, or includes explicit text in your store listing.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Apps must not promote services that could reasonably be interpreted as soliciting sexual acts or featuring non-consensual sexual content. This goes beyond explicit material and targets suggestive or ambiguous promotional content that implies such services. Developers of dating, social, or adult-adjacent apps should carefully review how their services and features are described and promoted. Ambiguous language or imagery that hints at these themes could trigger enforcement.

Show full text

Added

Don't promote services interpreted as soliciting sexual acts or non-consensual sexual content.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new explicit 'Don't' rule states that apps inciting hatred or violence against any individual or group are prohibited. While this aligns with existing hate speech policy spirit, it is now a clearly enumerated rule in a structured checklist format. Developers should audit any user-generated content features, community spaces, or editorial content within their apps for material that could be read as incitement.

Show full text

Added

Don't publish apps that incite hatred or violence against individuals or groups.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new explicit prohibition bars content suggesting any protected group is evil, corrupt, or a threat to society. This rule goes beyond banning direct slurs and targets more subtle narrative framing or stereotyping. Developers building news, opinion, entertainment, or community apps need to ensure their content moderation policies and editorial choices don't allow such portrayals to appear in-app.

Show full text

Added

Don't include content that suggests a protected group is evil, corrupt, or a threat.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

The updated guidelines add a direct instruction to remove any content promoting hate symbols, slurs, or stereotypes. This moves from a general hate speech prohibition to an itemized, actionable requirement targeting specific content types. Developers must ensure their content pipelines, user-generated content moderation, and any pre-loaded assets are free of such material or risk rejection and removal.

Show full text

Added

Remove any content that promotes hate symbols, slurs or stereotypes.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new 'Don't' item specifically forbids apps from encouraging others to discriminate against any individual or group. This extends hate speech policy beyond the app's own content to include functionality or features that could mobilize users toward discriminatory actions. Apps with social coordination, call-to-action, or community-organizing features should be reviewed for potential misuse in this context.

Show full text

Added

Don't encourage others to discriminate against any individual or group.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new rule explicitly prohibits app content that asserts any group is inferior or subhuman. This dehumanization prohibition is now a clearly stated standalone requirement rather than being implied under broader hate speech rules. Developers of content-heavy apps—including games, social platforms, and media apps—should audit for any narrative, dialogue, or user content that could be interpreted as dehumanizing a group.

Show full text

Added

Ensure your app does not assert that any group is inferior or inhuman.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new 'Don't' rule prohibits including flags, symbols, or insignia associated with hate groups in app content. This is a specific and enforceable addition to the hate speech policy that goes beyond text-based slurs to cover visual assets. Developers should audit all imagery, icons, stickers, emojis, and user-generated asset libraries to ensure no hate group visual identifiers are present or uploadable.

Show full text

Added

Don't use flags, symbols, or insignia associated with hate groups.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new Violence Policy Summary section has been added, stating that apps containing gratuitous violence or content depicting dangerous activities are prohibited. This introduces a named summary block for violence policy, giving it greater prominence and clarity. Developers of action games, true crime apps, or any app with graphic content should treat this as a reinforced signal that gratuitous violence is an active rejection risk.

Show full text

Added

Violence Policy Summary Apps that contain gratuitous violence or dangerous activities are prohibited.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

As part of the new Violence Policy Summary, a rule now explicitly prohibits apps from promoting or encouraging gratuitous violence or dangerous activities—not just containing such content passively. This means apps that frame, glorify, or incentivize violent or dangerous behavior are also covered. Developers should review reward systems, achievement structures, and editorial framing to ensure they do not implicitly encourage such behavior.

Show full text

Added

You must not promote representation or encouragement of such material.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new top-level policy statement has been added formally prohibiting apps that depict or facilitate gratuitous violence or other dangerous activities. While this reflects existing enforcement practice, its addition as a named policy entry increases its visibility and enforceability. Developers with mature or action-oriented content should ensure their app does not cross into gratuitous territory to avoid rejection.

Show full text

Added

Full Policy We don't allow apps that depict or facilitate gratuitous violence or other dangerous activities.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new requirement states that developers must provide EDSA (Educational, Documentary, Scientific, or Artistic) context in order to qualify for an exception to the Violent Extremism policy. Previously, the process or criteria for obtaining exceptions were not explicitly stated at this level. Developers whose apps cover extremism-related topics for legitimate informational purposes must now explicitly frame and document that context to avoid rejection.

Show full text

Added

You must provide EDSA context to attain an exception.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new key considerations section with explicit Do/Don't guidance has been added, specifying that developers should provide EDSA (Educational, Documentary, Scientific, or Artistic) context for any content related to violent extremism. This structured guidance makes the EDSA requirement more prominent and actionable. Developers creating documentaries, journalism apps, or educational tools touching on extremism topics must ensure EDSA framing is clearly present in their app and metadata.

Show full text

Added

Key Considerations Do Don't Provide relevant EDSA (Educational, Documentary, Scientific, or Artistic) context for any content related to violent extremism.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new 'Don't' rule prohibits including any content that promotes or incites violence. While anti-violence rules have existed in Google's policies, this addition places a clear, standalone prohibition in the Violent Extremism section's actionable guidance. Developers with user-generated content, forums, or editorial content should ensure moderation systems prevent violence-inciting material from appearing in their apps.

Show full text

Added

Don't include content that promotes or incites violence.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google has added an explicit requirement that developers review their apps to ensure no content glorifies, plans, or celebrates violent acts. Previously this expectation may have been implied under broader content policies; it is now a stated obligation. Developers of apps with user-generated content, news, gaming, or community features should audit content moderation systems to ensure violent glorification cannot surface. Failure to comply is a direct path to rejection or removal.

Show full text

Added

Review your app to ensure it doesn't glorify, plan, or celebrate acts of violence.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google now explicitly prohibits apps from being used as a vehicle for recruiting users into dangerous organizations. This goes beyond simply hosting violent content — the app's functional purpose or features must not facilitate organizational recruitment for harmful groups. Developers of social, messaging, or community-building apps should ensure their platforms cannot be systematically used for this purpose. This is a new, enforceable prohibition that could result in app removal.

Show full text

Added

Don't use your app for recruitment into dangerous organizations.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google has added a clear prohibition against posting content that glorifies violence or facilitates preparation for violent acts. This complements the review requirement in index 130 but targets posted content specifically, including user-generated content within apps. Developers must ensure their content policies and moderation tools actively prevent such material from appearing in their apps. This is an actionable rule that can trigger enforcement if violations are discovered post-launch.

Show full text

Added

Don't post content that glorifies or prepares for violent acts.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google has introduced a Bullying and Harassment Policy Summary stating that apps must not contain or facilitate harassment, exploitation, or bullying in any form. While anti-harassment rules existed previously in the full policy, this summary makes the scope explicit and broader — covering facilitation, not just direct content. Developers of social, gaming, messaging, or community apps need to ensure both their own content and user interactions cannot enable bullying or exploitation. This policy applies to the app itself, not just individual posts.

Show full text

Added

Bullying and Harassment Policy Summary You must not create apps containing or facilitating harassment, exploitation or bullying of any kind.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

The full policy text now directly states that Google does not allow apps that contain or facilitate threats, harassment, or bullying. This language makes it clear that the prohibition extends to the app's functionality and not just its static content — an app that enables users to harass others is itself in violation. Developers of any app with user interaction capabilities should ensure robust moderation, reporting, and abuse-prevention mechanisms are in place. Apps found to facilitate these behaviors are subject to removal.

Show full text

Added

Full Policy We don't allow apps that contain or facilitate threats, harassment, or bullying.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A structured 'Do/Don't' guidance section has been added specifically calling out restricted firearms accessories as a compliance focal point. Previously, guidance in this format was not present for this topic. Developers must ensure their app cannot be used to facilitate the sale of accessories classified as restricted under the policy, even if firearms themselves are not sold.

Show full text

Added

Key Considerations Do Don't Ensure your app does not facilitate the sale of restricted firearms accessories.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new explicit requirement states that apps must not include instructions on how to convert firearms to automatic firing capabilities. This goes beyond sales prohibitions and targets informational content within apps. Developers with any firearms-related content—guides, tutorials, forums, or user-generated content—must audit and remove such instructional material to avoid rejection.

Show full text

Added

Remove any instructions on converting firearms to automatic firing capabilities.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new 'Don't' rule explicitly bans apps from facilitating the sale of firearm accessories that simulate or enable automatic fire (e.g., bump stocks or similar devices). This narrows in on a specific accessory category that may not have been clearly called out before. Developers with any commerce functionality related to firearms accessories must ensure these specific product types are excluded.

Show full text

Added

Don't allow the sale of firearm accessories that simulate or enable automatic fire.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new prohibition explicitly forbids apps from containing instructions for creating weapons or restricted firearm accessories, such as 3D-printing guides or DIY modification tutorials. This extends the policy beyond sales facilitation to cover purely informational or instructional content. Developers hosting user-generated content, forums, or how-to content must moderate and remove any such material.

Show full text

Added

Don't include instructions for creating weapons or restricted firearm accessories.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

Google has published explicit Do/Don't guidance clarifying that age-gating safeguards are required for alcohol sales and are the permitted approach for limited tobacco sales within food or grocery apps. This carve-out is notable — it suggests that incidental tobacco sales within a broader grocery/food app context may be allowed if age-gating is implemented properly. Developers of grocery or delivery apps that include alcohol or tobacco products must ensure compliant age verification is in place.

Show full text

Added

Key Considerations Do Don't Provide age-gating safeguards for the sale of alcohol and for limited sale of tobacco in food/grocery apps.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new 'Don't' guideline explicitly prohibits apps from encouraging alcohol or tobacco use by minors. While this may align with previously implied rules, it is now a named, enforceable prohibition in the policy. Developers of any app with alcohol or tobacco content — including games, social apps, or lifestyle apps — must ensure no features, content, or messaging could be interpreted as promoting these substances to underage users.

Show full text

Added

Don't encourage the use of alcohol or tobacco by minors.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLhighCOLLAPSE ALL EXPAND ALL
Added

A new prohibition has been added forbidding apps from advertising or promoting tobacco products, specifically including links to sites where tobacco products are sold. This goes beyond just in-app sales and covers promotional or affiliate content. Developers who monetize through tobacco brand sponsorships, affiliate links, or promotional integrations must remove this content to remain compliant.

Show full text

Added

Don't advertise or promote tobacco products, including links to selling sites.

google-play-families-policiesGoogle Play Families PoliciesmediumGoogle Play Families Policies
Added

Google has added a new 'Policy Summary' section to the Families Policies page, stating that all apps in the Google Play Families program must protect children's privacy and comply with applicable laws. While this largely restates existing obligations, the formalized summary signals increased enforcement focus. Developers in the Families program should treat this as a prompt to audit their privacy practices against current requirements.

Show full text

Added

Policy Summary Apps in the Google Play Families program must protect children's privacy and comply with all applicable laws.

google-play-families-policiesGoogle Play Families PoliciesmediumGoogle Play Families Policies
Added

The new summary section explicitly states that Families program apps must use only Google-certified ad SDKs and are prohibited from serving personalized advertising to children. This restates existing policy but its inclusion in a summary section suggests Google intends stricter scrutiny. Developers using any third-party ad SDK in a child-directed app should verify that SDK's certification status with Google.

Show full text

Added

This includes using only certified ad SDKs and prohibiting personalized advertising.

google-play-families-policiesGoogle Play Families PoliciesmediumGoogle Play Families Policies
Added

The new summary section explicitly states that all Families program apps must have a privacy policy that accurately describes how user data is collected and handled. While a privacy policy has long been required for child-directed apps, the emphasis on accuracy is notable—vague or incomplete privacy policies could now draw rejection or removal. Developers should audit their privacy policy to ensure it precisely reflects current data collection, sharing, and retention practices.

Show full text

Added

Apps must have a privacy policy that accurately reflects data collection and handling practices.

google-play-families-policiesGoogle Play Families PoliciesmediumGoogle Play Families Policies
Added

A new requirement has been added stating that apps targeting children must have a privacy policy that accurately and fully describes the app's data collection and handling practices. While privacy policies have long been required, this addition explicitly ties accuracy and completeness of the privacy policy to Families Policy compliance. Developers should review their privacy policy to ensure it matches actual data practices, including any third-party SDK data collection.

Show full text

Added

Ensure your privacy policy accurately explains your app's data collection and handling practices.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

A new 'Do' rule requires that an app's privacy policy accurately describes its data collection and handling practices. While privacy policies have long been required, this new entry specifically calls out accuracy as a distinct obligation within the children's context. Developers should audit their privacy policy language to ensure it precisely matches actual in-app data behavior.

Show full text

Added

Ensure your privacy policy accurately explains your app's data collection and handling practices.

permissions-for-foreground-services-fgsPermissions for Foreground Services (FGS)mediumPermissions for Foreground Services (FG…
Added

Google Play has added a formal policy summary section for Foreground Service permissions, consolidating and highlighting existing requirements for apps targeting Android 14 and above. Apps must declare valid FGS types in both the AndroidManifest and Play Console, and provide descriptions, user impact statements, and a demo video justifying each service's use based on user-initiated, perceptible actions. While these requirements were already part of the full policy, the new summary increases their visibility and signals closer scrutiny during review. Developers targeting Android 14+ who have not yet completed these declarations should do so promptly to avoid rejections.

Show full text

Added

Policy Summary The Foreground Service permission policy ensures user transparency, privacy, and optimal device performance. For apps targeting Android 14+ you must declare valid Foreground Service (FGS) types in the manifest and Play Console, providing descriptions, user impact, and a demo video justifying their use based on user-initiated, perceptible actions. Please review the full policy to ensure compliance. Full Policy The Foreground Service permission ensures the appropriate use of user-facing foreground services. For apps targeting Android 14 and above, you must specify a valid foreground service type for each foreground service used in your app, and declare the foreground service permission that is appropriate for that type. For example, if your app’s use case requires map geolocation, you must declare the FOREGROUND_SERVICE_LOCATION permission in your app’s manifest. Apps are only allowed to declare a foreground service permission if the use: provides a feature that is beneficial to the user and relevant to the core functionality of the app is initiated by the user or is user perceptible (for example, audio from playing a song, cast media to another device, accurate and clear user notification, user request to upload a photo to the cloud) can be terminated or stopped by the user can’t be interrupted or deferred by the system without causing a negative user experience or causing the user anticipated feature to not work as intended (for example, a phone call needs to start immediately and can’t be deferred by the system) runs only for as long as necessary to complete the task The following foreground service use cases are exempt from the above criteria: foreground service types systemExempted or shortService; foreground service type dataSync only when using Play Asset Delivery features The use of foreground service is further explained here. Key Considerations Do Don't Run FGS only for as long as necessary to complete the task. Don't use FGS if system management of your task doesn’t break the user experience in your app. Consider alternatives like WorkManager. Ensure FGS provides a user-beneficial core app feature, is initiated by the user, is visible in notifications or is user perceptible (for example, audio from playing a song). Don't declare invalid or inaccurate FGS types in your app’s manifest. Submit a declaration form in your Play Console if targeting Android 14+ and describe the use case for each Foreground Services (FGS) permission used. Ensure the appropriate FGS type is selected. User-Initiated Data Transfer Jobs Policy Summary To maintain user control and prevent prolonged background activity Google Play provides strict guidelines for Apps using the user-initiated data transfer jobs API. Data transfers must be directly prompted by the user, ensuring that the app executes a command rather than initiating transfers independently. These transfers are exclusively for network data transfer tasks and must only operate for the duration required to complete the requested action. Please review the full policy to ensure compliance. Full Policy Apps are only allowed to use the user-initiated data transfer jobs API if the use is: initiated by the user for network data transfer tasks runs only for as long as necessary to complete the data transfer The usage of the user-initiated data transfer jobs API is further explained here. Key Considerations Do Don't Start transfers with user action. Don't initiate transfers automatically. Use for network data transfer tasks only. Don't use the API for non-network tasks. Stop when the transfer is finished. Don't run longer than needed. Flag Secure Requirements Policy Summary FLAG_SECURE is an app-declared display flag indicating sensitive data in the UI should be limited to secure surfaces, preventing screenshots and non-secure display viewing and capturing. Developers use this when content shouldn't be broadcast or viewed outside the app/device. Google Play requires all apps to respect other apps' FLAG_SECURE declarations and not bypass them for security and privacy. Please review the full policy to ensure compliance. Full Policy FLAG_SECURE is a display flag declared in an app’s code to indicate that its UI contains sensitive data intended to be limited to a secure surface while using the app. This flag is designed to prevent the data from appearing in screenshots or from being viewed on non-secure displays. Developers declare this flag when the app’s content should not be broadcast, viewed, or otherwise transmitted outside of the app or users’ device. For security and privacy purposes, all apps distributed on Google Play are required to respect the FLAG_SECURE declaration of other apps. Meaning, apps must not facilitate or create workarounds to bypass the FLAG_SECURE settings in other apps. Apps that qualify as an Accessibility Tool are exempt from this requirement, as long as they do not transmit, save, or cache FLAG_SECURE protected content for access outside of the user's device. Key Considerations Do Don't Declare FLAG_SECURE for sensitive data in the UI that needs protection from capture. Don't bypass or create workarounds for FLAG_SECURE settings in other apps. Respect other apps' FLAG_SECURE declarations for security and privacy. Don't transmit, save, or cache FLAG_SECURE protected content outside the device, even if an Accessibility Tool. Apps that Run On-device Android Containers Policy Summary To prevent security and privacy concerns, developers can use a `REQUIRE_SECURE_ENV` flag in their app manifest when on-device Android container apps lack the full security features of Android OS. The flag indicates the app should not run in a simulated environment. Apps providing these containers are required to respect this flag by not loading apps that declare it and are prohibited from bypassing this security measure. Please review the full policy to ensure compliance. Full Policy On-device Android container apps provide environments that simulate whole or portions of an underlying Android OS. The experience within these environments may not reflect the full suite of Android security features, which is why developers can choose to add a secure environment manifest flag to communicate to on-device Android containers that they must not operate in their simulated Android environment. Secure Environment Manifest Flag REQUIRE_SECURE_ENV is a flag that can be declared in an app’s manifest to indicate that this app must not run in on-device Android container apps. For security and privacy purposes, apps that provide on-device Android containers must respect all apps that declare this flag and: Review the manifests of apps they intend to load in their on-device Android container for this flag. Not load the apps that declared this flag into their on-device Android container. Not function as a proxy by intercepting or calling APIs on the device so that they appear to be installed in the container. Not facilitate, or create workarounds to bypass the flag (such as, loading an older version of an app to bypass the current app’s REQUIRE_SECURE_ENV flag). Learn more about this policy in our Help Center. Key Considerations Do Don't Apps that provide on-device containers must check for the REQUIRE_SECURE_ENV flag in other apps' manifests and not load them. Don't ignore the flag. You cannot load an app into your container if it declares the REQUIRE_SECURE_ENV flag. Avoid workarounds. You are prohibited from bypassing the flag, such as by loading older versions of an app. Don't bypass security measures. Do not create workarounds to override an app's security preference. Avoid proxying APIs. Do not function as a proxy by intercepting or calling APIs outside the container. Don't make it appear that apps are running in a secure environment when they are not. Review the policy requirements for on-device Android containers. Help us improve this policy article by taking a 2-minute survey.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

Google previously provided a recommended template and concrete examples (e.g., 'Fitness Funds collects location data…') to help developers write compliant prominent disclosure strings. This guidance has been removed from the policy. Developers who relied on this format to craft their disclosures should look for updated guidance elsewhere, as losing this reference may make it harder to know whether disclosure wording is acceptable.

Show full text

Removed

To meet policy requirements, it’s recommended that you reference the following example format for Prominent Disclosure when it’s required: “[This app] collects/transmits/syncs/stores [type of data] to enable ["feature"], [in what scenario]." Example: “Fitness Funds collects location data to enable fitness tracking even when the app is closed or not in use and is also used to support advertising.” Example: “Call buddy collects read and write call log data to enable contact organization even when the app is not in use.” If your app integrates third party code (for example, an SDK) that is designed to collect personal and sensitive user data by default, you must, within 2 weeks of receipt of a request from Google Play (or, if Google Play’s request provides for a longer time period, within that time period), provide sufficient evidence demonstrating that your app meets the Prominent Disclosure and Consent requirements of this policy, including with regard to the data access, collection, use, or sharing via the third party code.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

The header text that introduced the table of specific data-access restrictions has been removed from the Developer Program Policy. This sentence served as the gateway reference telling developers to consult the restrictions table for detailed per-data-type requirements. If the table itself remains, the removal is largely structural, but developers should confirm the table is still accessible and that no associated requirements were dropped alongside this text.

Show full text

Removed

Restrictions for Personal and Sensitive Data Access In addition to the requirements above, the table below describes requirements for specific activities.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

Previously, developers were explicitly required to ensure their Data Safety section disclosures aligned with what their privacy policy stated. This consistency requirement has been removed from the policy text. While consistency is still good practice, its removal as an explicit rule may affect how Google evaluates mismatches between these two documents during review.

Show full text

Removed

Where relevant, the section must be consistent with the disclosures made in the app’s privacy policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

Developers were previously required to include their data retention and deletion practices in their app's privacy policy. This specific requirement has been removed from the policy. Apps that only added this section to comply with this rule should still consider retaining it for user trust and potential requirements under regional privacy laws (e.g., GDPR, CCPA).

Show full text

Removed

The developer’s data retention and deletion policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

Previously, the entity named in the Play Store listing or the app itself was required to be explicitly identified in the privacy policy, establishing a clear legal link between the listing and the policy document. This requirement has been removed. Developers should still ensure their privacy policy identifies the responsible party, as this is commonly required by regional privacy regulations independent of Google's policy.

Show full text

Removed

The entity (for example, developer, company) named in the app’s Google Play store listing must appear in the privacy policy or the app must be named in the privacy policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

The explicit account deletion requirement — which mandated that apps offering in-app account creation must also provide users a way to request account deletion — has been removed from this section of the policy. This does not necessarily mean the requirement is gone; it may have been relocated or consolidated elsewhere in the policy. Developers should verify whether this rule now appears under a different section before assuming the obligation has been lifted.

Show full text

Removed

Account Deletion Requirement If your app allows users to create an account from within your app, then it must also allow users to request for their account to be deleted.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

The clause explicitly requiring developers to delete all user data associated with an account when honoring an account deletion request has been removed from this section. As with the account deletion rule above, this may reflect a restructuring rather than an outright removal of the obligation. Developers handling user accounts should audit the full policy to confirm whether this requirement persists elsewhere.

Show full text

Removed

When you delete an app account based on a user’s request, you must also delete the user data associated with that app account.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

The section introducing Android's App Set ID — a new identifier intended for use cases like analytics and fraud prevention — has been removed from this part of the policy. This guidance may have been moved to a dedicated section or updated documentation. Developers using App Set ID should check current Android and Play policy documentation to ensure their implementation still aligns with current requirements.

Show full text

Removed

Usage of App Set ID Android will introduce a new ID to support essential use cases such as analytics and fraud prevention.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

A standalone clause requiring developers to obtain legally valid user consent where required by law has been removed from this section. This is likely a consolidation or restructuring move, as consent obligations are broadly required under data protection laws. Developers should confirm that consent requirements are still addressed in other parts of the policy and that their apps remain compliant.

Show full text

Removed

You must obtain users’ legally valid consent where required.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has added an explicit callout warning developers not to neglect account deletion as part of their data handling obligations. This signals increased enforcement attention on account lifecycle management. Apps that offer account creation must ensure a proper deletion path is implemented and visible to users.

Show full text

Added

Don't neglect account deletion.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has added a recommended template format for prominent disclosure notices: '[App name] collects/transmits/syncs/stores [data type] to enable [feature] [in what scenario].' Concrete examples are provided, including location tracking for fitness apps used in the background and call log access for contact organization apps. While described as recommended rather than mandatory, following this format is the clearest way to demonstrate compliance with the disclosure requirement.

Show full text

Added

To meet policy requirements, it's recommended that you reference the following example format for Prominent Disclosure when it's required: "[This app] collects/transmits/syncs/stores [type of data] to enable ["feature"], [in what scenario]." Example: "Fitness Funds collects location data to enable fitness tracking even when the app is closed or not in use and is also used to support advertising." Example: "Call buddy collects read and write call log data to enable contact organization even when the app is not in use." If your app integrates third party code (for example, an SDK) that is designed to collect personal and sensitive user data by default, you must, within 2 weeks of receipt of a request from Google Play (or, if Google Play's request provides for a longer time period, within that time period), provide sufficient evidence demonstrating that your app meets the Prominent Disclosure and Consent requirements of this policy, including with regard to the data access, collection, use, or sharing via the third party code.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has introduced a 'Key Considerations' section formatted as a Do/Don't list, with an explicit directive to handle contacts securely. This type of structured guidance makes expectations more concrete and enforceable. Developers building apps that access contact data should review this section carefully, as Do/Don't lists often serve as the basis for policy enforcement decisions during review.

Show full text

Added

Key Considerations Do Don't Handle contacts securely.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google Play will surface the Data Safety section information directly on the app's store listing, making it visible to end users before they download. This means inaccurate or incomplete disclosures are not just a backend compliance issue — they are publicly visible and could affect user trust and download rates. Developers should treat this section as user-facing content, not just a regulatory checkbox.

Show full text

Added

This information will show up in your app's Data safety section on Google Play, helping users understand how their data will be handled and make informed choices.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

New Do/Don't guidelines specify that developers must share their privacy policy both in the Play Console and within the app itself — not just one or the other. This dual-placement requirement is now codified as a clear expectation. Apps that only link a privacy policy in the Play Console but not inside the app may now be non-compliant. Developers should verify their in-app privacy policy access point.

Show full text

Added

Key Considerations Do Don't Share your privacy policy in Play Console and within the app itself.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Previously, there was no explicit ongoing-update obligation stated in policy. Developers are now required to update both the Play Console Data Safety section and their privacy policy whenever they change how their app collects, uses, or shares user data. This means data handling documentation is a living obligation, not a one-time submission, and outdated disclosures could result in policy violations.

Show full text

Added

Update regularly information in your app's Data safety section and your privacy policy as you change how your app handles user data.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Apps' privacy policies must now include a dedicated section describing how long user data is retained and how it is deleted. This is a new content requirement for the privacy policy document itself. Developers should update existing privacy policies to explicitly address retention timelines and deletion procedures to remain compliant.

Show full text

Added

The developer's data retention and deletion policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

The policy now requires that the privacy policy document be clearly identified with a title such as 'Privacy Policy.' Generic titles like 'Legal' or 'Terms' that bundle the privacy policy without clear labeling are insufficient. Developers should review how their privacy policy is titled and presented both in-app and externally.

Show full text

Added

Clear labeling as a privacy policy (for example, listed as "privacy policy" in title).

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google now requires that the entity listed as the developer on the Play Store — whether an individual developer name or a company — must be explicitly referenced in the privacy policy, or the app itself must be named within it. This closes a gap where generic, reused privacy policies didn't identify the specific app or publisher. Developers using shared or template privacy policies should update them to include the correct entity or app name.

Show full text

Added

The entity (for example, developer, company) named in the app's Google Play store listing must appear in the privacy policy or the app must be named in the privacy policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has added explicit Do/Don't guidance reinforcing that a comprehensive privacy policy must be linked in Play Console. While this reiterates existing requirements, the formal Do/Don't framing signals that this is an actively enforced checklist item. Developers should verify their Play Console listing includes a valid, up-to-date privacy policy URL.

Show full text

Added

Key Considerations Do Don't Ensure your comprehensive privacy policy is linked in Play Console.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

The policy now explicitly states that developers must not omit any user or device data handling practices from their privacy policy. This means partial disclosures — for example, documenting some data types but not others — are non-compliant. Developers should conduct a full audit of all data collected, processed, or shared by their app and ensure every category is disclosed.

Show full text

Added

Don't omit any user or device data handling from your privacy policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has added explicit Do guidance requiring that the privacy policy be accessible directly from within the app, not just linked externally in Play Console. This is not a brand-new concept but is now formally stated as a required practice. Developers should confirm there is a reachable in-app link or text — typically in settings or onboarding — that leads users to the privacy policy.

Show full text

Added

Make your privacy policy accessible from within the app.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google explicitly calls out that failing to include the required app name or developer/company identification in the privacy policy is a policy violation. This complements the rule in index 85 and makes clear it is an enforcement point, not just a recommendation. Developers using third-party or template privacy policies should immediately verify that the correct identifying information is present.

Show full text

Added

Don't fail to include required app/company identification in the privacy policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google now requires that your app's privacy policy explicitly identifies the app by name and includes your company's details. This is a new specific requirement beyond having a generic privacy policy. Developers using a shared or boilerplate policy across multiple products must ensure each policy is tailored to name the specific app and developer entity. Missing these details could trigger a policy violation.

Show full text

Added

Include your app name and company details in the policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has added explicit Do/Don't guidance stating that apps must offer a clear and easily discoverable account deletion option within the app interface. This formalizes expectations that were previously less explicit. Developers should ensure the deletion option is not buried in settings or obscured by misleading UI, as this type of guidance is often used directly in app review decisions.

Show full text

Added

Key Considerations Do Don't Offer a clear account deletion option within your app.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has added guidance requiring that the end-to-end user journey for account deletion be simple and unobstructed. This complements the prohibition on dark patterns by setting a positive standard: the process should be intuitive, clearly labeled, and completable without unnecessary steps. Developers should test their deletion flows from a user perspective and remove any friction that could be interpreted as intentionally discouraging deletion.

Show full text

Added

Ensure the user process for deletion is straightforward and free of obstacles.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

If an app must retain certain user data after account deletion due to regulatory or legal obligations (e.g., financial records, tax compliance), that retention must now be clearly disclosed in the app's privacy policy. Previously, this level of specificity was not explicitly mandated by Google Play policy. Developers operating in regulated industries or retaining any data post-deletion must update their privacy policies to reflect what data is kept, for how long, and why. Missing this disclosure is itself a policy violation.

Show full text

Added

Clearly disclose any necessary (e.g. regulatory compliance) data retention in your privacy policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Apps that provide an external URL for users to request account or data deletion must keep that link functional and current. Google now explicitly prohibits linking to broken or outdated deletion resource pages. Developers should treat their deletion URL as a maintained production resource and include it in regular QA checks. A non-functional deletion link can now directly trigger a policy violation.

Show full text

Added

Don't provide broken or outdated links to the external deletion resource page.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

If your app links users to an external page to handle account or data deletion, that page must clearly reference your specific app or service — not a generic or ambiguous company-wide page. This ensures users can confidently identify and complete the deletion process for the correct product. Developers who use a shared web portal for multiple apps or services must ensure each app's deletion flow is clearly labeled. Vague or generic deletion pages may be flagged as non-compliant.

Show full text

Added

Ensure your deletion resources clearly reference your app/service.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has introduced an explicit policy summary governing the App Set ID, stating it is intended only for essential non-advertising use cases such as analytics and fraud prevention. Previously, usage rules for App Set ID may not have been as clearly delineated in policy documentation. Developers using App Set ID must ensure their use case falls within these permitted categories. Using App Set ID for advertising-related functions is now explicitly out of scope.

Show full text

Added

Usage of App Set ID Policy Summary The App Set ID is intended to support essential non-ads use cases such as analytics and fraud prevention.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

If your app collects or uses the App Set ID, you must now disclose this in a legally adequate privacy notification to users. This aligns App Set ID disclosure obligations with those already required for other identifiers like AAID. Developers should audit their privacy policies and in-app disclosures to confirm App Set ID collection is documented. Failing to disclose App Set ID usage could be treated as a deceptive data practice under Google Play policy.

Show full text

Added

You must be transparent, so disclose any collection and usage of App Set ID to users in a legally adequate privacy notification.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

The policy adds a general transparency obligation requiring developers to be open with users about how the App Set ID is used within their app. This goes beyond merely having a privacy policy entry and implies that users should be able to understand the purpose of the identifier's use. Developers should review their user-facing disclosures to ensure they clearly communicate App Set ID usage in plain language. This aligns with broader Google transparency principles and could affect app review outcomes.

Show full text

Added

You must be transparent about the use of the App Set ID.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

This addition reiterates and strengthens the notification requirement introduced nearby, emphasizing immediacy when compliance conditions cannot be met. While similar to index 141, its presence as a separate item suggests Google is underscoring this obligation. Developers should treat any known compliance gap as time-sensitive and have a clear escalation path to notify Google without delay.

Show full text

Added

If you can't comply with these conditions, you must inform Google immediately.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has added a proactive compliance monitoring requirement, specifying that developers must consistently verify they meet data handling conditions — not just at the time of submission. Critically, this includes re-evaluating compliance whenever applicable laws or regulations change. Developers who rely on a one-time review will need to establish ongoing compliance monitoring programs to satisfy this new expectation.

Show full text

Added

Regularly monitor compliance, ensuring you consistently meet these conditions, especially following regulatory or legal updates to applicable policies.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccessmediumRestrictions for Personal and Sensitive…
Added

Google has added an explicit summary block stating that Google Play enforces specific restrictions on apps handling financial, contact, or persistent identifier data. Previously, these restrictions existed in the full policy table without a high-level summary. This addition helps developers quickly identify whether this section applies to their app, but also signals increased enforcement attention on these data categories.

Show full text

Added

Policy Summary Google Play enforces specific restrictions on apps that handle financial, contact, or persistent identifier data.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccessmediumRestrictions for Personal and Sensitive…
Added

A 'Key Considerations' section has been added with a do/don't format, starting with the guidance to handle contacts securely. The content appears incomplete as captured, but introduces a new structured guidance format for this policy section. Developers handling contact data should review the full table in the policy for additional do/don't rules that may now be explicitly called out and potentially used as rejection criteria.

Show full text

Added

Key Considerations Do Don't Handle contacts securely.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccessmediumRestrictions for Personal and Sensitive…
Added

A new disclosure requirement has been added specifically for apps with security-related functionality. This is a headline-level rule requiring data use transparency for security apps. Developers building anti-virus, VPN, or similar security tools need to ensure their privacy policies and in-app disclosures clearly document what data is collected and how it is used.

Show full text

Added

Disclose data use for security apps.

privacy-policyPrivacy PolicymediumPrivacy Policy
Added

A new rule specifies that the privacy policy must accurately disclose all dimensions of data handling: access, collection, use, and sharing, for all types of user and device data. While comprehensive privacy policies have long been required, this explicit enumeration raises the bar for what 'comprehensive' means. Developers should review their privacy policies to ensure each of these four dimensions is clearly addressed for every data type their app touches.

Show full text

Added

This policy must accurately disclose how your app accesses, collects, uses, and shares all types of user and device data.

privacy-policyPrivacy PolicymediumPrivacy Policy
Added

Google has added a requirement that privacy policies include the name of the app and the developer or company behind it. This is closely related to index 182 but reinforces that both the app identity and the responsible entity must be clearly stated. Generic or template policies that lack these specifics will not meet the new standard. Developers should update any policy that uses placeholder or omitted identification.

Show full text

Added

Include your app name and company details in the policy.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworksmediumEU-U.S., UK, and Swiss Data Privacy Fra…
Added

A new summary point explicitly states that developers have an ongoing duty to monitor their compliance with EU/UK/Swiss data privacy requirements and must notify Google immediately if they cannot meet them. This proactive notification obligation is now more clearly surfaced. Developers handling EU Personal Information should establish internal compliance monitoring processes to meet this expectation.

Show full text

Added

You also have a duty to monitor your compliance and notify Google immediately if you cannot meet these requirements.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworksmediumEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google has introduced a 'Key Considerations' Do/Don't format section for the EU data privacy frameworks policy, with the first 'Do' item explicitly calling out adherence to GDPR and other applicable privacy laws. This is the first time GDPR is named directly in this section's summary guidance. Developers should treat this as a clear signal that GDPR compliance is a concrete, enforceable expectation under this policy.

Show full text

Added

Key Considerations Do Don't Adhere to all applicable privacy, data security, and data protection laws (e.g., GDPR).

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworksmediumEU-U.S., UK, and Swiss Data Privacy Fra…
Added

A new 'Don't' item in the Key Considerations section reinforces that personal data from EU/UK/Swiss users must only be accessed or used for purposes consistent with what the user consented to. This restates an existing obligation but gives it explicit, standalone prominence in the Do/Don't guidance. Developers should audit their data usage practices to ensure they stay within the bounds of stated consent.

Show full text

Added

Only access and use personal data for purposes consistent with user consent.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworksmediumEU-U.S., UK, and Swiss Data Privacy Fra…
Added

This addition restates the requirement from index 203 in a slightly different framing, reinforcing that immediate disclosure to Google is mandatory when a developer cannot comply with Data Privacy Framework conditions. The repetition signals Google is treating this as a critical obligation rather than advisory guidance. Developers should treat this as confirmation that silence in the face of a compliance gap is unacceptable. Ensure your incident response plan includes this notification step.

Show full text

Added

If you can't comply with these conditions, you must inform Google immediately.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Removed

A specific example under the Inappropriate Content policy — flagging content that lacks sensitivity around the death of real people due to suicide, overdose, or natural causes — has been removed. This example previously helped developers understand what types of content could trigger a violation. Its removal may mean this example was consolidated into another section or the examples list was restructured; developers in mental health, news, or social app categories should verify current guidance.

Show full text

Removed

Examples of violations Lacking sensitivity regarding the death of a real person or group of people due to suicide, overdose, natural causes, etc.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

A new disclaimer has been added stating that policy summaries and 'Key Considerations' sections are overviews only, and that the full policy text is the authoritative compliance reference. This is a meaningful addition for developers who rely on summary sections for compliance decisions — it signals that summaries should not be treated as exhaustive and that edge cases must be evaluated against the complete policy. Developers should review their compliance processes to ensure they are referencing full policy text, not just summaries.

Show full text

Added

Disclaimer: Policy summaries and Key Considerations are overviews only; always refer to the full policy for compliance.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

A new clause states that the full policy takes precedence in any conflict with summary or abbreviated versions. This is a meta-rule that affects how developers should interpret any discrepancy between a policy summary and the full policy text. Developers should always consult the full policy rather than relying solely on summaries. This reduces ambiguity but also means summary-based interpretations carry no official weight.

Show full text

Added

The full policy takes precedence in case of conflict.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

A new named policy summary section for Sexual Content and Profanity has been added to the Inappropriate Content guidelines. It restates that apps containing or promoting sexual content or profanity are not allowed on Google Play. While this prohibition is not entirely new in spirit, formalizing it as a labeled summary section increases its visibility and enforceability. Developers should treat this as an official consolidated statement of the rule.

Show full text

Added

COLLAPSE ALL EXPAND ALL Sexual Content and Profanity Policy Summary We don't allow apps on Google Play that contain or promote sexual content or profanity.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

A new exemption has been introduced allowing apps that contain nudity if their primary objective is educational, documentary, scientific, or artistic (EDSA). The content must be contextually justified and non-gratuitous to qualify. This is a significant addition for developers building apps in art, science, health, or documentary contexts that may include nudity. Developers relying on this exemption should be prepared to demonstrate that nudity is incidental and contextually necessary, not a primary feature.

Show full text

Added

We grant an exemption for apps containing nudity if the primary objective is educational, documentary, scientific, or artistic (EDSA), provided the content is contextually justified and non-gratuitous.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

Catalog apps whose primary offering is books or videos may now qualify for an exemption from the blanket sexual content prohibition. This carve-out appears aimed at general content marketplaces (e.g., e-book stores, video libraries) that are not adult-focused but may incidentally include some mature titles. Developers running such platforms should understand this exemption has conditions and does not grant unlimited latitude. The full policy details the boundaries of this exemption.

Show full text

Added

The catalog apps that primarily offer books or videos may be exempted.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

Google Play has added a rule prohibiting apps from actively promoting sexual titles — for example, through featured sections, push notifications, or prominent merchandising. Even where sexual content is otherwise permitted within a catalog app, surfacing it prominently to users is now disallowed. Developers should review recommendation engines, home screens, and notification strategies to ensure sexual content is not being actively surfaced.

Show full text

Added

Avoid actively promoting sexual titles in the app.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

Google Play has added an inline summary of its Hate Speech Policy within the Inappropriate Content section, stating that apps inciting hatred or promoting violence against individuals or protected groups are not allowed. While this policy existed previously, its explicit inclusion here reinforces its scope and visibility. Developers should ensure any community features, user-generated content tools, or editorial content cannot be used to incite hatred or promote violence.

Show full text

Added

Hate Speech Policy Summary Google Play does not allow apps that incite hatred or promote violence against individuals or protected groups.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

Google Play has added explicit guidance that apps containing educational, artistic, or associated content related to Nazism may be blocked in some countries in accordance with local laws. This is a new specific callout that was not previously enumerated in this section. Developers distributing historically or politically sensitive content should be aware that even lawful, educational material may face regional availability restrictions.

Show full text

Added

Apps with educational, artistic or associated content related to Nazism may be blocked in some countries according to local laws.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

A new 'Key Considerations' section has been added laying out a Do/Don't framework for violent extremism content. The primary 'Do' requirement is providing EDSA (Educational, Documentary, Scientific, or Artistic) context for any related content. This gives developers clearer, actionable guidance on how to handle sensitive extremism-adjacent topics while remaining compliant.

Show full text

Added

Key Considerations Do Don't Provide relevant EDSA (Educational, Documentary, Scientific, or Artistic) context for any content related to violent extremism.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

Google has introduced an explicit requirement that apps adhere to all local laws concerning sensitive content. This is a new written obligation in this policy section. For developers distributing apps internationally, this means content that is legal in one region may still violate this policy if it breaks local laws in another region where the app is available. Geo-specific content reviews may be necessary.

Show full text

Added

Adhere to all local laws regarding sensitive content.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

Google has added a new illustrative example of a common policy violation: content that lacks sensitivity around the death of real people or groups due to suicide, overdose, or natural causes. This gives developers clearer guidance on what crosses the line under Inappropriate Content rules. Apps that cover news, health, social media, or memorial topics should ensure their handling of such subjects is respectful and contextually appropriate.

Show full text

Added

Examples of common violations Lacking sensitivity regarding the death of a real person or group of people due to suicide, overdose, natural causes, etc.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

Google has added a direct prohibition statement making clear that apps must not provide services that fall under the Inappropriate Content policy. While the spirit of this rule existed before, this explicit statement strengthens enforcement language. Developers should audit any service-based app functionality against the full Inappropriate Content policy to ensure nothing is inadvertently facilitating prohibited services.

Show full text

Added

You must not provide these services.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Removed

A top-level summary entry for the Sexual Content and Profanity policy has been removed from the collapsed/expanded section index on the policy page. This appears to be a structural or navigational change to how the policy documentation is presented rather than a removal of the underlying policy itself. Developers should verify the policy still exists in its proper section. If the substantive rule has truly been removed, this would be a significant policy shift, but it is most likely a UI/navigation reorganization.

Show full text

Removed

Sexual Content and Profanity We don't allow apps that contain or promote sexual content or profanity, including pornography, or any content or services intended to be sexually gratifying.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Removed

The top-level summary entry for the Hate Speech policy has been removed from the collapsed/expanded section index. The underlying prohibition against apps promoting violence or inciting hatred based on protected characteristics may still exist elsewhere in the policy documentation. This is likely a structural reorganization of the policy page navigation, but developers should confirm the full Hate Speech policy remains intact in its dedicated section.

Show full text

Removed

Hate Speech We don't allow apps that promote violence, or incite hatred against individuals or groups based on race or ethnic origin, religion, disability, age, nationality, veteran status, sexual orientation, gender, gender identity, caste, immigration status, or any other characteristic that is associated with systemic discrimination or marginalization.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Removed

The top-level summary entry for the Violence policy—prohibiting apps that depict or facilitate gratuitous violence or dangerous activities—has been removed from the collapsed/expanded section index. As with other similar removals in this batch, this is most likely a documentation restructuring rather than a removal of the rule itself. Developers with apps featuring violent content should verify the full policy is still present in its dedicated section.

Show full text

Removed

Violence We don't allow apps that depict or facilitate gratuitous violence or other dangerous activities.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Removed

The top-level summary entry for the Violent Extremism policy, which barred terrorist and dangerous organizations from publishing apps on Google Play, has been removed from the section index. This is likely a navigational restructuring of the policy page. The underlying prohibition is almost certainly still in force; developers should locate the policy in its full dedicated section to confirm.

Show full text

Removed

Violent Extremism We do not permit terrorist organizations, or other dangerous organizations or movements that have engaged in, prepared for, or claimed responsibility for acts of violence against civilians to publish apps on Google Play for any purpose, including recruitment.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Removed

An example violation—specifically, lacking sensitivity regarding the death of a real person or group due to suicide, overdose, or natural causes—has been removed from the collapsed section index. This example previously helped developers understand where the line is drawn on sensitive content. Its removal from the index may mean it has been relocated within the full policy detail, or it may have been deprioritized as a listed example. Developers handling content involving real people or sensitive topics should review the full policy to understand current expectations.

Show full text

Removed

Examples of violations Lacking sensitivity regarding the death of a real person or group of people due to suicide, overdose, natural causes, etc.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Removed

The top-level summary entry for the Bullying and Harassment policy, which prohibited apps containing or facilitating threats, harassment, or bullying, has been removed from the section index. As with other entries in this batch, this is likely a structural change to the documentation layout rather than a substantive policy removal. Developers should confirm the full Bullying and Harassment policy is still accessible in its dedicated section.

Show full text

Removed

Bullying and Harassment We don't allow apps that contain or facilitate threats, harassment, or bullying.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Removed

The top-level summary for the Dangerous Products policy—covering apps that facilitate the sale of explosives, firearms, ammunition, or certain accessories—has been removed from the section index. This is most likely a documentation restructuring. Developers building apps in this category should locate and review the full Dangerous Products policy to ensure compliance, as the underlying rules are expected to remain in effect.

Show full text

Removed

Dangerous Products We don't allow apps that facilitate the sale of explosives, firearms, ammunition, or certain firearms accessories.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Removed

The top-level summary entry for the Marijuana policy, which prohibited apps facilitating the sale of marijuana or marijuana products regardless of legality, has been removed from the section index. This navigational removal does not necessarily mean the policy itself has changed. Developers in the cannabis space should verify the current state of the full Marijuana policy in its dedicated section before drawing conclusions.

Show full text

Removed

Marijuana We don't allow apps that facilitate the sale of marijuana or marijuana products, regardless of legality.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Removed

The top-level summary for the Tobacco and Alcohol policy—prohibiting apps that facilitate the sale of tobacco or nicotine products or encourage illegal/inappropriate use of alcohol, tobacco, or nicotine—has been removed from the section index. Given that index 80 simultaneously adds a new alcohol-related rule, this removal may be part of a restructuring that consolidates or rewrites the alcohol and tobacco policies. Developers in these categories should carefully review the current full policy text to understand any net changes to their obligations.

Show full text

Removed

Tobacco and Alcohol We don't allow apps that facilitate the sale of tobacco or products containing nicotine (such as e-cigarettes, vape pens and nicotine pouches) or encourage the illegal or inappropriate use of alcohol, tobacco, or nicotine.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Google Play has added a new policy summary section explicitly stating that apps containing or promoting sexual content or profanity are not allowed. While this prohibition has existed in spirit, the addition of a dedicated, clearly labeled summary section signals a more structured enforcement presentation. Developers should review their app content and metadata to ensure nothing could be interpreted as promoting sexual content.

Show full text

Added

Sexual Content and Profanity Policy Summary We don't allow apps on Google Play that contain or promote sexual content or profanity.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Google Play is formally introducing an exemption for nudity in apps whose primary objective is educational, documentary, scientific, or artistic (EDSA). The content must be contextually justified and non-gratuitous to qualify. This is a meaningful carve-out for developers building legitimate educational, medical, or art-focused apps, but the burden is on the developer to clearly demonstrate the EDSA purpose.

Show full text

Added

We grant an exemption for apps containing nudity if the primary objective is educational, documentary, scientific, or artistic (EDSA), provided the content is contextually justified and non-gratuitous.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Google Play now explicitly recognizes that catalog-style apps — those primarily distributing books or videos — may be eligible for an exemption from the blanket sexual content prohibition. This is a new, specific carve-out that did not previously appear in summarized policy guidance. Developers of e-reader, streaming, or digital storefront apps should take note, as this may open or clarify compliance paths for their content libraries.

Show full text

Added

The catalog apps that primarily offer books or videos may be exempted.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Apps must not actively promote sexual content titles to users within the app experience. This goes beyond simply hosting such content — it targets editorial promotion, featured placements, banners, or recommendations that spotlight sexual titles. Developers running catalog apps that are approved to carry sexual content must ensure their in-app merchandising and recommendation systems do not actively surface or highlight that content.

Show full text

Added

Avoid actively promoting sexual titles in the app.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Google Play has introduced a named Hate Speech Policy with a published summary stating that apps inciting hatred or promoting violence against individuals or protected groups are not allowed. While hate speech has likely been covered under prior policies, the formalization of a named policy increases its visibility and enforceability. Developers should treat this as a signal that enforcement in this area may become more rigorous.

Show full text

Added

Hate Speech Policy Summary Google Play does not allow apps that incite hatred or promote violence against individuals or protected groups.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

A new guideline notes that apps containing educational, artistic, or associated content related to Nazism may be blocked in certain countries in accordance with local laws. This is not a global ban but a geo-restriction warning. Developers distributing history, education, or news apps that reference this topic should be aware their app may be unavailable in specific markets and should plan accordingly.

Show full text

Added

Apps with educational, artistic or associated content related to Nazism may be blocked in some countries according to local laws.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Google has added a structured 'Do/Don't' Key Considerations section to its hate speech policy. Previously, guidance was presented as prose rules without this checklist format. The first item explicitly requires developers to familiarize themselves with the definition of a protected group. This matters because ignorance of the definition is no longer a viable defense — developers are expected to proactively understand the scope before publishing.

Show full text

Added

Key Considerations Do Don't Familiarize yourself with what constitutes a protected group.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Google has added explicit guidance confirming that fictional violence depicted within a game context — such as cartoons, hunting, or fishing apps — is generally allowed on Google Play. Previously this carve-out was not spelled out in the policy summary. Developers building games with non-gratuitous fictional violence now have clearer written backing, but should still review the full violence policy to confirm compliance.

Show full text

Added

Apps that depict fictional violence in the context of a game, such as cartoons, hunting or fishing, are generally allowed.Please review the full policy to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Google has added a concrete example of a policy violation involving content that lacks sensitivity around the death of a real person or group due to suicide, overdose, or natural causes. This helps clarify the scope of existing sensitive content rules by giving developers a specific scenario to evaluate against. Apps dealing with news, true crime, social commentary, or user-generated content should be particularly attentive. Developers should review how their apps handle and present such topics.

Show full text

Added

Examples of common violations Lacking sensitivity regarding the death of a real person or group of people due to suicide, overdose, natural causes, etc.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

A new rule prohibits apps from portraying tobacco use as enhancing a user's social, professional, or intellectual standing. This targets aspirational or lifestyle-based tobacco promotion within app content. Developers of social, entertainment, or lifestyle apps should review any imagery, copy, or storylines that could be interpreted as glamorizing or endorsing tobacco use in this way.

Show full text

Added

Don't imply that using tobacco improves social, professional, or intellectual standing.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Apps are now explicitly forbidden from depicting excessive alcohol consumption in a positive or favorable manner. This is a new content-level restriction that goes beyond transactional prohibitions to govern how alcohol is represented within app content. Developers of games, social apps, or entertainment apps with alcohol-related themes should ensure their content does not glorify or normalize binge drinking.

Show full text

Added

Don't portray excessive drinking favorably.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

The recommended template format for crafting a Prominent Disclosure statement — including example phrasings for apps like 'Fitness Funds' and 'Call Buddy' — has been removed. Previously, developers could use this as a reference to structure compliant disclosure language. The removal may indicate the guidance has been consolidated elsewhere; developers who relied on these examples should seek updated reference material.

Show full text

Removed

To meet policy requirements, it’s recommended that you reference the following example format for Prominent Disclosure when it’s required: “[This app] collects/transmits/syncs/stores [type of data] to enable ["feature"], [in what scenario]." Example: “Fitness Funds collects location data to enable fitness tracking even when the app is closed or not in use and is also used to support advertising.” Example: “Call buddy collects read and write call log data to enable contact organization even when the app is not in use.” If your app integrates third party code (for example, an SDK) that is designed to collect personal and sensitive user data by default, you must, within 2 weeks of receipt of a request from Google Play (or, if Google Play’s request provides for a longer time period, within that time period), provide sufficient evidence demonstrating that your app meets the Prominent Disclosure and Consent requirements of this policy, including with regard to the data access, collection, use, or sharing via the third party code.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

The introductory sentence pointing developers to a table of specific data-access restrictions has been removed from this section. This text served as a gateway reference to activity-specific data handling requirements. Developers should confirm whether the underlying restrictions table still exists in another location, as the rules it referenced may still be enforced.

Show full text

Removed

Restrictions for Personal and Sensitive Data Access In addition to the requirements above, the table below describes requirements for specific activities.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

The requirement that the Play Console Data Safety section must be consistent with disclosures in the app's privacy policy has been removed. This consistency rule was important for avoiding contradictory disclosures that could cause rejection or enforcement. Developers should check if this alignment requirement survives in another part of the policy.

Show full text

Removed

Where relevant, the section must be consistent with the disclosures made in the app’s privacy policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

The specific requirement that an app's privacy policy must describe the developer's data retention and deletion practices has been removed. This clause helped set user expectations about how long their data is kept and how it can be deleted. Developers should check updated policy guidance to see if this disclosure is still expected in some form.

Show full text

Removed

The developer’s data retention and deletion policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

The rule stating that the entity named in the app's Play Store listing (developer or company) or the app name itself must appear in the privacy policy has been removed. This requirement ensured users could link the policy to the correct app or developer. Developers should check if updated policy language still demands clear attribution within privacy documents.

Show full text

Removed

The entity (for example, developer, company) named in the app’s Google Play store listing must appear in the privacy policy or the app must be named in the privacy policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

The introductory text describing Android's App Set ID — a new identifier intended for analytics and fraud prevention use cases — has been removed from this section. This guidance may have been relocated to a more specific section of the policy or to Android developer documentation. Developers using App Set ID should consult the latest Android documentation to ensure their implementation still aligns with current requirements.

Show full text

Removed

Usage of App Set ID Android will introduce a new ID to support essential use cases such as analytics and fraud prevention.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Removed

The brief standalone statement requiring developers to obtain legally valid user consent where required by law has been removed from this section. This is unlikely to mean the consent obligation itself has been dropped, as it is a foundational legal requirement reflected across many policies. Developers should confirm that consent obligations are still addressed in other parts of the current policy.

Show full text

Removed

You must obtain users’ legally valid consent where required.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has added a direct directive telling developers not to neglect account deletion functionality. This signals that Google is actively enforcing account deletion requirements and considers non-compliance a notable gap. Developers whose apps support account creation need to audit whether a proper deletion flow exists. This appears to be an emphasis statement accompanying more detailed rules.

Show full text

Added

Don't neglect account deletion.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has added a recommended template for writing prominent disclosure statements: '[App name] collects/transmits/syncs/stores [data type] to enable [feature] [in what scenario].' Concrete examples are provided, including cases where data is collected when the app is closed or used for advertising. While described as a recommendation rather than a strict requirement, following this format is the clearest path to demonstrating compliance. Developers should use this template when drafting or updating their in-app disclosure language.

Show full text

Added

To meet policy requirements, it's recommended that you reference the following example format for Prominent Disclosure when it's required: "[This app] collects/transmits/syncs/stores [type of data] to enable ["feature"], [in what scenario]." Example: "Fitness Funds collects location data to enable fitness tracking even when the app is closed or not in use and is also used to support advertising." Example: "Call buddy collects read and write call log data to enable contact organization even when the app is not in use." If your app integrates third party code (for example, an SDK) that is designed to collect personal and sensitive user data by default, you must, within 2 weeks of receipt of a request from Google Play (or, if Google Play's request provides for a longer time period, within that time period), provide sufficient evidence demonstrating that your app meets the Prominent Disclosure and Consent requirements of this policy, including with regard to the data access, collection, use, or sharing via the third party code.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has introduced a 'Key Considerations' section formatted as a Do/Don't table, with an explicit directive to handle contacts securely. This type of structured guidance makes compliance expectations clearer and more enforceable. Developers who access contacts data should review this table in full, as it likely contains additional dos and don'ts beyond what is captured in this single excerpt. Non-compliance with items in this table could be cited during app review.

Show full text

Added

Key Considerations Do Don't Handle contacts securely.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

This is a new heading/rule signaling that apps with security-related features have specific disclosure obligations. Where previously general privacy policy requirements applied, security apps are now called out as a distinct category requiring explicit transparency. Developers building antivirus, VPN, device management, or similar apps should review their privacy policies to ensure data use is clearly and specifically explained.

Show full text

Added

Disclose data use for security apps.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

A new rule mandates that developers disclose their use of persistent identifiers (such as hardware IDs) to users. Previously, identifier use may have been covered implicitly by general privacy disclosure rules, but this makes it an explicit standalone obligation. Any app that reads or uses device identifiers must ensure this is clearly communicated — in the privacy policy and/or in-app disclosures.

Show full text

Added

Disclose use of identifiers.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google Play will surface the Data Safety section information directly on an app's store listing, making it visible to users before they download. This is new context explaining the user-facing impact of the Data Safety section requirement. Developers should understand that inaccurate or incomplete disclosures are not just a back-end compliance issue — they are directly visible to potential users and can affect download decisions.

Show full text

Added

This information will show up in your app's Data safety section on Google Play, helping users understand how their data will be handled and make informed choices.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

A new explicit guideline states that developers must share their privacy policy in the Play Console and also make it accessible within the app itself. This formalizes a dual-disclosure requirement that may not have been explicitly stated before. Developers who only link a privacy policy in the Play Console listing but do not surface it inside the app may now be non-compliant.

Show full text

Added

Key Considerations Do Don't Share your privacy policy in Play Console and within the app itself.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Previously, there was no explicit ongoing update obligation stated here. The new rule requires developers to update both their app's Data Safety section in Play Console and their privacy policy whenever their data handling practices change. This means a one-time submission is no longer sufficient — each new SDK integration, feature, or data use change triggers an update obligation. Failing to keep these in sync could result in policy violations.

Show full text

Added

Update regularly information in your app's Data safety section and your privacy policy as you change how your app handles user data.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google is now requiring that privacy policies include a section specifically describing how long user data is retained and how it is deleted. If your current privacy policy does not address retention and deletion timelines, it will need to be updated to meet this requirement. This affects virtually all apps that collect any user or device data.

Show full text

Added

The developer's data retention and deletion policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google now specifies that the privacy policy document must be identifiably titled as a privacy policy (e.g., using 'Privacy Policy' in the heading). Documents buried under generic titles like 'Legal' or 'Terms' without clear labeling would not satisfy this requirement. Developers should audit how their privacy policy link and document are labeled both in-app and in the store listing.

Show full text

Added

Clear labeling as a privacy policy (for example, listed as "privacy policy" in title).

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google now requires that either the developer or company entity listed in the Play Store listing is named in the privacy policy, or that the app itself is explicitly named there. This closes a gap where generic or third-party privacy policies were used without identifying the specific app or publisher. Developers using shared or template privacy policies should verify that the correct entity or app name is referenced.

Show full text

Added

The entity (for example, developer, company) named in the app's Google Play store listing must appear in the privacy policy or the app must be named in the privacy policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has introduced a Do/Don't reference table reinforcing that a comprehensive privacy policy must be linked in Play Console. While this reflects existing policy intent, its explicit enumeration in a Do/Don't format signals closer enforcement scrutiny. Developers should verify their Play Console store listing includes an up-to-date privacy policy URL.

Show full text

Added

Key Considerations Do Don't Ensure your comprehensive privacy policy is linked in Play Console.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google's new guidance explicitly states that developers must not omit any user or device data handling practices from their privacy policy. This means partial disclosures — for example, mentioning analytics but omitting device identifiers — are non-compliant. Developers should conduct a full data audit to ensure every data type collected is disclosed.

Show full text

Added

Don't omit any user or device data handling from your privacy policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google now explicitly calls out in its Do/Don't guidance that the privacy policy must be reachable from inside the app itself. A link only on the Play Store page is insufficient. Developers should ensure a privacy policy link appears in an accessible location within the app, such as settings or an about screen.

Show full text

Added

Make your privacy policy accessible from within the app.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google's new Don't guidance explicitly prohibits submitting a privacy policy that fails to identify the relevant app or company. This complements the requirement in index 85 and makes clear that omitting this identification is an enforceable violation, not just a best practice. Developers should confirm their privacy policy names either the app or the publishing entity listed on Play.

Show full text

Added

Don't fail to include required app/company identification in the privacy policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Apps are now required to include their app name and company identifying details directly within the privacy policy. This is a new explicit requirement that goes beyond generic privacy policy templates. Developers using shared or boilerplate policies should update them to reference their specific app and company to remain compliant.

Show full text

Added

Include your app name and company details in the policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has added explicit Do/Don't guidance confirming that a clear account deletion option must be present inside the app. This formalizes what was implied by the broader policy and gives reviewers a concrete checklist item. Developers should ensure the deletion option is easy to find — buried settings or support-ticket-only flows are unlikely to satisfy this. The addition of structured guidance signals increased enforcement attention on this area.

Show full text

Added

Key Considerations Do Don't Offer a clear account deletion option within your app.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google now requires that if an app retains any user data after account deletion for legitimate reasons such as regulatory compliance, this must be explicitly stated in the app's privacy policy. Previously, such disclosures may not have been formally mandated at this policy level. Developers who retain data for legal reasons (e.g. financial records, fraud prevention) must update their privacy policies to document the scope and duration of that retention.

Show full text

Added

Clearly disclose any necessary (e.g. regulatory compliance) data retention in your privacy policy.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has added a rule explicitly prohibiting broken or stale links to external deletion resource pages. If your app's Play Store listing or in-app settings point users to a deletion webpage, that link must be functional and current. Developers who use external web pages to handle deletion requests should implement regular link-checking and ensure the destination page remains live and accurate.

Show full text

Added

Don't provide broken or outdated links to the external deletion resource page.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google now requires that any external page or resource provided for account/data deletion explicitly references the specific app or service it covers. A generic or ambiguous deletion page that doesn't clearly tie back to your app is no longer acceptable. Developers using shared or corporate-level deletion pages should ensure those pages are updated to name or identify the specific app(s) they serve.

Show full text

Added

Ensure your deletion resources clearly reference your app/service.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has introduced an explicit policy summary for App Set ID usage, stating it is intended solely for essential non-advertising use cases such as analytics and fraud prevention. Previously, permitted uses may not have been as clearly enumerated in a standalone summary. Developers using App Set ID should confirm their use cases align strictly with analytics and fraud prevention rather than any advertising-related functionality.

Show full text

Added

Usage of App Set ID Policy Summary The App Set ID is intended to support essential non-ads use cases such as analytics and fraud prevention.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google now requires transparency around App Set ID by mandating that any collection and use of it be disclosed in a legally sufficient privacy notice. Previously, App Set ID may not have been called out as requiring its own explicit disclosure. Developers collecting App Set ID should update their privacy policies and any in-app privacy notices to include this identifier and describe how it is used.

Show full text

Added

You must be transparent, so disclose any collection and usage of App Set ID to users in a legally adequate privacy notification.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Android is introducing a new identifier called the App Set ID, designed to support essential use cases such as analytics and fraud prevention. This replaces or supplements prior approaches to non-advertising identification. Developers who need a stable identifier for these purposes should plan to adopt this new ID and understand its usage restrictions.

Show full text

Added

Full Policy Android will introduce a new ID to support essential use cases such as analytics and fraud prevention.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

New guidance clarifies that the App Set ID is approved for essential functions such as analytics and fraud prevention. This gives developers a clear sanctioned use case for the identifier. Apps should ensure they only use the App Set ID within these permitted purposes to remain compliant.

Show full text

Added

Key Considerations Do Don't Use the App Set ID for essential functions such as analytics and fraud prevention.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

The policy now explicitly requires developers to be transparent about how they use the App Set ID. This is a principles-level requirement that underpins the more specific disclosure and consent rules in surrounding clauses. Developers should treat this as a reminder that vague or incomplete disclosures around this identifier will not be acceptable.

Show full text

Added

You must be transparent about the use of the App Set ID.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

This addition repeats the obligation to immediately inform Google when data-handling conditions cannot be met, likely appearing in a different subsection or context within the policy. While substantively similar to index 141, its separate placement signals that this requirement applies across multiple data-related policy sections. Developers should treat immediate notification as a universal rule whenever compliance with any data condition is at risk.

Show full text

Added

If you can't comply with these conditions, you must inform Google immediately.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

Google has added an explicit ongoing compliance monitoring requirement, stating that developers must consistently verify they meet data-handling conditions — particularly following regulatory or legal updates. Previously, compliance was expected but ongoing monitoring was not explicitly mandated in policy text. This means developers cannot treat data compliance as a one-time setup; they must actively track changes in applicable laws and policies and adjust their apps accordingly.

Show full text

Added

Regularly monitor compliance, ensuring you consistently meet these conditions, especially following regulatory or legal updates to applicable policies.

developer-program-policyDeveloper Program PolicymediumDeveloper Program Policy
Added

A new Content Ratings section has been added to the Developer Program Policy, introducing a formal description of how Google Play uses the International Age Rating Coalition (IARC) system to provide locally relevant content ratings. This content likely existed elsewhere (e.g., in Help Center articles), but its inclusion in the policy document gives it greater official weight. Developers who have not yet completed the IARC questionnaire or who publish content that may receive age restrictions should review their ratings carefully.

Show full text

Added

Content Ratings Content ratings on Google Play are provided by the International Age Rating Coalition (IARC) and are designed to help developers communicate locally relevant content ratings to users.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccessmediumRestrictions for Personal and Sensitive…
Added

A new summary block has been added to this section explicitly stating that Google Play enforces specific restrictions on apps handling financial data, contact data, or persistent identifiers. This is a new piece of policy text that frames the detailed rules that follow. Developers should treat this as a signal that enforcement attention is being drawn to these data categories.

Show full text

Added

Policy Summary Google Play enforces specific restrictions on apps that handle financial, contact, or persistent identifier data.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccessmediumRestrictions for Personal and Sensitive…
Added

A new 'Key Considerations' section has been added with a Do/Don't format, starting with the directive to handle contacts securely. The content appears incomplete or truncated in this change, but it introduces a new structured guidance format for this policy section. Developers should monitor for the full Do/Don't table, as it may contain actionable rules that affect app review outcomes.

Show full text

Added

Key Considerations Do Don't Handle contacts securely.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccessmediumRestrictions for Personal and Sensitive…
Added

This addition broadly prohibits apps from publicly disclosing sensitive personal data, reinforcing and formalizing what was previously implied under general data handling policies. While the rule is high-level, it serves as an overarching requirement that developers must consider when designing data sharing, logging, or export features. Any app that surfaces user data in public-facing contexts should be reviewed for compliance. This complements the more specific financial/government ID restriction added alongside it.

Show full text

Added

Don't disclose sensitive data publicly.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccessmediumRestrictions for Personal and Sensitive…
Added

Google now requires apps with security-related functionality to clearly disclose their data usage practices. This is a headline-level addition that signals a new category of disclosure obligation tied to app type rather than just data type. Developers building anti-virus, device security, or related tools must ensure their privacy policies and in-app disclosures are explicit and complete. Failure to do so may result in rejection or removal.

Show full text

Added

Disclose data use for security apps.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccessmediumRestrictions for Personal and Sensitive…
Added

A new guideline heading has been added instructing developers not to link persistent identifiers to other user data unnecessarily. This signals Google is tightening restrictions around how identifier data is combined with other personal data. Developers should review their data practices to ensure they are not joining identifiers to user profiles or behavioral data without a clear, approved justification.

Show full text

Added

Don't link identifiers unnecessarily.

privacy-policyPrivacy PolicymediumPrivacy Policy
Added

Google has added explicit language clarifying that the required privacy policy must accurately disclose all aspects of data handling: access, collection, use, and sharing of both user and device data. Previously, the guideline described a comprehensive policy requirement without spelling out these specific dimensions. Developers should review their privacy policies to ensure every category of data handling is addressed and accurate. Incomplete or vague policies are now more clearly out of compliance.

Show full text

Added

This policy must accurately disclose how your app accesses, collects, uses, and shares all types of user and device data.

privacy-policyPrivacy PolicymediumPrivacy Policy
Added

Google has added an explicit rule that privacy policies must identify the app by name and include company details. This reinforces and expands on the requirement in index 182 with specific identifying elements. Developers should verify their policy header or introduction clearly states both the app name and the responsible company or developer name.

Show full text

Added

Include your app name and company details in the policy.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworksmediumEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google's updated summary for this section now explicitly states that developers have an ongoing duty to monitor their own compliance with EU/UK/Swiss data privacy frameworks and must notify Google immediately if they can no longer meet the requirements. While a notification duty existed in the full policy, surfacing it in the summary increases its visibility and weight. Developers should have a process in place to detect compliance gaps and communicate them to Google proactively. Failure to do so could be treated as a policy violation.

Show full text

Added

You also have a duty to monitor your compliance and notify Google immediately if you cannot meet these requirements.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworksmediumEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google introduced a Do/Don't checklist format under a 'Key Considerations' heading for the EU data privacy frameworks section. The first item explicitly references GDPR by name as an example of applicable law that must be followed. While the underlying obligation existed, naming GDPR explicitly and presenting it in a checklist format increases its prominence and clarity. Developers should treat this as a direct signal that GDPR adherence is actively evaluated.

Show full text

Added

Key Considerations Do Don't Adhere to all applicable privacy, data security, and data protection laws (e.g., GDPR).

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworksmediumEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google added a checklist item explicitly requiring that personal data from EEA, UK, or Swiss users be accessed and used only for purposes the user has consented to. This mirrors language in the full policy but is now surfaced as a standalone, scannable requirement. Apps that use data beyond the stated consent scope — even for analytics or advertising — may face enforcement action. Developers should audit their data use cases against their disclosed consent flows.

Show full text

Added

Only access and use personal data for purposes consistent with user consent.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworksmediumEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google now requires developers to actively and continuously monitor their compliance with Data Privacy Framework conditions, rather than treating it as a one-time setup. Critically, this obligation extends to keeping pace with regulatory or legal updates that affect applicable policies. Developers building apps that handle EU personal data need to establish ongoing compliance review processes and stay current with changes to GDPR, the EU-U.S. DPF, and related frameworks.

Show full text

Added

Regularly monitor compliance, ensuring you consistently meet these conditions, especially following regulatory or legal updates to applicable policies.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Removed

A specific example violation — flagging content that lacks sensitivity regarding the death of a real person due to suicide, overdose, or natural causes — has been removed from this section. This example previously helped developers understand the boundary for sensitive content. Its removal may reduce explicit guidance in this area, so developers creating content referencing real individuals or sensitive topics should consult the full policy for current examples.

Show full text

Removed

Examples of violations Lacking sensitivity regarding the death of a real person or group of people due to suicide, overdose, natural causes, etc.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

A new disclaimer has been added to the Inappropriate Content section stating that policy summaries and 'Key Considerations' are overviews only and that developers must refer to the full policy for compliance purposes. This signals that Google is presenting summarized or simplified versions of policies in some contexts and wants developers to know those summaries are not authoritative. Developers should ensure they are always referencing the complete, full-text policy when making compliance decisions, not relying solely on section summaries.

Show full text

Added

Disclaimer: Policy summaries and Key Considerations are overviews only; always refer to the full policy for compliance.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

A new statement clarifies that in any conflict between a policy summary and the full policy text, the full policy wins. This matters because Google Play has introduced summary sections alongside full policy text, and developers relying solely on summaries could miss binding requirements. Always read the full policy to ensure compliance.

Show full text

Added

The full policy takes precedence in case of conflict.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

A new exemption permits apps containing nudity if the primary objective is educational, documentary, scientific, or artistic (EDSA), provided the content is contextually justified and non-gratuitous. This is a meaningful new carve-out that could allow certain content that was previously risky to publish. Developers building EDSA-focused apps should document the purpose clearly and ensure no content crosses into gratuitous territory.

Show full text

Added

We grant an exemption for apps containing nudity if the primary objective is educational, documentary, scientific, or artistic (EDSA), provided the content is contextually justified and non-gratuitous.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

Catalog apps whose primary offering is books or videos may now qualify for an exemption allowing a small amount of sexual content. This is a new, specific carve-out that did not previously appear in this policy section. Developers of digital bookstores or video libraries should assess whether they qualify and understand the conditions that apply.

Show full text

Added

The catalog apps that primarily offer books or videos may be exempted.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

Even for eligible book or video catalog apps, Google Play now prohibits actively promoting sexual content titles within the app experience — for example, featuring them in banners, carousels, or highlighted sections. Sexual titles may exist in the catalog but must not be surfaced prominently. Developers should update recommendation engines, editorial placements, and home screens accordingly.

Show full text

Added

Avoid actively promoting sexual titles in the app.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

A new clause clarifies that apps containing educational, artistic, or associated content related to Nazism may be geo-blocked in certain countries to comply with local laws. This is relevant to history apps, educational platforms, documentary or book catalogs, and news apps. Developers distributing such content internationally should be aware of potential country-level availability restrictions and plan accordingly.

Show full text

Added

Apps with educational, artistic or associated content related to Nazism may be blocked in some countries according to local laws.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

A new 'Key Considerations' section has been added that frames dos and don'ts around hate speech policy. Developers are now explicitly directed to familiarize themselves with what constitutes a protected group before publishing. This signals that Google expects informed compliance, not just passive avoidance of obvious violations.

Show full text

Added

Key Considerations Do Don't Familiarize yourself with what constitutes a protected group.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

A new guideline advises developers to review local laws regarding Educational, Documentary, Scientific, or Artistic (EDSA) content that references Nazism. This matters because what qualifies as permissible EDSA content varies by jurisdiction, and apps distributed in certain regions may face legal and policy conflicts. Developers publishing history, education, or documentary-style content should audit their content for regional compliance.

Show full text

Added

Review local laws regarding EDSA (Educational, Documentary, Scientific, or Artistic) content related to Nazism.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

Google has added an explicit requirement that apps adhere to local laws regarding sensitive content, not just Google's own policies. This matters for developers distributing apps across multiple regions, as what is permissible in one country may be illegal in another. Developers should conduct jurisdiction-specific legal reviews if their app deals with any sensitive subject matter.

Show full text

Added

Adhere to all local laws regarding sensitive content.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

Google has added an explicit violation example covering content that lacks sensitivity around the death of real individuals or groups due to suicide, overdose, or natural causes. This signals increased scrutiny of how apps handle such topics in news, social, or UGC contexts. Developers should ensure their content moderation and editorial standards treat these subjects with appropriate care.

Show full text

Added

Examples of common violations Lacking sensitivity regarding the death of a real person or group of people due to suicide, overdose, natural causes, etc.

inappropriate-contentInappropriate ContentmediumInappropriate Content
Added

A new specific prohibition bars apps from implying that using tobacco enhances a user's social, professional, or intellectual standing. This targets lifestyle-oriented tobacco promotion tactics common in advertising. Developers creating content, social, or lifestyle apps should review any tobacco-related content or imagery for messaging that could be interpreted as aspirational promotion.

Show full text

Added

Don't imply that using tobacco improves social, professional, or intellectual standing.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Removed

An example violation — specifically about lacking sensitivity regarding the death of real people due to suicide, overdose, or natural causes — has been removed from the overview section. This example previously served as a concrete illustration of policy expectations. Developers of apps covering mental health, news, or social content should verify whether this guidance still appears in the relevant detailed policy section, as its removal from the overview could reduce enforcement clarity.

Show full text

Removed

Examples of violations Lacking sensitivity regarding the death of a real person or group of people due to suicide, overdose, natural causes, etc.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Removed

The Tobacco and Alcohol policy summary — which covered restrictions on facilitating sales of tobacco, nicotine products, and inappropriate alcohol use — has been removed from the overview section. Given that a new alcohol-specific rule was simultaneously added elsewhere (index 80), developers should carefully review the standalone Tobacco and Alcohol policy section to understand the current full scope of restrictions, as this restructuring may accompany substantive updates.

Show full text

Removed

Tobacco and Alcohol We don't allow apps that facilitate the sale of tobacco or products containing nicotine (such as e-cigarettes, vape pens and nicotine pouches) or encourage the illegal or inappropriate use of alcohol, tobacco, or nicotine.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

A formal exemption is now documented for apps containing nudity when the primary purpose is educational, documentary, scientific, or artistic (EDSA). The content must be contextually justified and non-gratuitous to qualify. This is beneficial for developers of art, science, or documentary apps who may have previously been uncertain about compliance. However, the exemption is narrow — apps must clearly demonstrate the EDSA purpose to avoid rejection.

Show full text

Added

We grant an exemption for apps containing nudity if the primary objective is educational, documentary, scientific, or artistic (EDSA), provided the content is contextually justified and non-gratuitous.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Catalog apps whose primary offering is books or videos may qualify for an exemption under the updated policy. This is newly documented guidance that provides a pathway for general-purpose media catalog apps to remain compliant even if some sexual content exists in their libraries. Developers of such platforms should ensure their catalog is demonstrably mainstream and that sexual content is not a primary or promoted feature. This exemption does not apply broadly — it is specific to catalog-style apps.

Show full text

Added

The catalog apps that primarily offer books or videos may be exempted.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Even if an app is permitted to carry some sexual content, it must not actively promote or spotlight those titles within the app experience. This means features like featured banners, push notifications, or homepage placements for sexual content are now off-limits. Developers of eligible book or video catalog apps need to review their in-app merchandising and recommendation logic. Passive availability of such content appears to remain acceptable; active promotion does not.

Show full text

Added

Avoid actively promoting sexual titles in the app.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Google Play has published a new Hate Speech Policy summary, formally stating that apps inciting hatred or promoting violence against individuals or protected groups are not allowed. While hate speech restrictions existed in prior policy, this addition formalizes and surfaces the summary more prominently. Developers should be aware this policy now has a clearly labeled section, signaling stronger enforcement intent. Apps in news, social, or content-hosting categories should pay particular attention.

Show full text

Added

Hate Speech Policy Summary Google Play does not allow apps that incite hatred or promote violence against individuals or protected groups.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

A new notice advises that even educational or artistic apps referencing Nazism may be blocked in specific countries where local laws prohibit such content. This is a new explicit callout rather than a universal ban, but developers distributing globally need to be aware of country-level blocking risks. Apps in history, education, or documentary categories are most likely to be affected. Developers should consider geo-restriction strategies to manage compliance proactively.

Show full text

Added

Apps with educational, artistic or associated content related to Nazism may be blocked in some countries according to local laws.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Google has introduced a new 'Key Considerations' Do/Don't format for hate speech policy guidance. There was no prior structured checklist in this form. The first item explicitly requires developers to familiarize themselves with the definition of protected groups before publishing. This matters because ignorance of protected group definitions is no longer a viable defense if your app is flagged.

Show full text

Added

Key Considerations Do Don't Familiarize yourself with what constitutes a protected group.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

A new guideline instructs developers to review local laws when their app includes Educational, Documentary, Scientific, or Artistic (EDSA) content related to Nazism. Previously, EDSA content was referenced as a general exception to hate content rules without this explicit local-law review requirement. This is significant for developers distributing historically or educationally themed apps in regions with specific laws on Nazi-related content, such as Germany or Austria.

Show full text

Added

Review local laws regarding EDSA (Educational, Documentary, Scientific, or Artistic) content related to Nazism.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

A new policy summary note explicitly states that fictional violence depicted in a game context — such as cartoons, hunting, or fishing — is generally allowed on Google Play. Previously this exception was not spelled out in a summary-level statement. Developers building games with non-gratuitous fictional violence now have clearer written backing, but are reminded to review the full policy for edge cases.

Show full text

Added

Apps that depict fictional violence in the context of a game, such as cartoons, hunting or fishing, are generally allowed.Please review the full policy to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Google has added a requirement that apps comply with local laws concerning sensitive content, not just Google's own policies. This means an app that is policy-compliant globally may still be in violation if it breaches jurisdiction-specific regulations. Developers distributing apps across multiple regions should assess whether their sensitive content handling meets local legal standards in each target market. Non-compliance could result in regional removal or broader enforcement action.

Show full text

Added

Adhere to all local laws regarding sensitive content.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Google has added a specific violation example covering content that lacks sensitivity around the death of real individuals or groups due to suicide, overdose, or natural causes. This gives concrete guidance on what crosses the line under their sensitive content rules, which previously lacked this level of specificity. Developers of news, social, memorial, or health-related apps should review how their apps handle or display content about real-world deaths. Even user-generated content referencing such events in an insensitive way could put the app at risk.

Show full text

Added

Examples of common violations Lacking sensitivity regarding the death of a real person or group of people due to suicide, overdose, natural causes, etc.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

Google has added a specific rule against portraying tobacco use as a means of improving one's social, professional, or intellectual image. This targets aspirational or lifestyle-oriented tobacco marketing within apps. Developers producing content apps, games, or social platforms where tobacco use might be portrayed positively or aspirationally need to audit that content and remove any such messaging.

Show full text

Added

Don't imply that using tobacco improves social, professional, or intellectual standing.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLmediumCOLLAPSE ALL EXPAND ALL
Added

A new 'Don't' guideline prohibits apps from portraying excessive alcohol consumption favorably. This is a new named restriction that extends beyond simply prohibiting alcohol sales to regulating how alcohol consumption is depicted in app content. Developers of social, entertainment, gaming, or lifestyle apps where alcohol consumption is a theme should review their content to ensure it does not glorify or positively frame excessive drinking.

Show full text

Added

Don't portray excessive drinking favorably.

google-play-families-policiesGoogle Play Families PolicieslowGoogle Play Families Policies
Modified

The opening sentence of the Families Policies section has been prefixed with the label 'Full Policy.' This appears to be a structural/navigation change to distinguish the full policy text from summaries or overviews being added elsewhere on the page. It has no impact on actual policy requirements for developers.

Show full text

Removed

The use of technology as a tool for enriching families' lives continues to grow, and parents are looking for safe, high-quality content to share with their children.

Added

Full Policy The use of technology as a tool for enriching families' lives continues to grow, and parents are looking for safe, high-quality content to share with their children.

google-play-families-policiesGoogle Play Families PolicieslowGoogle Play Families Policies
Added

Google has added an explicit disclaimer clarifying that any policy summaries and 'Key Considerations' sections are overviews only and do not substitute for the full policy text. Developers must always consult the full policy to determine compliance obligations. This is important context: do not rely solely on summary sections when evaluating whether your app meets Families Policy requirements.

Show full text

Added

Disclaimer: Policy summaries and Key Considerations are overviews only; always refer to the full policy for compliance.

google-play-families-policiesGoogle Play Families PolicieslowGoogle Play Families Policies
Added

A new statement has been added confirming that the full policy text overrides any summary content if the two conflict. This reinforces the disclaimer in the previous change and signals that Google is introducing summarized content that may not capture every nuance. Developers should treat summaries as navigational aids, not authoritative compliance references.

Show full text

Added

The full policy takes precedence in case of conflict.

google-play-families-policiesGoogle Play Families PolicieslowGoogle Play Families Policies
Added

Google has added a banner-style notice indicating that upcoming policy changes will be reflected in the Families Policies article. This is a heads-up that the current article is in transition and may not yet reflect all announced changes. Developers should monitor the article for updates rather than treating the current version as final.

Show full text

Added

Changes are coming to this article This article will be updated with recently announced changes.

google-play-families-policiesGoogle Play Families PolicieslowGoogle Play Families Policies
Added

A general compliance reminder has been added to the Families Policies section directing developers to review the full policy. While this is a broad reminder rather than a new rule, it signals Google is reinforcing enforcement expectations. Developers with apps targeting or including children should audit their app against the complete Families Policy to avoid rejections.

Show full text

Added

Please review the full policy to ensure compliance.

device-and-network-abuseDevice and Network AbuselowDevice and Network Abuse
Added

Google Play has added a new introductory disclaimer and high-level policy summary to the Device and Network Abuse section. There was no prior summary block; the new content clarifies that policy summaries are overviews only and the full policy text always takes precedence. The summary reaffirms that apps and any embedded third-party SDKs must not perform unauthorized access or interference with devices, networks, APIs, services, other apps, or Google services. Developers should treat this as a navigation aid, but must still consult the full policy for compliance decisions.

Show full text

Added

Disclaimer: Policy summaries and Key Considerations are overviews only; always refer to the full policy for compliance. The full policy takes precedence in case of conflict. Policy Summary Google Play prohibits your app (or any third-party SDKs in your app) from unauthorized access or interference with the user's device, other devices, network, API, or service, other apps on the device, any Google service, or an authorized carrier’s network. This encompasses a range of harmful, high risk, or disruptive behaviors, such as performing self-updates outside the Play Store, downloading unauthorized executable code, exploiting security vulnerabilities, facilitating hacking, or creating game cheats that affect other apps. Protecting the integrity of the user's device and the broader ecosystem is paramount. Please review the full policy to ensure compliance. Full Policy We don’t allow apps that interfere with, disrupt, damage, or access in an unauthorized manner the user’s device, other devices or computers, servers, networks, application programming interfaces (APIs), or services, including but not limited to other apps on the device, any Google service, or an authorized carrier’s network. Apps on Google Play must comply with the default Android system optimization requirements documented in the Core App Quality guidelines for Google Play. An app distributed via Google Play may not modify, replace, or update itself using any method other than Google Play's update mechanism. Likewise, an app may not download executable code (such as dex, JAR, .so files) from a source other than Google Play. This restriction does not apply to code that runs in a virtual machine or an interpreter where either provides indirect access to Android APIs (such as JavaScript in a webview or browser). Apps or third-party code, like SDKs, with interpreted languages (JavaScript, Python, Lua, etc.) loaded at run time (for example, not packaged with the app) must not allow potential violations of Google Play policies. We don’t allow code that introduces or exploits security vulnerabilities. Check out the App Security Improvement Program to find out about the most recent security issues flagged to developers. Examples of common Device and Network Abuse violations: Apps that block or interfere with another app displaying ads. Game cheating apps that affect the gameplay of other apps. Apps that facilitate or provide instructions on how to hack services, software or hardware, or circumvent security protections. Apps that access or use a service or API in a manner that violates its terms of service. Apps that are not eligible for allowlisting and attempt to bypass system power management. Apps that facilitate proxy services to third parties may only do so in apps where that is the primary, user-facing core purpose of the app. Apps or third party code (for example, SDKs) that download executable code, such as dex files or native code, from a source other than Google Play. Apps that install other apps on a device without the user's prior consent. Apps that link to or facilitate the distribution or installation of malicious software. Apps or third party code (for example, SDKs) containing a webview with added JavaScript Interface that loads untrusted web content (for example, http:// URL) or unverified URLs obtained from untrusted sources (for example, URLs obtained with untrusted Intents). Apps that use the full-screen intent permission to force user interaction with disruptive ads or notifications. Apps that circumvent Android sandbox protections in order to derive user activity or user identity from other apps. Key Considerations Do Don't Ensure your app and any integrated SDKs comply with Android system optimization requirements in the Core App Quality guidelines. Don't install other apps on a device without explicit user consent. Respect the FLAG_SECURE setting, and on-device containers must respect REQUIRE_SECURE_ENV. Don't facilitate proxy services to third-parties unless it's the primary, user-facing core purpose of the app. Use User-initiated data transfer jobs only for user-initiated network data transfers that run only as long as needed. Don't use third-party SDKs in your app that download executable code (like dex or .so files) from outside Google Play (except in VMs/interpreters). Check out the App Security Improvement Program to find out about the most recent security issues flagged to developers. Don't bypass System power management unless eligible. Comply with Foreground Services policy. Don't block or interfere with another app displaying ads. Don't use the FULL-SCREEN INTENT permission to force interaction with disruptive ads and notifications. Permissions for Foreground Services (FGS) Policy Summary The Foreground Service permission policy ensures user transparency, privacy, and optimal device performance. For apps targeting Android 14+ you must declare valid Foreground Service (FGS) types in the manifest and Play Console, providing descriptions, user impact, and a demo video justifying their use based on user-initiated, perceptible actions. Please review the full policy to ensure compliance. Full Policy The Foreground Service permission ensures the appropriate use of user-facing foreground services. For apps targeting Android 14 and above, you must specify a valid foreground service type for each foreground service used in your app, and declare the foreground service permission that is appropriate for that type. For example, if your app’s use case requires map geolocation, you must declare the FOREGROUND_SERVICE_LOCATION permission in your app’s manifest. Apps are only allowed to declare a foreground service permission if the use: provides a feature that is beneficial to the user and relevant to the core functionality of the app is initiated by the user or is user perceptible (for example, audio from playing a song, cast media to another device, accurate and clear user notification, user request to upload a photo to the cloud) can be terminated or stopped by the user can’t be interrupted or deferred by the system without causing a negative user experience or causing the user anticipated feature to not work as intended (for example, a phone call needs to start immediately and can’t be deferred by the system) runs only for as long as necessary to complete the task The following foreground service use cases are exempt from the above criteria: foreground service types systemExempted or shortService; foreground service type dataSync only when using Play Asset Delivery features The use of foreground service is further explained here. Key Considerations Do Don't Run FGS only for as long as necessary to complete the task. Don't use FGS if system management of your task doesn’t break the user experience in your app. Consider alternatives like WorkManager. Ensure FGS provides a user-beneficial core app feature, is initiated by the user, is visible in notifications or is user perceptible (for example, audio from playing a song). Don't declare invalid or inaccurate FGS types in your app’s manifest. Submit a declaration form in your Play Console if targeting Android 14+ and describe the use case for each Foreground Services (FGS) permission used. Ensure the appropriate FGS type is selected. User-Initiated Data Transfer Jobs Policy Summary To maintain user control and prevent prolonged background activity Google Play provides strict guidelines for Apps using the user-initiated data transfer jobs API. Data transfers must be directly prompted by the user, ensuring that the app executes a command rather than initiating transfers independently. These transfers are exclusively for network data transfer tasks and must only operate for the duration required to complete the requested action. Please review the full policy to ensure compliance. Full Policy Apps are only allowed to use the user-initiated data transfer jobs API if the use is: initiated by the user for network data transfer tasks runs only for as long as necessary to complete the data transfer The usage of the user-initiated data transfer jobs API is further explained here. Key Considerations Do Don't Start transfers with user action. Don't initiate transfers automatically. Use for network data transfer tasks only. Don't use the API for non-network tasks. Stop when the transfer is finished. Don't run longer than needed. Flag Secure Requirements Policy Summary FLAG_SECURE is an app-declared display flag indicating sensitive data in the UI should be limited to secure surfaces, preventing screenshots and non-secure display viewing and capturing. Developers use this when content shouldn't be broadcast or viewed outside the app/device. Google Play requires all apps to respect other apps' FLAG_SECURE declarations and not bypass them for security and privacy. Please review the full policy to ensure compliance. Full Policy FLAG_SECURE is a display flag declared in an app’s code to indicate that its UI contains sensitive data intended to be limited to a secure surface while using the app. This flag is designed to prevent the data from appearing in screenshots or from being viewed on non-secure displays. Developers declare this flag when the app’s content should not be broadcast, viewed, or otherwise transmitted outside of the app or users’ device. For security and privacy purposes, all apps distributed on Google Play are required to respect the FLAG_SECURE declaration of other apps. Meaning, apps must not facilitate or create workarounds to bypass the FLAG_SECURE settings in other apps. Apps that qualify as an Accessibility Tool are exempt from this requirement, as long as they do not transmit, save, or cache FLAG_SECURE protected content for access outside of the user's device. Key Considerations Do Don't Declare FLAG_SECURE for sensitive data in the UI that needs protection from capture. Don't bypass or create workarounds for FLAG_SECURE settings in other apps. Respect other apps' FLAG_SECURE declarations for security and privacy. Don't transmit, save, or cache FLAG_SECURE protected content outside the device, even if an Accessibility Tool. Apps that Run On-device Android Containers Policy Summary To prevent security and privacy concerns, developers can use a `REQUIRE_SECURE_ENV` flag in their app manifest when on-device Android container apps lack the full security features of Android OS. The flag indicates the app should not run in a simulated environment. Apps providing these containers are required to respect this flag by not loading apps that declare it and are prohibited from bypassing this security measure. Please review the full policy to ensure compliance. Full Policy On-device Android container apps provide environments that simulate whole or portions of an underlying Android OS. The experience within these environments may not reflect the full suite of Android security features, which is why developers can choose to add a secure environment manifest flag to communicate to on-device Android containers that they must not operate in their simulated Android environment. Secure Environment Manifest Flag REQUIRE_SECURE_ENV is a flag that can be declared in an app’s manifest to indicate that this app must not run in on-device Android container apps. For security and privacy purposes, apps that provide on-device Android containers must respect all apps that declare this flag and: Review the manifests of apps they intend to load in their on-device Android container for this flag. Not load the apps that declared this flag into their on-device Android container. Not function as a proxy by intercepting or calling APIs on the device so that they appear to be installed in the container. Not facilitate, or create workarounds to bypass the flag (such as, loading an older version of an app to bypass the current app’s REQUIRE_SECURE_ENV flag). Learn more about this policy in our Help Center. Key Considerations Do Don't Apps that provide on-device containers must check for the REQUIRE_SECURE_ENV flag in other apps' manifests and not load them. Don't ignore the flag. You cannot load an app into your container if it declares the REQUIRE_SECURE_ENV flag. Avoid workarounds. You are prohibited from bypassing the flag, such as by loading older versions of an app. Don't bypass security measures. Do not create workarounds to override an app's security preference. Avoid proxying APIs. Do not function as a proxy by intercepting or calling APIs outside the container. Don't make it appear that apps are running in a secure environment when they are not. Review the policy requirements for on-device Android containers. Help us improve this policy article by taking a 2-minute survey.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Removed

The rule explicitly stating that a privacy policy must be clearly labeled as such — for example, titled 'Privacy Policy' — has been removed from the Developer Program Policy. This requirement helped ensure users could identify and locate the document. Its removal may reduce enforcement around how the document is titled or surfaced, though best practice remains to label it clearly.

Show full text

Removed

Clear labeling as a privacy policy (for example, listed as “privacy policy” in title).

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Removed

The introductory text explaining that Google Play content ratings are provided by the International Age Rating Coalition (IARC) and are designed to help developers communicate locally relevant ratings has been removed. This may indicate a restructuring of the content ratings section rather than a policy change. Developers should review the current content ratings documentation to ensure their app's rating remains accurate and compliant.

Show full text

Removed

Content Ratings Content ratings on Google Play are provided by the International Age Rating Coalition (IARC)and are designed to help developers communicate locally relevant content ratings to users.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Removed

A line directing developers to the Inappropriate Ads policy for further information has been removed. This is likely a structural or navigation change rather than a substantive policy shift. Developers building ad-supported apps should still consult the Inappropriate Ads policy directly, as the underlying requirements remain in effect.

Show full text

Removed

Refer to Inappropriate Adspolicy for more information.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

Google has added a general reminder instructing developers to review the full Developer Program Policy to ensure compliance. This is an informational addition rather than a new substantive rule. While it does not impose new requirements on its own, it signals that developers should not rely solely on summaries and should be familiar with the complete policy document.

Show full text

Added

Please review the full policy to ensure compliance.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

Google has added introductory text for a new or restructured section that presents requirements for specific developer activities in a table format. This appears to be a structural addition to the policy document that organizes existing or new requirements more clearly. Developers should review the associated table to understand which activity-specific rules now apply to their apps.

Show full text

Added

Full Policy In addition to the requirements above, the table below describes requirements for specific activities.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

This addition is a directive encouraging developers to read the complete Data Safety policy rather than relying on summaries. While this is largely a procedural reminder, it signals that the policy is detailed enough that partial compliance is a real risk. Developers should not assume familiarity with older versions of the policy is sufficient.

Show full text

Added

Please review the full policy to ensure compliance.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

Google has added an advisory statement encouraging developers to treat SDK integration as an opportunity for a thorough code audit. While this is framed as guidance rather than a hard rule, it reinforces the broader accountability requirements around third-party SDKs. Developers should treat this as context supporting the adjacent enforceable requirements, not as optional advice.

Show full text

Added

This is an important opportunity to audit your app, know your code, and what you integrate into it.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

A new informational note highlights that developers can consult the Play SDK Index to find data practice disclosures from SDK providers. This is an advisory statement rather than a new rule, but it provides a practical tool to help developers meet the adjacent SDK verification requirement. Developers integrating popular SDKs should check the index as a starting point for their audits.

Show full text

Added

Many SDKs share their data practices on Play SDK Index.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

A general reminder has been added to the Developer Program Policy instructing developers to review the full policy for compliance. This is a housekeeping notice rather than a substantive rule change. However, its addition alongside new App Set ID guidance (see related changes) signals that Google expects developers to be actively aware of updated requirements. Developers should treat this as a prompt to audit their apps against current policy.

Show full text

Added

Please review the full policy to ensure compliance.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

This is a closing directive within the new Data Privacy Frameworks policy summary, instructing developers to consult the full policy text. While it carries no standalone requirement, it signals that the summary sections are not exhaustive and developers must review the complete policy to understand all obligations.

Show full text

Added

Please review the full policy to ensure compliance.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

Google has added introductory text to the Content Ratings section formally identifying the International Age Rating Coalition (IARC) as the body that provides ratings on Google Play and explaining that these ratings are designed to communicate locally relevant content classifications to users. Previously this context may not have been stated explicitly in policy. Developers should ensure they complete the IARC questionnaire accurately, as the ratings it produces are now described as a core mechanism for user communication.

Show full text

Added

Content Ratings Content ratings on Google Play are provided by the International Age Rating Coalition (IARC) and are designed to help developers communicate locally relevant content ratings to users.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

A pointer to the Inappropriate Ads policy has been added, directing developers there for further information on related ad content rules. This is a navigational addition rather than a new substantive rule, but it signals that the two policy areas are formally linked. Developers serving ads should review the Inappropriate Ads policy to ensure their ad implementations remain compliant under both frameworks.

Show full text

Added

Refer to Inappropriate Ads policy for more information.

prominent-disclosure-consent-requirementProminent Disclosure & Consent RequirementlowProminent Disclosure & Consent Requirem…
Modified

The text "Full Policy" has been added at the start of the Prominent Disclosure & Consent Requirement section. The underlying disclosure and consent requirements themselves are unchanged. This appears to be a structural or navigational label, likely introduced to distinguish this full policy text from a summary version added nearby. No developer action is required based on this change alone.

Show full text

Removed

In cases where your app’s access, collection, use, or sharing of personal and sensitive user data may not be within the reasonable expectation of the user of the product or feature in question (for example, if data collection occurs in the background when the user is not engaging with your app), you must meet the following requirements: Prominent disclosure: You must provide an in-app disclosure of your data access, collection, use, and sharing.

Added

Full Policy In cases where your app's access, collection, use, or sharing of personal and sensitive user data may not be within the reasonable expectation of the user of the product or feature in question (for example, if data collection occurs in the background when the user is not engaging with your app), you must meet the following requirements: Prominent disclosure: You must provide an in-app disclosure of your data access, collection, use, and sharing.

prominent-disclosure-consent-requirementProminent Disclosure & Consent RequirementlowProminent Disclosure & Consent Requirem…
Added

Google has added a "Policy Summary" block to the Prominent Disclosure & Consent Requirement section, providing a plain-language overview of the requirement. It highlights that stringent rules apply when data collection or use may not be expected by the user, such as background data collection. The underlying policy requirements are not changed by this addition, but the summary makes the intent clearer and signals Google's emphasis on this area during review.

Show full text

Added

Policy Summary Google Play policy mandates stringent requirements for handling sensitive personal or device data, particularly when its collection or use might not be expected by the user (e.g., background data collection).

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesslowRestrictions for Personal and Sensitive…
Modified

The introductory sentence in the Restrictions for Personal and Sensitive Data Access section has been prefixed with the label 'Full Policy'. The underlying text and meaning are unchanged. This appears to be a structural or navigation change, likely to distinguish the full policy text from a new summary block added nearby. No action is required from developers.

Show full text

Removed

In addition to the requirements above, the table below describes requirements for specific activities.

Added

Full Policy In addition to the requirements above, the table below describes requirements for specific activities.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesslowRestrictions for Personal and Sensitive…
Added

A brief reminder has been added encouraging developers to review the full policy for compliance. This is an editorial/navigational addition with no new substantive requirements. However, it signals that Google wants developers to engage with the complete policy text rather than rely solely on summaries, which may indicate upcoming enforcement emphasis.

Show full text

Added

Please review the full policy to ensure compliance.

privacy-policyPrivacy PolicylowPrivacy Policy
Modified

The existing requirement for apps to post a privacy policy link in Play Console and within the app itself is unchanged, but it has been relabeled under a 'Full Policy' heading. This appears to be a structural change to introduce a tiered presentation (full policy vs. summary). While the underlying rule is the same, developers should be aware the section is being reorganized, which may signal additional sub-requirements to follow.

Show full text

Removed

All apps must post a privacy policy link in the designated field within Play Console, and a privacy policy link or text within the app itself.

Added

Full Policy All apps must post a privacy policy link in the designated field within Play Console, and a privacy policy link or text within the app itself.

privacy-policyPrivacy PolicylowPrivacy Policy
Added

A new 'Policy Summary' block has been added to the Privacy Policy section, restating that every app must have a comprehensive privacy policy accessible within the app and linked in Play Console. While this largely reflects existing requirements, the introduction of a formal summary format suggests Google is restructuring this section for clarity and may be raising enforcement visibility. Developers should treat this as a reminder to audit their privacy policy placement and completeness.

Show full text

Added

Policy Summary To promote user trust and privacy, Google Play requires every app to have a comprehensive privacy policy accessible within the app and linked in the Play Console.

privacy-policyPrivacy PolicylowPrivacy Policy
Added

A new 'Key Considerations' block with a Do/Don't format has been added to the Privacy Policy section. The visible content reiterates that the comprehensive privacy policy must be linked in Play Console. This appears to be the beginning of a structured checklist format for this section. While the stated requirement is not new, the format change suggests more Do/Don't items may be added, and developers should monitor this section for further updates.

Show full text

Added

Key Considerations Do Don't Ensure your comprehensive privacy policy is linked in Play Console.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkslowEU-U.S., UK, and Swiss Data Privacy Fra…
Modified

The existing policy text for handling EU Personal Information has been lightly modified: a 'Full Policy' heading was prepended and a minor trailing word change ('individual' vs 'the individual') was made. The substantive obligations — complying with applicable laws and respecting user consent — remain unchanged. Developers should note this is primarily a structural/formatting update, though the label change indicates a policy summary section is being introduced alongside the full text.

Show full text

Removed

If you access, use, or process personal information made available by Google that directly or indirectly identifies an individual and that originated in the European Economic Area, United Kingdom, or Switzerland (“EU Personal Information”), then you must: Comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules; Access, use or process EU Personal Information only for purposes that are consistent with the consent obtained from the individual to whom the EU Personal Information relates; Implement appropriate organizational and technical measures to protect EU Personal Information against loss, misuse, and unauthorized or unlawful access, disclosure, alteration and destruction; and Provide the same level of protection as is required by the Data Privacy Framework Principles or the applicable transfer mechanism as described in the Google Controller-Controller Data Protection Terms.

Added

Full Policy If you access, use, or process personal information made available by Google that directly or indirectly identifies an individual and that originated in the European Economic Area, United Kingdom, or Switzerland ("EU Personal Information"), then you must: Comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules; Access, use or process EU Personal Information only for purposes that are consistent with the consent obtained from the individual to whom the EU Personal Information relates; Implement appropriate organizational and technical measures to protect EU Personal Information against loss, misuse, and unauthorized or unlawful access, disclosure, alteration and destruction; and Provide the same level of protection as is required by the Data Privacy Framework Principles or the applicable transfer mechanism as described in the Google Controller-Controller Data Protection Terms.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkslowEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google has added a 'Policy Summary' section to the EU-U.S., UK, and Swiss Data Privacy Frameworks page, providing a plain-language overview of the requirements. It restates that apps handling personal data from EEA, UK, or Swiss users must comply with applicable privacy and data protection laws. This is a structural addition to improve clarity rather than a new substantive obligation, but it signals Google is emphasizing these rules more prominently.

Show full text

Added

Policy Summary If your app handles personal data from users in the European Economic Area, UK, or Switzerland, you must comply with their privacy and data protection laws.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkslowEU-U.S., UK, and Swiss Data Privacy Fra…
Added

As part of the new policy summary, Google has added an explicit statement that developers must obtain user consent and protect EU/UK/Swiss personal data from misuse. This restates existing obligations in plain language within the summary. While not a new rule, its prominence in the summary section means Google is making these expectations harder to overlook.

Show full text

Added

You must obtain user consent and protect this data from misuse.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkslowEU-U.S., UK, and Swiss Data Privacy Fra…
Added

A short closing line has been added to the policy summary directing developers to review the full policy to ensure compliance. This is an editorial/navigational addition rather than a new substantive rule. It reinforces that the summary section is not exhaustive and developers are expected to understand the complete policy.

Show full text

Added

Please review the full policy to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

A brief directive has been added instructing developers to review the full policy to ensure compliance. This is largely a navigational or administrative addition rather than a new substantive rule. However, it reinforces that the summary section is not sufficient for compliance decisions. Developers should treat this as a signal to audit against the full policy text, not just the summary.

Show full text

Added

Please review the full policy to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

A closing note has been added to the Inappropriate Content section directing developers to review the full policy for complete compliance guidance. This is an administrative addition and does not itself introduce new requirements. However, it signals that the inline section is a summary and developers should not rely solely on it — consulting the full policy documentation is expected.

Show full text

Added

Please review the full policy to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

Google has added explicit guidance confirming that fictional violence within a game context — such as cartoon violence, hunting, or fishing games — is generally allowed. Previously, the line between permitted and prohibited violence was less clearly defined. This gives developers of such games clearer footing, though they are still directed to review the full policy for edge cases.

Show full text

Added

Apps that depict fictional violence in the context of a game, such as cartoons, hunting or fishing, are generally allowed.Please review the full policy to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

A note has been added prompting developers to review the complete Violent Extremism policy to ensure their apps comply. This is a navigational/advisory addition rather than a new substantive rule. However, it signals that the policy is more detailed than the summary and that developers should not rely solely on the summary.

Show full text

Added

Please review the full policy to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

This addition directs developers to consult the full Bullying and Harassment Policy and its examples rather than relying solely on the summary. While this is a procedural/instructional note rather than a new substantive rule, it signals that compliance expectations are detailed and that developers cannot claim ignorance of the full policy. Developers should proactively read the complete policy document to understand all covered scenarios.

Show full text

Added

Please review the full policy and examples to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

A new directive has been added prompting developers to review the complete Inappropriate Content policy rather than relying on summaries or partial readings. This signals that Google considers the full policy scope important and expects developers to be aware of all its provisions. Apps in categories touching sensitive content should ensure their teams have reviewed the entire policy section thoroughly.

Show full text

Added

Please review the full policy to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

Google has added a prompt directing developers to review the full Inappropriate Content policy and its common violations. This is a navigational/editorial addition rather than a new rule itself, but it signals that Google is restructuring this policy section for clarity. Developers should treat it as a cue to audit their apps against the full policy.

Show full text

Added

Please review the full policy and common violations to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

A prompt has been added directing developers to review the full Tobacco and Alcohol policy for compliance details. Like the similar addition at index 70, this is an editorial/navigational element rather than a substantive rule change. However, its presence signals a more structured and enforced policy section that developers should take seriously.

Show full text

Added

Please review the full policy to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Added

This addition is a standard compliance reminder directing developers to review the full policy. While it contains no new rules itself, its presence within the newly added summary section signals that Google considers the full policy document authoritative and expects developers to be familiar with it. Treat this as a prompt to audit your app against the complete policy, not just the summary.

Show full text

Added

Please review the full policy to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Added

This addition is a brief prompt within the Hate Speech Policy summary directing developers to review the complete policy text. It carries no new substantive rules on its own but signals that the summary is intentionally condensed and the full policy contains binding details. Developers should follow the link to the full policy to understand all requirements rather than relying on the summary alone.

Show full text

Added

Please review the full policy to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Added

A standard compliance reminder has been added directing developers to review the full Violent Extremism policy. This is a navigational/editorial addition that does not introduce new rules on its own, but signals that the surrounding policy content has been expanded and warrants a full read. Developers in adjacent content areas should take this as a cue to audit their apps against the updated policy.

Show full text

Added

Please review the full policy to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Added

This addition directs developers to consult the full policy text and examples to ensure their apps comply with the Bullying and Harassment Policy. While largely procedural, it signals that Google expects developers to be familiar with detailed guidance beyond the summary. This is a low-friction reminder but underscores that ignorance of the full policy is not an acceptable defense. Developers should locate and review the complete policy document.

Show full text

Added

Please review the full policy and examples to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Added

Google has added a general compliance reminder telling developers to review the full policy. While this is not a new rule in itself, its placement signals increased enforcement focus on this section. Developers with apps in or near dangerous products categories should treat this as a prompt to audit their app against all related policies.

Show full text

Added

Please review the full policy to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Added

Google has added a closing compliance prompt for the marijuana policy section, directing developers to review both the full policy and documented common violations. While not a rule change itself, this signals that Google is actively tracking and documenting enforcement patterns in this area. Developers should review the linked common violations examples as they may clarify edge cases not explicitly covered by the policy text.

Show full text

Added

Please review the full policy and common violations to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Added

A brief notice has been added prompting developers to review the full policy to ensure compliance. This is a navigational/instructional addition with no standalone new requirement, but it signals that the accompanying policy content is substantive and warrants attention. Developers should treat it as a prompt to audit their apps against the newly added rules.

Show full text

Added

Please review the full policy to ensure compliance.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Removed

The rule requiring that the privacy policy document be clearly labeled as such (e.g., titled 'Privacy Policy') has been removed. Previously this was a straightforward formatting requirement to help users identify the document. Developers should confirm whether a labeling standard still applies under revised guidance.

Show full text

Removed

Clear labeling as a privacy policy (for example, listed as “privacy policy” in title).

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Removed

The introductory text explaining that Google Play content ratings are provided by the International Age Rating Coalition (IARC) and are designed to communicate locally relevant ratings to users has been removed from this section. This is likely a structural reorganization, as IARC ratings remain a core part of the Play publishing process. Developers should refer to the dedicated Content Ratings section for current requirements.

Show full text

Removed

Content Ratings Content ratings on Google Play are provided by the International Age Rating Coalition (IARC)and are designed to help developers communicate locally relevant content ratings to users.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Removed

A short sentence directing developers to the Inappropriate Ads policy for more information has been removed. This is a minor structural cleanup — the Inappropriate Ads policy itself is unchanged. Developers building ad-supported apps should continue to consult that policy directly.

Show full text

Removed

Refer to Inappropriate Adspolicy for more information.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

Google has added a general advisory prompting developers to review the complete Developer Program Policy to confirm compliance. This is a housekeeping addition with no new technical requirement on its own. However, it signals that accompanying policy changes are significant enough that Google wants developers to conduct a full review. No immediate action is required beyond using it as a prompt to re-audit your app against the full policy.

Show full text

Added

Please review the full policy to ensure compliance.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

Google has added a 'Full Policy' section heading that introduces a structured table outlining requirements tied to specific developer activities. This is primarily a structural and navigational change to the policy document. However, because it references a table of activity-specific requirements, developers should review the table contents to determine whether any of those requirements apply to their app's functionality.

Show full text

Added

Full Policy In addition to the requirements above, the table below describes requirements for specific activities.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

This addition is a directive reminding developers to read the complete Data Safety policy to ensure their apps are compliant. It does not introduce new rules on its own but signals that the full policy contains requirements beyond the summary. Developers should treat this as a prompt to thoroughly review all related policy sections rather than relying on summaries alone.

Show full text

Added

Please review the full policy to ensure compliance.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

This new addition frames SDK and code auditing as an important best practice and opportunity rather than just a compliance checkbox. While phrased as advisory, it reinforces the accountability expectations set by the surrounding requirements. Developers should treat this as a signal that Google expects them to have full knowledge of their codebase and its data behaviors, which underpins enforcement of related policies.

Show full text

Added

This is an important opportunity to audit your app, know your code, and what you integrate into it.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

This new note points developers to the Play SDK Index as a tool to help verify third-party SDK data handling practices. While informational, it complements the new requirement to audit all SDKs. Developers integrating SDKs not listed on the index will need to find data practice disclosures through other means. This is a low-severity addition but supports compliance with the higher-severity SDK verification requirement.

Show full text

Added

Many SDKs share their data practices on Play SDK Index.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

A general reminder to review the full Developer Program Policy for compliance has been added. This is a navigational/instructional note rather than a new rule. However, its addition signals that surrounding policy content is substantive and developers should audit their apps accordingly.

Show full text

Added

Please review the full policy to ensure compliance.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

This addition serves as a closing directive within the policy summary section, instructing developers to consult the full policy text rather than relying solely on the summary. While this sentence itself is informational, it signals that the summary does not capture all obligations and that developers are responsible for understanding the complete requirements. Developers should treat this as a prompt to review the full policy in detail. No standalone new requirement is introduced by this sentence alone.

Show full text

Added

Please review the full policy to ensure compliance.

developer-program-policyDeveloper Program PolicylowDeveloper Program Policy
Added

A new reference directing developers to the Inappropriate Ads policy has been added. This suggests that the surrounding content — likely related to ad content or monetization — now explicitly links to the Inappropriate Ads guidelines for further detail. Developers serving ads in their apps should ensure they are familiar with and compliant with that specific policy, as this cross-reference signals Google is tightening the connection between these policy areas.

Show full text

Added

Refer to Inappropriate Ads policy for more information.

prominent-disclosure-consent-requirementProminent Disclosure & Consent RequirementlowProminent Disclosure & Consent Requirem…
Modified

The Prominent Disclosure & Consent Requirement section now begins with the label "Full Policy" before its existing content. The underlying requirement — that apps must provide in-app disclosure when collecting or sharing personal data beyond user expectations — is unchanged. This structural label likely distinguishes the full policy text from a newly added summary version, but developers should be aware the actual requirement wording has not changed.

Show full text

Removed

In cases where your app’s access, collection, use, or sharing of personal and sensitive user data may not be within the reasonable expectation of the user of the product or feature in question (for example, if data collection occurs in the background when the user is not engaging with your app), you must meet the following requirements: Prominent disclosure: You must provide an in-app disclosure of your data access, collection, use, and sharing.

Added

Full Policy In cases where your app's access, collection, use, or sharing of personal and sensitive user data may not be within the reasonable expectation of the user of the product or feature in question (for example, if data collection occurs in the background when the user is not engaging with your app), you must meet the following requirements: Prominent disclosure: You must provide an in-app disclosure of your data access, collection, use, and sharing.

prominent-disclosure-consent-requirementProminent Disclosure & Consent RequirementlowProminent Disclosure & Consent Requirem…
Added

A "Policy Summary" block has been added to the Prominent Disclosure & Consent Requirement section, providing a plain-language overview of what the policy requires around sensitive or unexpected data collection (e.g., background data). This is a new addition to the document structure rather than a change to the underlying rules. While it does not alter developer obligations, its presence confirms Google is restructuring this section to include both a summary and full policy view, which may affect how the policy is surfaced to developers.

Show full text

Added

Policy Summary Google Play policy mandates stringent requirements for handling sensitive personal or device data, particularly when its collection or use might not be expected by the user (e.g., background data collection).

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesslowRestrictions for Personal and Sensitive…
Modified

The text introducing the restrictions table now includes a 'Full Policy' label prepended to it. The underlying requirement — that the table describes requirements for specific activities — is unchanged. This appears to be a structural/labeling change to distinguish full policy content from a summary view, but it is not purely cosmetic as it introduces new navigational or structural text.

Show full text

Removed

In addition to the requirements above, the table below describes requirements for specific activities.

Added

Full Policy In addition to the requirements above, the table below describes requirements for specific activities.

restrictions-for-personal-and-sensitive-data-accessRestrictions for Personal and Sensitive Data AccesslowRestrictions for Personal and Sensitive…
Added

A closing line has been added to this section directing developers to review the full policy to ensure compliance. This is an informational/navigational addition with no new substantive requirement. However, it signals that the summary content in this section is not exhaustive and that the full policy contains additional obligations developers must follow.

Show full text

Added

Please review the full policy to ensure compliance.

privacy-policyPrivacy PolicylowPrivacy Policy
Modified

The existing privacy policy requirement text has been relabeled with a 'Full Policy' heading, apparently to differentiate it from a newly introduced 'Policy Summary' section. The underlying requirement — posting a privacy policy link in Play Console and within the app — has not changed. This is a structural reorganization rather than a new obligation, but developers should be aware the section layout has changed. No immediate action is required unless the new summary requirements (added separately) affect your app.

Show full text

Removed

All apps must post a privacy policy link in the designated field within Play Console, and a privacy policy link or text within the app itself.

Added

Full Policy All apps must post a privacy policy link in the designated field within Play Console, and a privacy policy link or text within the app itself.

privacy-policyPrivacy PolicylowPrivacy Policy
Added

A new Policy Summary subsection has been introduced in the Privacy Policy guidelines, framing the requirement around user trust and privacy. It reiterates that every app must have a comprehensive privacy policy accessible within the app and linked in Play Console. While this is largely contextual framing rather than a new rule, it signals Google's intent to enforce comprehensiveness more strictly. Developers should ensure their privacy policy is genuinely comprehensive, not just a token document.

Show full text

Added

Policy Summary To promote user trust and privacy, Google Play requires every app to have a comprehensive privacy policy accessible within the app and linked in the Play Console.

privacy-policyPrivacy PolicylowPrivacy Policy
Added

Google has added a 'Key Considerations' section with a Do/Don't format to the Privacy Policy guidelines, with an initial item emphasizing that a comprehensive privacy policy must be linked in Play Console. This appears to be the start of a structured checklist format for this section. While the underlying requirement is not new, the checklist format may signal additional Do/Don't items to follow. Developers should ensure Play Console has an up-to-date, accurate privacy policy link.

Show full text

Added

Key Considerations Do Don't Ensure your comprehensive privacy policy is linked in Play Console.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkslowEU-U.S., UK, and Swiss Data Privacy Fra…
Modified

The opening text of this section was lightly restructured — a 'Full Policy' label was prepended and a trailing word ('individual') was trimmed from the visible excerpt. The substantive obligations (comply with privacy laws, use data consistent with consent) remain unchanged. This appears to be a formatting change to introduce a summary/full-policy layout rather than a change in policy requirements. Developers do not need to change any practices as a result.

Show full text

Removed

If you access, use, or process personal information made available by Google that directly or indirectly identifies an individual and that originated in the European Economic Area, United Kingdom, or Switzerland (“EU Personal Information”), then you must: Comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules; Access, use or process EU Personal Information only for purposes that are consistent with the consent obtained from the individual to whom the EU Personal Information relates; Implement appropriate organizational and technical measures to protect EU Personal Information against loss, misuse, and unauthorized or unlawful access, disclosure, alteration and destruction; and Provide the same level of protection as is required by the Data Privacy Framework Principles or the applicable transfer mechanism as described in the Google Controller-Controller Data Protection Terms.

Added

Full Policy If you access, use, or process personal information made available by Google that directly or indirectly identifies an individual and that originated in the European Economic Area, United Kingdom, or Switzerland ("EU Personal Information"), then you must: Comply with all applicable privacy, data security, and data protection laws, directives, regulations, and rules; Access, use or process EU Personal Information only for purposes that are consistent with the consent obtained from the individual to whom the EU Personal Information relates; Implement appropriate organizational and technical measures to protect EU Personal Information against loss, misuse, and unauthorized or unlawful access, disclosure, alteration and destruction; and Provide the same level of protection as is required by the Data Privacy Framework Principles or the applicable transfer mechanism as described in the Google Controller-Controller Data Protection Terms.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkslowEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google added a 'Policy Summary' blurb that restates in plain language that apps handling personal data from EEA, UK, or Swiss users must comply with applicable privacy and data protection laws. This is a new editorial summary block, not a new substantive rule. The underlying obligations already existed under GDPR and related frameworks. Developers should use this as a quick reference but must still review the full policy for compliance details.

Show full text

Added

Policy Summary If your app handles personal data from users in the European Economic Area, UK, or Switzerland, you must comply with their privacy and data protection laws.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkslowEU-U.S., UK, and Swiss Data Privacy Fra…
Added

Google added a summary statement explicitly noting that apps must obtain user consent and protect EU/UK/Swiss personal data from misuse. This restates existing obligations in a more prominent, scannable format rather than introducing new requirements. Developers already subject to GDPR or similar frameworks are not impacted by new rules here. It does reinforce that both consent and data security are non-negotiable for this data category.

Show full text

Added

You must obtain user consent and protect this data from misuse.

eu-us-uk-and-swiss-data-privacy-frameworksEU-U.S., UK, and Swiss Data Privacy FrameworkslowEU-U.S., UK, and Swiss Data Privacy Fra…
Added

A closing line was added to the policy summary directing developers to review the full policy text to ensure compliance. This is an editorial prompt rather than a new substantive rule. It signals that the summary section is not exhaustive and that developers should not rely solely on the bullet points. No action is required beyond reviewing the full policy, which was already expected.

Show full text

Added

Please review the full policy to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

Google Play has introduced a new 'Policy Summary' block explicitly stating that apps containing or promoting sexual content or profanity are not allowed. While this prohibition is not new in substance, the addition of a structured summary section signals a formal reorganization of how this policy is presented. Developers should treat the full policy (not just the summary) as the authoritative source.

Show full text

Added

COLLAPSE ALL EXPAND ALL Sexual Content and Profanity Policy Summary We don't allow apps on Google Play that contain or promote sexual content or profanity.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

A brief directive instructs developers to review the full policy to ensure compliance. This is essentially a navigational prompt accompanying the new summary section rather than a substantive new rule. It reinforces that the summary alone is insufficient for determining compliance.

Show full text

Added

Please review the full policy to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

This addition is a boilerplate call-to-action urging developers to read the complete policy rather than relying on summaries. It carries no new substantive requirements on its own. However, its presence alongside the other new rules reinforces that the full policy contains additional detail that developers are expected to follow.

Show full text

Added

Please review the full policy to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

Google has added explicit guidance clarifying that fictional violence within a game context — such as cartoon violence, hunting, or fishing games — is generally allowed on Google Play. Previously, the violence policy lacked this explicit carve-out, leaving developers uncertain. Developers of such games should still review the full violence policy to ensure their specific implementation qualifies for this exception.

Show full text

Added

Apps that depict fictional violence in the context of a game, such as cartoons, hunting or fishing, are generally allowed.Please review the full policy to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

A compliance reminder has been added directing developers to review the full Violent Extremism policy. This is an administrative addition that signals Google is placing greater emphasis on this policy area. While the text itself is a procedural note, its presence alongside substantive new rules means developers should treat this as a prompt to audit their apps against the full policy.

Show full text

Added

Please review the full policy to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

Google has added a directive reminding developers to consult the full policy text and examples, not just the summary. While this is procedural in nature, it signals that the full policy contains additional enforceable details beyond the summary. Developers should proactively review the complete policy to avoid gaps in compliance.

Show full text

Added

Please review the full policy and examples to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

A new prompt has been added instructing developers to review the complete policy for compliance. While this is largely administrative in nature, it signals that Google expects developers to be fully familiar with all sub-sections of the Inappropriate Content policy — not just the headline rules. Developers should audit their apps against the full policy text.

Show full text

Added

Please review the full policy to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

Google has added a prompt directing developers to review the full Inappropriate Content policy and common violations. This is a navigational/instructional addition rather than a new rule itself. Developers should treat it as a signal that Google is reinforcing scrutiny of this policy area and ensure they are familiar with all sub-policies.

Show full text

Added

Please review the full policy and common violations to ensure compliance.

inappropriate-contentInappropriate ContentlowInappropriate Content
Added

A prompt has been added directing developers to review the complete tobacco and alcohol policy for compliance. This is an instructional addition with no new rule content of its own. It signals that Google wants developers to proactively engage with the detailed policy rather than relying on summaries alone.

Show full text

Added

Please review the full policy to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Removed

A condensed summary of the Sexual Content and Profanity policy that appeared in the collapsed/expanded overview section has been removed. This appears to be a structural reorganization of the policy page rather than a change to the underlying rule itself, which likely remains in its dedicated section. Developers should verify the current standalone Sexual Content and Profanity section is still intact and unchanged to confirm no substantive policy shift occurred.

Show full text

Removed

Sexual Content and Profanity We don't allow apps that contain or promote sexual content or profanity, including pornography, or any content or services intended to be sexually gratifying.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Removed

The condensed Hate Speech policy blurb has been removed from the collapsed/expanded overview section of the policy page. This is likely a navigational or structural change rather than a removal of the underlying Hate Speech policy. Developers should check whether the full Hate Speech policy still exists in its own dedicated section to confirm no substantive rule was eliminated.

Show full text

Removed

Hate Speech We don't allow apps that promote violence, or incite hatred against individuals or groups based on race or ethnic origin, religion, disability, age, nationality, veteran status, sexual orientation, gender, gender identity, caste, immigration status, or any other characteristic that is associated with systemic discrimination or marginalization.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Removed

The brief Violence policy summary previously shown in the overview collapse/expand area has been removed. This appears structural — the core Violence policy likely still exists in its own section — but its removal from the overview reduces visibility. Developers building apps with violent or dangerous activity content should confirm the full policy still applies in its dedicated section.

Show full text

Removed

Violence We don't allow apps that depict or facilitate gratuitous violence or other dangerous activities.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Removed

The Violent Extremism policy overview entry — which addressed terrorist and dangerous organizations using Google Play — has been removed from the collapse/expand summary area. As with other removals in this section, this is likely a page restructuring rather than a policy elimination. Developers should confirm the full Violent Extremism policy is still present elsewhere in the guidelines.

Show full text

Removed

Violent Extremism We do not permit terrorist organizations, or other dangerous organizations or movements that have engaged in, prepared for, or claimed responsibility for acts of violence against civilians to publish apps on Google Play for any purpose, including recruitment.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Removed

The Bullying and Harassment policy blurb has been removed from the page's collapsed/expanded overview area. This is consistent with a broader structural reorganization of the overview section. The underlying policy against apps containing or facilitating threats, harassment, or bullying is expected to remain in its dedicated section, which developers should reference directly.

Show full text

Removed

Bullying and Harassment We don't allow apps that contain or facilitate threats, harassment, or bullying.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Removed

The Dangerous Products policy summary — covering explosives, firearms, ammunition, and certain accessories — has been removed from the collapse/expand overview. This follows the same pattern of structural page reorganization seen in other removals. Developers building apps related to firearms or related products should consult the full Dangerous Products policy section to ensure compliance requirements are unchanged.

Show full text

Removed

Dangerous Products We don't allow apps that facilitate the sale of explosives, firearms, ammunition, or certain firearms accessories.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Removed

The overview entry prohibiting apps that facilitate the sale of marijuana or marijuana products has been removed from the collapse/expand summary section. This appears to be a structural change consistent with other overview removals, not an indication that marijuana sales are now permitted. Developers in cannabis-adjacent spaces should check the dedicated Marijuana policy section for current rules.

Show full text

Removed

Marijuana We don't allow apps that facilitate the sale of marijuana or marijuana products, regardless of legality.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Added

A prompt has been added encouraging developers to review the complete Sexual Content and Profanity policy. While this is largely navigational guidance, it signals that Google expects developers to be fully informed of all policy nuances. This is relevant context indicating the summary sections above are not exhaustive. Developers should treat this as a reminder to consult the full policy documentation rather than relying solely on summaries.

Show full text

Added

Please review the full policy to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Added

A new line directs developers to review the full Hate Speech policy to ensure their apps are compliant. This is largely an administrative or navigational addition accompanying the new policy summary. While it carries no standalone technical requirement, it signals that Google expects developers to be fully informed of the detailed policy. Developers should treat this as a prompt to read and act on the complete policy text.

Show full text

Added

Please review the full policy to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Added

A brief note has been added prompting developers to review the full Violent Extremism policy to ensure compliance. This is a navigational/reminder addition rather than a new substantive rule. It signals that the summary alone is insufficient and that developers must consult the complete policy text before submitting relevant apps.

Show full text

Added

Please review the full policy to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Added

Google has added a directive prompting developers to consult the full Bullying and Harassment policy and its examples rather than relying solely on the summary. This signals that the policy contains nuanced requirements that a summary alone may not fully convey. Developers should treat the full policy as the authoritative source for compliance decisions. While this entry itself is procedural, it underscores that the harassment rules carry meaningful breadth.

Show full text

Added

Please review the full policy and examples to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Added

A general compliance reminder has been added to the dangerous products policy section, prompting developers to review the full policy. While this is a navigational/instructional addition rather than a new rule, it signals that Google is restructuring this section with more explicit guidance. Developers with apps touching weapons, explosives, or related content should treat this as a cue to audit their app against the full policy.

Show full text

Added

Please review the full policy to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Added

A closing prompt has been added to the marijuana policy section directing developers to review both the full policy and documented common violations. This mirrors the structure added to the weapons section and suggests Google is standardizing how it presents sensitive-content policies. Developers with any cannabis-adjacent app should use this as a reminder to check the full policy and violation examples for guidance.

Show full text

Added

Please review the full policy and common violations to ensure compliance.

collapse-all-expand-allCOLLAPSE ALL EXPAND ALLlowCOLLAPSE ALL EXPAND ALL
Added

A boilerplate prompt has been added instructing developers to review the full Tobacco and Alcohol policy for compliance. This is a navigational/instructional note rather than a substantive rule change on its own. However, its presence signals that the surrounding policy content is new and should be read carefully by any developer whose app touches alcohol, tobacco, or nicotine.

Show full text

Added

Please review the full policy to ensure compliance.