diff options
Diffstat (limited to 'en/security/best-practices/privacy.html')
-rw-r--r-- | en/security/best-practices/privacy.html | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/en/security/best-practices/privacy.html b/en/security/best-practices/privacy.html new file mode 100644 index 00000000..69c217d4 --- /dev/null +++ b/en/security/best-practices/privacy.html @@ -0,0 +1,96 @@ +<html devsite> + <head> + <title>Privacy Security Best Practices</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p>This page contains a collection of data collection guidance + and recommendations to ensure that Android users have control over the + handling of their data.</p> + +<h2 id="logging-data">Logging data</h2> + +<p>Logging data increases the risk of exposure of that data and reduces system + performance. Multiple public security incidents have occurred as a result of + logging sensitive user data.</p> + +<ul> + <li>Do not log to the sdcard.</li> + <li>Apps or system services should not log data provided from third-party + apps that might include sensitive information.</li> + <li>Apps must not log any Personally Identifiable Information (PII) as + part of normal operation, unless it's absolutely necessary to provide the + core functionality of the app.</li> +</ul> + +<p>CTS includes tests that check for the presence of potentially sensitive + information in logs.</p> + +<h2 id="metrics-collection">Metrics collection</h2> + +<p>Collecting metrics can be an essential part of understanding usage of your + app and making improvements for the overall user experience. However, overly + broad metrics collection can also present a risk to user privacy.</p> + +<ul> + <li>If at all possible, don't collect metrics. + <ul> + <li>If you must collect metrics, first request explicit, informed, + and meaningful user consent.</li> + </ul> + </li> + <li>With few exceptions, only collect metrics that are necessary to support + the reliability of the service.</li> + <li>Avoid collecting identifiable or potentially sensitive data whenever + possible, such as + <a href="https://developer.android.com/training/articles/user-data-ids" + class="external">hardware identifiers</a>.</li> + <li>Ensure data is sufficiently aggregated and anonymized whenever possible.</li> +</ul> + +<h2 id="spyware">Spyware</h2> + +<p>Spyware is defined as software that aims to gather information about a user + or device without their knowledge, that may send user information to another + entity without consent.</p> + +<ul> + <li>Transmission of the following user or device data without disclosure or + in a manner that is unexpected to the user is considered spyware (this + list contains top examples, but is not an exhaustive list): + <ul> + <li>Information about the user's contacts (names, numbers, emails)</li> + <li>Photos or other files</li> + <li>Content from user email</li> + <li>Call log</li> + <li>SMS log</li> + <li>Web history</li> + <li>Browser bookmarks</li> + <li>Private information from other apps (private <code>/data/</code> + directories)</li> + <li>Audio or call recording</li> + <li>Passwords</li> + <li>OAuth tokens</li> + <li>Location</li> + </ul> + <li>Ensure that all apps provide a reasonable explanation disclosure to + the user prior to installation.</li> +</ul> +</body> +</html> |