1 files changed, 96 insertions, 0 deletions
diff --git a/en/security/best-practices/privacy.html b/en/security/best-practices/privacy.html
new file mode 100644
index 00000000..69c217d4
--- /dev/null
+++ b/en/security/best-practices/privacy.html
@@ -0,0 +1,96 @@
+<html devsite>
+  <head>
+    <title>Privacy Security Best Practices</title>
+    <meta name="project_path" value="/_project.yaml" />
+    <meta name="book_path" value="/_book.yaml" />
+  </head>
+  <body>
+  <!--
+      Copyright 2018 The Android Open Source Project
+
+      Licensed under the Apache License, Version 2.0 (the "License");
+      you may not use this file except in compliance with the License.
+      You may obtain a copy of the License at
+
+          //www.apache.org/licenses/LICENSE-2.0
+
+      Unless required by applicable law or agreed to in writing, software
+      distributed under the License is distributed on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+      See the License for the specific language governing permissions and
+      limitations under the License.
+  -->
+<p>This page contains a collection of data collection guidance
+  and recommendations to ensure that Android users have control over the
+  handling of their data.</p>
+
+<h2 id="logging-data">Logging data</h2>
+
+<p>Logging data increases the risk of exposure of that data and reduces system
+  performance. Multiple public security incidents have occurred as a result of
+  logging sensitive user data.</p>
+
+<ul>
+  <li>Do not log to the sdcard.</li>
+  <li>Apps or system services should not log data provided from third-party
+    apps that might include sensitive information.</li>
+  <li>Apps must not log any Personally Identifiable Information (PII) as
+    part of normal operation, unless it's absolutely necessary to provide the
+    core functionality of the app.</li>
+</ul>
+
+<p>CTS includes tests that check for the presence of potentially sensitive
+  information in logs.</p>
+
+<h2 id="metrics-collection">Metrics collection</h2>
+
+<p>Collecting metrics can be an essential part of understanding usage of your
+  app and making improvements for the overall user experience. However, overly
+  broad metrics collection can also present a risk to user privacy.</p>
+
+<ul>
+  <li>If at all possible, don't collect metrics.
+    <ul>
+      <li>If you must collect metrics, first request explicit, informed,
+        and meaningful user consent.</li>
+    </ul>
+  </li>
+  <li>With few exceptions, only collect metrics that are necessary to support
+    the reliability of the service.</li>
+  <li>Avoid collecting identifiable or potentially sensitive data whenever
+    possible, such as
+    <a href="https://developer.android.com/training/articles/user-data-ids"
+       class="external">hardware identifiers</a>.</li>
+  <li>Ensure data is sufficiently aggregated and anonymized whenever possible.</li>
+</ul>
+
+<h2 id="spyware">Spyware</h2>
+
+<p>Spyware is defined as software that aims to gather information about a user
+  or device without their knowledge, that may send user information to another
+  entity without consent.</p>
+
+<ul>
+  <li>Transmission of the following user or device data without disclosure or
+    in a manner that is unexpected to the user is considered spyware (this
+    list contains top examples, but is not an exhaustive list):
+    <ul>
+      <li>Information about the user's contacts (names, numbers, emails)</li>
+      <li>Photos or other files</li>
+      <li>Content from user email</li>
+      <li>Call log</li>
+      <li>SMS log</li>
+      <li>Web history</li>
+      <li>Browser bookmarks</li>
+      <li>Private information from other apps (private <code>/data/</code>
+        directories)</li>
+      <li>Audio or call recording</li>
+      <li>Passwords</li>
+      <li>OAuth tokens</li>
+      <li>Location</li>
+    </ul>
+  <li>Ensure that all apps provide a reasonable explanation disclosure to
+    the user prior to installation.</li>
+</ul>
+</body>
+</html>