How the Google Play Data Safety Form Works

Since 2022, every app on Google Play has been required to complete a Data Safety form, which populates the Data Safety section visible on the app's store listing. Unlike a generic privacy policy link, this section asks developers to make specific, structured declarations about what data their app collects, why it is collected, and how it is handled. Accuracy is not optional, because Google can take enforcement action against apps whose declarations materially conflict with observed app behavior.

Why Google introduced the Data Safety section

The Data Safety section was designed to give users a standardized, readable summary of an app's data practices before they install it. Unlike a lengthy privacy policy, the structured format allows users to quickly see whether an app shares data with third parties, whether data is encrypted in transit, and whether users can request deletion of their data. Google aligned the format loosely with global privacy frameworks including GDPR and CCPA, making the disclosures meaningful across jurisdictions.

What the form asks you to declare

The Data Safety form is divided into several sections that walk you through your app's data practices. You must answer questions about data collection and sharing at the category level, then provide details for each category you select. The form covers both data your app collects from users and data your app shares with third parties, including advertising SDKs, analytics libraries, and any backend services operated by your organization.

• Data types collected: location, personal info, financial info, health and fitness, messages, photos and videos, contacts, app activity, and device identifiers.
• Whether each data type is required for the app to function or optional.
• Purpose of collection: app functionality, analytics, developer communications, fraud prevention, advertising, or personalization.
• Whether data is shared with third parties and which categories of third parties.
• Security practices: data encrypted in transit, data encrypted at rest, and whether users can request deletion.

How to audit your app before filling out the form

Before completing the form, conduct a thorough data inventory. Review your app code, your backend API calls, and every third-party SDK or library included in your build. Many developers underestimate what their SDKs collect independently. Ad networks, crash reporting tools, and analytics SDKs frequently collect device identifiers, location, and app activity data on their own. You are responsible for disclosing data collected by any library bundled with your app, not just data your own code handles directly.

Third-party SDK disclosures

Google maintains a list of common SDKs and their typical data collection behaviors to assist developers. However, this list is not exhaustive, and the SDK vendor's own documentation should be treated as authoritative. When in doubt, contact the SDK provider directly to obtain a data practices disclosure. If a vendor cannot tell you what data their SDK collects, that is itself a risk signal worth taking seriously before integrating the library.

Keeping your declaration accurate over time

Your Data Safety declaration is not a one-time task. Any time you update your app to add new features, integrate new SDKs, change your data retention policies, or modify how user data is shared, you should revisit your declaration and update it as needed. You can update the form independently of a new app version submission. Google's review processes include automated and manual checks that compare declared behaviors against observed network traffic and SDK manifests, so outdated declarations carry real enforcement risk.

What happens if your declaration is inaccurate

Google can flag inaccurate Data Safety declarations through its review process. Depending on severity, the consequence ranges from a warning requiring you to update the form within a specified period, to removal of the app from the store, to broader enforcement action against the developer account. Deliberate misrepresentation is treated more seriously than an honest error discovered and corrected promptly. Maintaining a habit of accurate, up-to-date disclosures is one of the clearest indicators of a responsibly operated account.

Accessing and submitting the form

The Data Safety form is located in the Play Console under the App content section for each app. You fill it out per app, not account-wide. Once submitted, the information populates the Data Safety section on your store listing within a short processing period. Google provides a CSV import option for developers managing multiple apps who prefer to complete the form outside the Play Console interface and upload responses in bulk.