Android 14 may integrate Google Play’s data safety section to show you why apps need location access

You’ve always been able to view what permissions an app requests before installing it through Google Play (well, except for one brief period), but it’s always been up to developers to tell you why their apps need those permissions. That hasn’t changed even with the launch of Google Play’s data safety section, as the information in it is based on what developers disclose. While more transparency is always great, the fact that this information is only shown on an app’s Play Store listing means many users may miss it. Plus, there’s no easy way for users to tell when an app’s data safety info has changed. Fortunately, Google’s preparing a solution to these problems in Android 14.

In Google’s own words, Google Play’s data safety section “provides users with a simplified view of how an app collects, shares, and secures user data.” Google announced the data safety section back at I/O 2021 and opened up the Play Console for developers to submit info a few months later. The data safety section launched in April 2022, but developers had until August 2022 to fill out the form. All new apps and app updates submitted to Google Play after August 2022 must have a completed data safety form, which means developers need to really think about every feature of their apps and the data they collect.

The data safety form asks developers to disclose if their apps collect or share a broad range of data types as well as state for what purpose they use that data. For example, one app that collects location data may use it for core functionality, like tracking the user’s outdoor workout, while another may collect that data to show more personalized content. Right now, you have to look at an app’s Play Store listing to find this information, but in Android 14, that information may be shown by the OS itself.

In Android 14 DP1, I enabled a new “data privacy” section in the “location permission” page for various apps, as shown in the screenshots embedded below. This section shows up when an app reports that it collects location data as part of Google Play’s data safety form. The text states that “your location may be shared” as “this app declared it may share your location with third parties.” Tapping on the text opens a dialog that lists the reasons the app gives for collecting location data (pulled from the app’s data safety section on Google Play).

This dialog is also accessible from the permission prompt for granting an app location access, as shown below. Above the “precise” and “approximate” selector, there’s new text that says, “this app stated it may share location data with third parties.” Tapping the text launches the same dialog as before.

Android 14 DP1 currently only shows data safety information for the “location” category, but I don’t see why information for other categories can’t be shown. In fact, code for this feature suggests that all data safety categories — and not just “location” — are supported. However, I don’t know if Google intends to limit this feature to just showing an app’s “location” data safety info or if they plan to expand it. When asked for comment on this feature, a spokesperson for Google directed me to the company’s Android 14 DP1 blog post.

Another tidbit about this feature is that it may not be available on Android Automotive, Wear OS, or Android TV/Google TV. There’s code that explicitly checks if the device is running one of these other flavors of Android, and if so, logs that the “data sharing updates” feature is unavailable.

Speaking of “data sharing updates”, this is a new settings page can be found under Settings > Security & privacy > Privacy, and it lets you “review apps that changed the way they share location data.” Here, you can review when an app’s data sharing information has been modified following an app update, as shown below.

In the above screenshot, you can see that the app “DataSafetyLabelTest” has been noted to “now [share] location for advertising”, suggesting that the app has updated its list of reasons for using location data to include advertising. “DataSafetyLabelTest”, of course, isn’t a real app on Google Play; it’s an app I created to trigger the system to write test data safety information.

When a real app’s data safety information has been changed, you may receive a notification asking you to review the changes on the “data sharing updates” page. I don’t have a screenshot to share of this notification, though.

The system keeps track of apps’ data safety information in a XML, but I’m not sure exactly how the system determines when an app’s data safety information has changed. It would make sense for the system to pull this data from Google Play, but I’ve also seen hints that the system will read app metadata using a new API. This metadata could be set by the installer app, which in most cases is Google Play. Since Google Play already holds all the information developers submit through the data safety form, I would imagine it could easily save that information as part of an app’s metadata when installing it.

In any case, it seems like Google is working on integrating data safety labels directly into Android 14. Developers should be ready for the information they submitted to Google Play to appear in front of users in the Settings app and permissions dialogs. Users should be on the lookout for what data apps report they collect and for what reason.

If this change lands in the stable release of Android 14, I’ll welcome it, because it’ll force apps to explain why they’re using certain permissions to collect data, and for what purpose they’re collecting that data. Developers are already encouraged to explain their rationale for requesting certain sensitive permissions, but many apps don’t do that. On the other hand, Google Play has already forced developers to explain why they use certain permissions to collect certain kinds of data, so finding a way to surface that information in Android directly is a great move.