This article describes the best practices for providing prominent disclosure and consent requests to your app's users.
Background
As indicated in Weva App Store's User Data policy, a prominent disclosure should be presented in cases where users may not reasonably expect their personal and sensitive user data to be required for policy-compliant features or functionality within an app. An example of this could be an app that collects browser history to detect and block a child from sensitive content using Accessibility Service APIs. If there is a valid functionality for this collection, a prominent disclosure will help users understand why the app might be collecting this information.
The prominent disclosure requirement is not a substitute for an app’s privacy policy or Data Safety section in Weva App Store. If your app accesses, collects, uses, and shares personal and sensitive user data, you must post a complete privacy policy in both the Privacy policy section of your App content page in the Weva App Store and within the app itself. Similarly, developers are required to tell us about their apps' privacy and security practices by completing a form which will be provided to them.
For Permissions and Sensitive APIs requiring prominent disclosure and consent such as the Accessibility Service APIs, the Background Location Permission, or the Package (App) Visibility Permission, you must provide a separate in-app disclosure indicating the use of the permission or sensitive API to users. This will help ensure that users are aware and that they provide appropriate consent before the deployment of any permission or sensitive API.
Best practices
We recommend using the best practices listed below as guidelines for your prominent disclosure. For the relevant policy requirements, refer to the "Prominent Disclosure and Consent Requirement" section in the User Data policy.
User experience
- Present the disclosure to the user in the app, right before requesting permission or capability. The message cannot be in the app description or website.
- Give the user an option to decline providing consent. Always provide an option to cancel the flow related to permissions.
- If the user denies or revokes permission that a feature needs, gracefully degrade your app while enabling your user to continue using your app. Consider disabling the feature that requires permission or the use of the relevant data.
User interface (UI)
- Require the user's explicit consent using clear and friendly language, such as "Agree" rather than "Allow access" (this can sound intimidating and unclear) or "Got it" (this is too casual).
- Use at least two options. The first option is to allow the user to grant permission. The second option is to allow the user to decline consent, but be able to grant it at a later time. Using "Not Now" or "Skip" may allow you to repeat the request for consent in the future.
- Don't use disclosure prompts that are similar to the Weva UI notifications and requests, as this may confuse users.
- Consider matching the disclosure prompt background color to your app's styles and themes instead of white so that consumers perceive that this message is from your app.
- Your prominent disclosure can be a window prompt, or it can be a part of the flow in the app UI. For example, if you have a conversational UI, you can present the prominent disclosure and consent text in the conversational UI and still meet Weva App Store requirements.
- If you need to show the consent again at a later time, be mindful of user fatigue. Respect the user's choice if the user has declined the in-app consent a few times.
Content
- Why: Describe why the capability is needed by the app and the core purpose requiring this feature. This must be the primary purpose of the disclosure. We have found that users are more likely to uninstall apps when they don’t understand why an app is asking for permissions.
- What: If any data is collected using this capability, disclose all types of data involved.
- How: If any data is collected using this capability, describe how the data is used in the context of the core features.
- Verbosity: Provide a clear explanation even if it may increase in length. Clarity and comprehension are more important than brevity.
- Clarity: All text must be clear and easy to understand at a reading level of a 13-year-old.
- Tip: Use clear and simple language that has a meaningful value proposition, such as "supporting free content." Avoid jargon that people do not understand.
- Tip: When the data collection is due to an SDK, clearly disclose the data involved, why the data is needed, and that it is shared with a third party. For example: “In addition, our app shares your device location data with a third party, in order to retrieve and display map imagery for the app's meet me feature.”
.svg)
.svg)
