Guide for building secure government apps
People need to trust the information provided by and data stored in apps that communicate government information, such as voting and election information and government services information (for example safety, licensing, and public assistance). Whether you are affiliated with a government entity or creating an app to provide access to services, trust in the app and the information communicated is essential. The key to building that trust is having a strong security foundation for your app.
This guidance represents best practices for all apps. It may be particularly important if you’re developing an app that communicates government information.
Security
The best defense for Android apps, to combat today’s sophisticated and evolving attacks, is a layered approach. Think about security before you begin building the app by adding security practices to your software development lifecycle. Security should not be an afterthought. Plan to use Android’s built-in security features, use third-party libraries with care, and have a robust testing process. Then, put programs in place so that if any security issues make it live, you are the first to know about them. By making your development process and app more secure, you help preserve user trust and device integrity.
Learn more about security best practicesPrivacy
While people want to know that their data is safe, they also want to know that their data is being used as they expect. Start by reviewing all the Google Play user data and privacy related policies. Then, be transparent about the access, use, collection, and sharing of personal and sensitive user data using a complete, plain language privacy policy. Where possible, give your users control over what data they share. By being transparent and providing control you build people’s trust in your app.
Learn more about privacy best practicesPolicy
Whether you decide to publish your app on the Google Play store or distribute it by other means, your app must comply with the relevant Google policies.
To start, review the policy guidelines regarding malware and mobile unwanted software that apply to all Android apps. If you decide to publish your app on the Google Play store, review the policy requirements on the Play Policy Center. Then check out the Android Developers website for resources and best practices to effectively design a secure and policy compliant Android app.
Complying with Play Policies ensures your app meets the bar to be published and listed in Google Play. While all policies apply, it is important to note that for government apps there are specific policies you need to consider.
Learn more about the considerations for apps that communicate government information.