Connected apps is an Android feature that allows your application to utilize both work and personal data, when given the corresponding permission from the user.
As we need to ensure the highest standards in protecting the privacy of users,
apps requesting to use the
INTERACT_ACROSS_PROFILES permission must be approved
by the Android Enterprise team prior to being published on
Google Play. Developers who want to use this permission must first submit
their use case to Google for review. Not all use cases will be considered
for review. Factors that will be looked at include:
- Does this feature deliver a clear value to the user?
- Would users expect the work & personal app to interact?
- Is the feature important to the primary purpose of the app?
- Can you deliver the same experience without connected apps?
All apps will be evaluated against the same factors and all submissions must be reviewed. To be approved, applications must comply with the following requirements:
INTERACT_ACROSS_PROFILESpermission may only be used to provide features beneficial to the user and relevant to the core functionality of apps intended for work (or include work features). Core functionality is defined as the main purpose of the app. This may include a set of core features, which must all be prominently documented and promoted in the app’s description.
- Apps must not use this permission to associate identities between the work and personal apps on or off the device.
- Apps must not leverage use of this permission to scrape personal data to build identity graphs.
- You must not actively send personal data to the IT admin or admin app, or allow the IT admin to access personal data indirectly.
- Apps must not use this permission to access the personal profile to obtain a list of personal applications or accounts.
- You must not send cross-profile data to another application.
- You must not log any Personal Identifiable Information (PII) or any other data stored from one profile in the other profile (work to personal or vice versa) this includes any app and/or device settings.
- You must not store data from one profile in the other profile (work to personal or vice versa), nor transmit any data off the device from the other profile.
Let’s take a look at a few examples:
- A calendar app that allows the user to have a single view of their personal and work calendar would have a strong case to request this permission.
- An app providing backup services that will sync work data to a personal account, or vice versa, would not be approved.
- A photo gallery app wanting to use this feature, in order to access work profile contact information to be able to share photos, would not be approved. This functionality could be achieved using Sharesheet, which would not compromise privacy or security.
- Contact the Android Enterprise team to request a copy of the connected apps questionnaire.
- Fill out the connected apps questionnaire to outline your use case, then submit it to our team for review.
- If your use case is approved, develop and test your feature/app.
- When your app is ready, submit the apk to our team for review. Our team will verify that the application is using the permission as outlined in the approved use case.
- If your app matches the plans in the questionnaire, it will be approved by our team and you will be able to publish it on Google Play via the Google Play console.
Whenever you introduce changes to an app that has already been approved, review that the application is still using the permission as outlined in the approved use case. If you are changing the way that your feature / app works, please re-submit your use case to Google for evaluation.
If your application is found to be in breach of the requirements, we will contact you with a timeline to make any necessary changes. During this time, we recommend that you review your app and develop a compliant version of it, or alternatively submit a new use case to Google for evaluation.
Failure to make the necessary changes to address the compliance issues within
the provided timeline will result in your application's approval being rescinded.
You will be unable to update your application on Google Play until the issue is
addressed and you are re-approved by the Android Enterprise team, or you remove
the feature and the
INTERACT_ACROSS_PROFILES permission from your app.