Google security form
Introduction
Starting with the new data privacy and security policy implemented by Google, developers will be required to provide more information related to their privacy practices through a dedicated security section of Google. In short, developers will need to provide details about the data they collect, how they handle it, and how they share it, including through the use of third-party SDKs.
This section is intended to provide more detail about the functionality of Combat Fraud's mobile product in relation to the Google form. The answers made by Google will be answered based on Combate a Fraude's product. It is worth noting that this section deals only with the Mobile SDK product, and if your product uses more features, you should answer the form according to features of both systems.
Form
The form that must be answered contains three different sections, these are:
1. Data Collection and Security
This section contains questions about data collection, security, and handling practices. They should be answered with yes/no options. These are answers based on the Mobile SDK product only. Remember to adapt them to your product.
Does the app collect or share any of the mandatory types of user data?
Yes
Is the user data collected by the app encrypted in transit?
Yes
Do you provide a means for users to request that their data be deleted?
Not applicable. Answer according to your application
Is your app currently certified by an authorized lab according to the Mobile Application Security Assessment (MASA) guidelines?
Not applicable. Answer according to your application
2. Data Types
In this section, you must declare all data types that are collected or shared by your application.
The following table defines the default settings for Mobile SDKs. We stress the importance of adapting your answers according to the behavior of the SDK within your product.
Location
Approximate location
No
CAF collects the user's location for Analytics and for security validations. Collection will only occur if the application has permission granted by the user and if Analytics collection is enabled.
No
Exact location
No
CAF collects the user's location for Analytics and for security validations. Collection only occurs if the application has permission granted by the user and Analytics collection is enabled.
No
Personal Information
Name
No
No
User IDs
Optional
This information is only mandatory in the FaceAuthenticator product, where we expect a personId, but if you want, you can use .setPersonId(personId: String) in any of our products.
Collected, Shared
App Functionality, Fraud Prevention, Analysis
No
Address
No
Phone
No
Race and ethnicity
No
Political stance or religious beliefs
No
Sexual orientation
No
Other information
No
Messages
Emails
No
SMS or MMS
No
Other messages in the app
No
Photos and Videos
Photos
Yes
The SDK uses photo captures, so we need this data imperatively.
Collected, Shared
Security, compliance, and fraud prevention, App Functionality
No
Videos
Optional
The SDK uses video captures if the video capture format is enabled.
Collected, Shared
App Functionality, Security, compliance, and fraud prevention
No
Audio Files
Voice or sound recordings
No
Music Files
No
Other audio files
No
Files and Documents
Files and Documents
Optional
If the document upload flow is enabled by the .setUploadSettings(uploadSettings: UploadSettings) method, we collect files that the user has manually selected through the gallery/documents.
Collected, Shared
App Functionality
No
Agenda
Agenda Events
No
Contacts
Contacts
No
Activity in Apps
Search history in the app
No
Installed Apps
Optional
For security reasons, CAF captures all apps installed on the user's device, trying to find suspicious fraudulent apps. If the Analytics collection is disabled, the collection does not occur.
Collected, Shared
Analysis, Fraud Prevention
No
Other user-generated content
No
Other actions
No
Web Browsing
Web browsing history
No
App Information and Performance
Fault records
Yes
CAF uses the Sentry platform to monitor fault logs only during SDK execution.
Collected, Shared
Analysis
No
Diagnostic
Yes
CAF uses the Sentry platform to monitor performance only while running the SDK.
Collected, Shared
Analysis
No
Other app performance data
Yes
Collected, Shared
Analysis
No
Device Identifiers and Others
Device Identifiers
No
3. Data Use and Handling
The types of data collected by an application may or may not be shared. Any data transmitted to CAF or any other third party by the application will be considered shared data. For example, if a user adds their name to the application and logs that information, that data is collected. However, if the application shares the user's name with CAF or any other third party, that data is considered shared data.
In this section, each of the previously selected data types must be declared whether it is collected, shared, or both.
If your application collects data, please state the following:
Purpose of data type collection: Select the appropriate reasons for collecting this data, such as application functionality, analysis, developer communications, and so on.
Whether the type of data collected is ephemeral: Is the data processed temporarily or does it reside in the application permanently.
User Permission: Whether or not the user can allow data collection.
You can use the table above to check the definition of each of the data used by CAF's SDKs.
If your application shares data with third parties, state the purpose for sharing this data. Select the appropriate reasons for sharing this data.
If your application collects data and also shares data with third parties, state the purpose for collecting and sharing that data.
Ephemeral Processing
Ephemeral processing refers to information that is processed in memory only for the period needed to process a specific action in real time and for no other purpose. This is not the data collection process used in Anti Fraud, since user data is saved for more extended periods.
Last updated