Google security form
Get the help you need to answer Google's security and data capture form.
Introduction
Starting with the new data privacy and security policy implemented by Google, developers will be required to provide more information related to their privacy practices through a dedicated security section of Google. In short, developers will need to provide details about the data they collect, how they handle it, and how they share it, including through the use of third-party SDKs.
This section is intended to provide more detail about the functionality of Combat Fraud's mobile product in relation to the Google form. The answers made by Google will be answered based on Combate a Fraude's product, it is worth noting that this section deals only with the Mobile SDK product, and if your product uses more features, you should answer the form according to features of both systems.
Form
The form that must be answered contains three different sections, these are:
1. Data Collection and Security
This section contains questions about data collection, security, and handling practices, they should be answered with yes/no options. These are answers based on the Mobile SDK product only, remember to adapt them to your product.
Data Types | Collected by CAF |
---|---|
Does the app collect or share any of the mandatory types of user data? | Yes. |
Is the user data collected by the app encrypted in transit? | Yes. |
Do you provide a means for users to request that their data be deleted? | Do you provide a means for users to request that their data be deleted? |
Is your app currently certified by an authorized lab according to the Mobile Application Security Assessment (MASA) guidelines? | Not applicable. Answer according to your application |
2. Data Types
In this section, you must declare all data types that are collected or shared by your application.
The following table defines the default settings for Mobile SDKs. We stress the importance of adapting your answers according to the behavior of the SDK within your product.
Location
Data Types | Collected by CAF | Description | Collected or Sharef | Reason | Is the collection made ephemerally? |
---|---|---|---|---|---|
Approximate location | Optional | CAF collects the user's location for Analytics and for security validations. Collection will only occur if the application has permission granted by the user and if Analytics collection is enabled. |
|
| No |
Exact location | Optional | CAF collects the user's location for Analytics and for security validations. Collection only occurs if the application has permission granted by the user and Analytics collection is enabled. |
|
| No |
Personal Information
Data Types | Collected by CAF? | Description | Collected ou shared | Reason for collection and sharing | Is the collection done ephemerally? |
---|---|---|---|---|---|
Name | Optional | This information is not required. The name is only collected if it is entered in the |
|
| No |
No | |||||
User IDs | Optional | This information is only mandatory in the FaceAuthenticator product, where we expect a
in any of our products. |
|
| No |
Address | No | ||||
Phone | No | ||||
Race and ethnicity | No | ||||
Political stance or religious beliefs | No | ||||
Sexual orientation | No | ||||
Other information | No |
Messages
Data Types | Collected by CAF | Description | Collected or Shared | Reason for collection and sharing | |
---|---|---|---|---|---|
Data Types | Collected by CAF? | Description | Collected or Shared | Reason for collection and sharing | Is the collection done ephemerally? |
E-mails | No | ||||
SMS ou MMS | No | ||||
Other messages in the app | No |
Photos and Videos
Data Types | Collected by CAF? | Description | Collected or Shared | Reason for collection and sharing | Is the collection done ephemerally? |
Photos | Yes | The SDK uses photo captures, so we need this data imperatively. |
|
| No |
Vídeos | Opcional | The SDK uses video captures if the video capture format is enabled. |
|
| No |
Audio Files
Data Types | Collected by CAF | Description | Collected or Shared | Reason for collection and sharing | Is the collection done ephemerally? |
---|---|---|---|---|---|
Voice or sound recordings | No | ||||
Music Files | No | ||||
Other audio files | No |
Files and Documents
Data Types | Collected by CAF | Description | Collected or Shared | Reason for collection and sharing | Is the collection done ephemerally? |
---|---|---|---|---|---|
Files and Documents | Optional | If the document upload flow is enabled by the |
|
| No. |
Agenda
Data Types | Collected by CAF | Description | Collected or Shard | Reason for collection and sharing | Is the collection done ephemerally? |
---|---|---|---|---|---|
Agenda Events | No |
Contacts
Data Types | Collected by CAF | Description | Collected or Sharing | Reason for collection and sharing | Is the collection done ephemerally? |
---|---|---|---|---|---|
Contacts | No |
Activity in apps
Data Types | Collected by CAF | Description | Collected or Shared | Reason for collection and sharing | Is the collection done ephemerally? |
---|---|---|---|---|---|
Search history in the app | No | ||||
Installed Apps | Optional | For security reasons, CAF captures all apps installed on the user's device, trying to find suspicious fraudulent apps. If the Analytics collection is disabled, the collection does not occur. |
|
| No |
Other user-generated content | No | ||||
Other actions | No |
Web Browsing
Data Types | Collected by CAF | Description | Collected or Shared | Reason for collection and sharing | Is the collection done ephemerally? |
---|---|---|---|---|---|
Web browsing history | No |
App Information and Performance
Data Types | Collected by CAF? | Description | Collected or Shared | Reason for collection and sharing | Is the collection done ephemerally? |
---|---|---|---|---|---|
Fault records | Yes | CAF uses the Sentry platform to monitor fault logs only during SDK execution. |
|
| No |
Diagnostic | Yes | CAF uses the Sentry platform to monitor performance only while running the SDK. |
|
| No |
Other app performance data | Yes |
|
| No |
Device Identifiers and Others
Data Types | Collected by CAF | Description | Collected or Shared | Reason for collection and sharing | Is the collection done ephemerally? |
---|---|---|---|---|---|
Device Identifiers and Others | No |
3. Data Use and Handling
The types of data collected by an application may or may not be shared. Any data transmitted to CAF or any other third party by the application will be considered shared data. For example, if a user adds their name to the application and logs that information, that data is collected. However, if the application shares the user's name with CAF or any other third party, that data is considered shared data.
In this section, each of the previously selected data types must be declared whether it is collected, shared, or both.
If your application collects data, please state the following:
Purpose of data type collection - Select the appropriate reasons for collecting this data, such as application functionality, analysis, developer communications, and so on.
Whether the type of data collected is ephemeral - Is the data processed temporarily or does it reside in the application permanently.
User Permission - Whether or not the user can allow data collection.
You can use the table above to check the definition of each of the data used by CAF's SDKs.
If your application shares data with third parties state the purpose for sharing this data. Select the appropriate reasons for sharing this data.
If your application collects data and also shares data with third parties, state the purpose for collecting and sharing that data.
Ephemeral Processing
Ephemeral processing refers to information that is processed in memory only for the period needed to process a specific action in real time and for no other purpose. This is not the data collection process used in Anti Fraud, since user data is saved for more extended periods.
Last updated