Google security form
Get the help you need to answer Google's security and data capture form.
Last updated
Get the help you need to answer Google's security and data capture form.
Last updated
2023 © Caf. - All rights reserved
Starting with the new data privacy and security policy implemented by Google, developers will be required to provide more information related to their privacy practices through a dedicated security section of Google. In short, developers will need to provide details about the data they collect, how they handle it, and how they share it, including through the use of third-party SDKs.
This section is intended to provide more detail about the functionality of Combat Fraud's mobile product in relation to the Google form. The answers made by Google will be answered based on Combate a Fraude's product, it is worth noting that this section deals only with the Mobile SDK product, and if your product uses more features, you should answer the form according to features of both systems.
The form that must be answered contains three different sections, these are:
This section contains questions about data collection, security, and handling practices, they should be answered with yes/no options. These are answers based on the Mobile SDK product only, remember to adapt them to your product.
| Data Types | Collected by CAF |
|---|---|
In this section, you must declare all data types that are collected or shared by your application.
The following table defines the default settings for Mobile SDKs. We stress the importance of adapting your answers according to the behavior of the SDK within your product.
The types of data collected by an application may or may not be shared. Any data transmitted to CAF or any other third party by the application will be considered shared data. For example, if a user adds their name to the application and logs that information, that data is collected. However, if the application shares the user's name with CAF or any other third party, that data is considered shared data.
In this section, each of the previously selected data types must be declared whether it is collected, shared, or both.
If your application collects data, please state the following:
Purpose of data type collection - Select the appropriate reasons for collecting this data, such as application functionality, analysis, developer communications, and so on.
Whether the type of data collected is ephemeral - Is the data processed temporarily or does it reside in the application permanently.
User Permission - Whether or not the user can allow data collection.
You can use the table above to check the definition of each of the data used by CAF's SDKs.
If your application shares data with third parties state the purpose for sharing this data. Select the appropriate reasons for sharing this data.
If your application collects data and also shares data with third parties, state the purpose for collecting and sharing that data.
Ephemeral processing refers to information that is processed in memory only for the period needed to process a specific action in real time and for no other purpose. This is not the data collection process used in Anti Fraud, since user data is saved for more extended periods.
| Data Types | Collected by CAF | Description | Collected or Sharef | Reason | Is the collection made ephemerally? |
|---|---|---|---|---|---|
| Data Types | Collected by CAF? | Description | Collected ou shared | Reason for collection and sharing | Is the collection done ephemerally? |
|---|---|---|---|---|---|
| Data Types | Collected by CAF | Description | Collected or Shared | Reason for collection and sharing | |
|---|---|---|---|---|---|
| Data Types | Collected by CAF | Description | Collected or Shared | Reason for collection and sharing | Is the collection done ephemerally? |
|---|---|---|---|---|---|
| Data Types | Collected by CAF | Description | Collected or Shared | Reason for collection and sharing | Is the collection done ephemerally? |
|---|---|---|---|---|---|
| Data Types | Collected by CAF | Description | Collected or Shard | Reason for collection and sharing | Is the collection done ephemerally? |
|---|---|---|---|---|---|
| Data Types | Collected by CAF | Description | Collected or Sharing | Reason for collection and sharing | Is the collection done ephemerally? |
|---|---|---|---|---|---|
| Data Types | Collected by CAF | Description | Collected or Shared | Reason for collection and sharing | Is the collection done ephemerally? |
|---|---|---|---|---|---|
| Data Types | Collected by CAF | Description | Collected or Shared | Reason for collection and sharing | Is the collection done ephemerally? |
|---|---|---|---|---|---|
| Data Types | Collected by CAF? | Description | Collected or Shared | Reason for collection and sharing | Is the collection done ephemerally? |
|---|---|---|---|---|---|
| Data Types | Collected by CAF | Description | Collected or Shared | Reason for collection and sharing | Is the collection done ephemerally? |
|---|---|---|---|---|---|
Does the app collect or share any of the mandatory types of user data?
Yes.
Is the user data collected by the app encrypted in transit?
Yes.
Do you provide a means for users to request that their data be deleted?
Do you provide a means for users to request that their data be deleted?
Is your app currently certified by an authorized lab according to the Mobile Application Security Assessment (MASA) guidelines?
Not applicable. Answer according to your application
Approximate location
Optional
CAF collects the user's location for Analytics and for security validations. Collection will only occur if the application has permission granted by the user and if Analytics collection is enabled.
Collected
Shared
Analysis
Fraud Prevention
No
Exact location
Optional
CAF collects the user's location for Analytics and for security validations. Collection only occurs if the application has permission granted by the user and Analytics collection is enabled.
Collected
Shared
Analysis
Fraud Prevention
No
Name
Optional
This information is not required. The name is only collected if it is entered in the .setPersonName(String personName) method.
Collected
Shared
App Functionality
Fraud prevention
Analysis
No
No
User IDs
Optional
This information is only mandatory in the FaceAuthenticator product, where we expect a personId, but if you want, you can use
.setPersonId(String personId)
in any of our products.
Collected
Shared
App Functionality
Fraud prevention
Analyze
No
Address
No
Phone
No
Race and ethnicity
No
Political stance or religious beliefs
No
Sexual orientation
No
Other information
No
Data Types
Collected by CAF?
Description
Collected or Shared
Reason for collection and sharing
Is the collection done ephemerally?
E-mails
No
SMS ou MMS
No
Other messages in the app
No
Data Types
Collected by CAF?
Description
Collected or Shared
Reason for collection and sharing
Is the collection done ephemerally?
Photos
Yes
The SDK uses photo captures, so we need this data imperatively.
Collected
Shared
Security, compliance, and fraud prevention
App Functionality
No
Vídeos
Opcional
The SDK uses video captures if the video capture format is enabled.
Collected
Shared
App Functionality
Security, compliance, and fraud prevention
No
Voice or sound recordings
No
Music Files
No
Other audio files
No
Files and Documents
Optional
If the document upload flow is enabled by the .setUploadSettings(UploadSettings uploadSettings) method, we collect files that the user has manually selected through the gallery/documents.
Collected
Shared
App Functionality
No.
Agenda Events
No
Contacts
No
Search history in the app
No
Installed Apps
Optional
For security reasons, CAF captures all apps installed on the user's device, trying to find suspicious fraudulent apps. If the Analytics collection is disabled, the collection does not occur.
Collected
Shared
Analysis
Fraud Prevention
No
Other user-generated content
No
Other actions
No
Web browsing history
No
Fault records
Yes
CAF uses the Sentry platform to monitor fault logs only during SDK execution.
Collected
Shared
Analysis
No
Diagnostic
Yes
CAF uses the Sentry platform to monitor performance only while running the SDK.
Collected
Shared
Analysis
No
Other app performance data
Yes
Collected
Shared
Analysis
No
Device Identifiers and Others
No