Google security form

Get the help you need to answer Google's security and data capture form.

Introduction

Starting with the new data privacy and security policy implemented by Google, developers will be required to provide more information related to their privacy practices through a dedicated security section of Google. In short, developers will need to provide details about the data they collect, how they handle it, and how they share it, including through the use of third-party SDKs.

This section is intended to provide more detail about the functionality of Combat Fraud's mobile product in relation to the Google form. The answers made by Google will be answered based on Combate a Fraude's product, it is worth noting that this section deals only with the Mobile SDK product, and if your product uses more features, you should answer the form according to features of both systems.

Form

The form that must be answered contains three different sections, these are:

1. Data Collection and Security

This section contains questions about data collection, security, and handling practices, they should be answered with yes/no options. These are answers based on the Mobile SDK product only, remember to adapt them to your product.

Data TypesCollected by CAF

Does the app collect or share any of the mandatory types of user data?

Yes.

Is the user data collected by the app encrypted in transit?

Yes.

Do you provide a means for users to request that their data be deleted?

Do you provide a means for users to request that their data be deleted?

Is your app currently certified by an authorized lab according to the Mobile Application Security Assessment (MASA) guidelines?

Not applicable. Answer according to your application

2. Data Types

In this section, you must declare all data types that are collected or shared by your application.

The following table defines the default settings for Mobile SDKs. We stress the importance of adapting your answers according to the behavior of the SDK within your product.

Location

Data TypesCollected by CAFDescriptionCollected or SharefReasonIs the collection made ephemerally?

Approximate location

Optional

CAF collects the user's location for Analytics and for security validations. Collection will only occur if the application has permission granted by the user and if Analytics collection is enabled.

  • Collected

  • Shared

  • Analysis

  • Fraud Prevention

No

Exact location

Optional

CAF collects the user's location for Analytics and for security validations. Collection only occurs if the application has permission granted by the user and Analytics collection is enabled.

  • Collected

  • Shared

  • Analysis

  • Fraud Prevention

No

Personal Information

Data TypesCollected by CAF?DescriptionCollected ou sharedReason for collection and sharingIs the collection done ephemerally?

Name

Optional

This information is not required. The name is only collected if it is entered in the .setPersonName(String personName) method.

  • Collected

  • Shared

  • App Functionality

  • Fraud prevention

  • Analysis

No

Email

No

User IDs

Optional

This information is only mandatory in the FaceAuthenticator product, where we expect a personId, but if you want, you can use

.setPersonId(String personId)

in any of our products.

  • Collected

  • Shared

  • App Functionality

  • Fraud prevention

  • Analyze

No

Address

No

Phone

No

Race and ethnicity

No

Political stance or religious beliefs

No

Sexual orientation

No

Other information

No

Messages

Data TypesCollected by CAFDescriptionCollected or SharedReason for collection and sharing

Data Types

Collected by CAF?

Description

Collected or Shared

Reason for collection and sharing

Is the collection done ephemerally?

E-mails

No

SMS ou MMS

No

Other messages in the app

No

Photos and Videos

Data Types

Collected by CAF?

Description

Collected or Shared

Reason for collection and sharing

Is the collection done ephemerally?

Photos

Yes

The SDK uses photo captures, so we need this data imperatively.

  • Collected

  • Shared

  • Security, compliance, and fraud prevention

  • App Functionality

No

VΓ­deos

Opcional

The SDK uses video captures if the video capture format is enabled.

  • Collected

  • Shared

  • App Functionality

  • Security, compliance, and fraud prevention

No

Audio Files

Data TypesCollected by CAFDescriptionCollected or SharedReason for collection and sharingIs the collection done ephemerally?

Voice or sound recordings

No

Music Files

No

Other audio files

No

Files and Documents

Data TypesCollected by CAFDescriptionCollected or SharedReason for collection and sharingIs the collection done ephemerally?

Files and Documents

Optional

If the document upload flow is enabled by the .setUploadSettings(UploadSettings uploadSettings) method, we collect files that the user has manually selected through the gallery/documents.

  • Collected

  • Shared

  • App Functionality

No.

Agenda

Data TypesCollected by CAFDescriptionCollected or ShardReason for collection and sharingIs the collection done ephemerally?

Agenda Events

No

Contacts

Data TypesCollected by CAFDescriptionCollected or SharingReason for collection and sharingIs the collection done ephemerally?

Contacts

No

Activity in apps

Data TypesCollected by CAFDescriptionCollected or SharedReason for collection and sharingIs the collection done ephemerally?

Search history in the app

No

Installed Apps

Optional

For security reasons, CAF captures all apps installed on the user's device, trying to find suspicious fraudulent apps. If the Analytics collection is disabled, the collection does not occur.

  • Collected

  • Shared

  • Analysis

  • Fraud Prevention

No

Other user-generated content

No

Other actions

No

Web Browsing

Data TypesCollected by CAFDescriptionCollected or SharedReason for collection and sharingIs the collection done ephemerally?

Web browsing history

No

App Information and Performance

Data TypesCollected by CAF?DescriptionCollected or SharedReason for collection and sharingIs the collection done ephemerally?

Fault records

Yes

CAF uses the Sentry platform to monitor fault logs only during SDK execution.

  • Collected

  • Shared

  • Analysis

No

Diagnostic

Yes

CAF uses the Sentry platform to monitor performance only while running the SDK.

  • Collected

  • Shared

  • Analysis

No

Other app performance data

Yes

  • Collected

  • Shared

  • Analysis

No

Device Identifiers and Others

Data TypesCollected by CAFDescriptionCollected or SharedReason for collection and sharingIs the collection done ephemerally?

Device Identifiers and Others

No

3. Data Use and Handling

The types of data collected by an application may or may not be shared. Any data transmitted to CAF or any other third party by the application will be considered shared data. For example, if a user adds their name to the application and logs that information, that data is collected. However, if the application shares the user's name with CAF or any other third party, that data is considered shared data.

In this section, each of the previously selected data types must be declared whether it is collected, shared, or both.

If your application collects data, please state the following:

  • Purpose of data type collection - Select the appropriate reasons for collecting this data, such as application functionality, analysis, developer communications, and so on.

  • Whether the type of data collected is ephemeral - Is the data processed temporarily or does it reside in the application permanently.

  • User Permission - Whether or not the user can allow data collection.

You can use the table above to check the definition of each of the data used by CAF's SDKs.

If your application shares data with third parties state the purpose for sharing this data. Select the appropriate reasons for sharing this data.

If your application collects data and also shares data with third parties, state the purpose for collecting and sharing that data.

Ephemeral Processing

Ephemeral processing refers to information that is processed in memory only for the period needed to process a specific action in real time and for no other purpose. This is not the data collection process used in Anti Fraud, since user data is saved for more extended periods.

Last updated

Logo

2023 Β© Caf. - All rights reserved