Google Play Developer Policies: Complete Reference 2026
The 10 most enforced Google Play policies: with the enforcement realities developers don't talk about, real examples of removed apps, and exact compliance steps.
Unlike Apple, Google removes apps after approval
Apple rejects apps before they go live. Google approves apps quickly: then monitors them continuously. An app can live on Google Play for months and then be silently removed when Google's systems detect a policy violation. This means compliance is an ongoing requirement, not a one-time checklist.
Google Play removed over 2.3 million apps in recent enforcement cycles and terminated 333,000 developer accounts. The common thread: developers who did not read the policies, relied on third-party SDKs without auditing what those SDKs collected, or used dark patterns that seemed compliant at submission but were flagged by post-launch monitoring. Here is what you actually need to know.
Data Safety Section Accuracy
Google cross-references your Data Safety Section declarations against what your APK actually does, including embedded SDKs. Inaccurate declarations: even accidental ones: can result in app removal and account warning strikes.
Enforcement reality
Google removed over 2.3 million apps in 2025 enforcement cycles. Many were removed not because they collected data, but because their Data Safety form said they did not collect data that embedded SDKs were actually collecting.
Compliance steps
Use tools like Exodus Privacy or AppTester's Health Check to identify every SDK in your APK and what data each collects. Update your Data Safety form to accurately reflect all collection, even for SDKs you didn't write.
Target API Level Requirements
New apps must target Android 14 (API level 34) or higher. Existing apps receiving updates must also meet this requirement. Apps targeting older API levels will be hidden from users on newer Android versions.
Enforcement reality
Developers who miss this requirement during a routine update find their app hidden from 60%+ of the Android device base: essentially invisible to any device running Android 13 or later.
Compliance steps
Update targetSdkVersion to 34 in build.gradle. Test thoroughly on Android 14: behaviour changes include scoped storage enforcement, permission restrictions on implicit intents, and changes to background task scheduling.
Permissions Must Match Core Functionality
Permissions requested by an app must be proportionate to and clearly justified by its core function. Google now automatically flags apps requesting high-risk permissions that appear disproportionate to the app category.
Enforcement reality
A simple notes app requesting READ_CONTACTS and ACCESS_FINE_LOCATION will trigger a manual policy review. Google's ML systems flag permission-to-category mismatches before human reviewers even see the app.
Compliance steps
Document every permission in your privacy policy with a specific justification. Remove any permission that can be eliminated. Request permissions at the point of use (not on launch). Use granular alternatives: ACCESS_COARSE_LOCATION instead of ACCESS_FINE_LOCATION where possible.
Precise and Background Location
ACCESS_FINE_LOCATION requires strong justification for why approximate location is insufficient. ACCESS_BACKGROUND_LOCATION (running while app is not in use) requires a separate declaration and undergoes enhanced review.
Enforcement reality
Google rejected over 40,000 apps in Q4 2025 for excessive location permission use. Background location apps now undergo a 3–5 day manual review regardless of their track record.
Compliance steps
Default to ACCESS_COARSE_LOCATION. Only request ACCESS_FINE_LOCATION if your core use case genuinely fails without it (turn-by-turn navigation, precise asset tracking). Never request background location unless your app is a navigation, fitness tracking, or safety app.
Granular Media Permissions
READ_EXTERNAL_STORAGE is deprecated and fails on Android 13+. Apps must use READ_MEDIA_IMAGES, READ_MEDIA_VIDEO, or READ_MEDIA_AUDIO as appropriate. Apps still using the broad storage permission will fail on modern devices.
Enforcement reality
Apps not updated for the new media permissions appear broken to any Android 13+ user: which is now 70%+ of active Android devices. This is a silent failure: the app installs but media features simply do not work.
Compliance steps
Update your permission requests to use the granular media permissions. For photo pickers, use Android's built-in Photo Picker (ACTION_PICK_IMAGES) which requires no permission. Test on Android 13 and 14.
Health, Fitness, and Financial App Requirements
Apps in these categories face stricter review and ongoing compliance monitoring. Health apps that make medical claims, financial apps that claim investment returns, and apps handling regulated financial products all require additional documentation.
Enforcement reality
A fintech app that described itself as 'an investment tool' without disclaimers was removed after 6 months: even after passing initial review. Google's policy team monitors app descriptions and user reviews for post-launch compliance.
Compliance steps
Add clear disclaimers that your app is not regulated financial advice or medical advice unless you can prove licensure. Remove any specific return claims or health outcome promises. Consult a legal professional for apps in regulated verticals.
User-Generated Content Moderation
Apps with UGC (comments, posts, chat, reviews, images uploaded by users) must demonstrate moderation capabilities. Google requires a reporting mechanism and documented evidence that reports are actioned.
Enforcement reality
Google sent out mass enforcement notices in 2025 targeting apps with UGC features and no visible reporting mechanism. Apps were given 30 days to add moderation or face removal.
Compliance steps
Add a flag/report button to every piece of user content. Document your moderation policy in your store listing. Consider automated pre-moderation for images using Google's SafeSearch API (free for moderate volumes).
Deceptive Behavior and Impersonation
Apps may not impersonate other apps, developers, companies, or government organisations. This includes apps with names, icons, or screenshots designed to mislead users into thinking they are a different (usually more popular) app.
Enforcement reality
This is actively ML-monitored. App icons, names, and screenshots are compared against a database of known apps. Apps that score high on similarity to established apps are automatically flagged for manual review.
Compliance steps
Use original branding. Do not use another app's icon, name, or interface elements. Do not describe your app as 'the alternative to X' or 'better than X' in your title or description. Ensure your developer name does not resemble that of established companies.
Subscription and Billing Transparency
Google Play Billing must be used for all in-app digital purchases. Subscription terms, pricing, and cancellation instructions must be clearly disclosed before purchase. Dark patterns that obscure trial endings are grounds for removal.
Enforcement reality
Google's Play Billing enforcement team conducted a sweep in late 2025, removing dozens of apps using dark patterns including pre-checked subscription upgrades, hidden trial end dates, and cancellation flows buried 5+ taps deep.
Compliance steps
Use Play Billing Library 6+. Show price, trial length, and renewal terms on the paywall. Make cancellation accessible from within the app (not just the Play Store). Send a reminder notification before a free trial converts to paid.
Malware, Spyware, and Harmful Behaviour
Any app that attempts to execute code not present in the submitted APK (dynamic code loading), collect data beyond declared permissions, run background processes that drain battery without user benefit, or deceive users about what it does will be removed and the developer account terminated.
Enforcement reality
Google's Play Protect scans all installed apps. Apps caught running undisclosed background behaviour after a policy-compliant review are removed and developers are permanently banned with no appeals process.
Compliance steps
Do not use dynamic code loading. Declare all background work using WorkManager with proper constraints. Do not collect data beyond what the user has granted permission for. Be transparent about any background sync or processing.
Google Play compliance checklist
Data Safety form matches what your APK actually collects
targetSdkVersion is 34 (Android 14) or higher
All permissions have clear, proportionate justifications
Precise location replaced with coarse location where possible
READ_EXTERNAL_STORAGE replaced with granular media permissions
Play Billing used for all in-app digital purchases
Subscription terms visible before purchase (price, trial length, renewal)
UGC features have a report/flag mechanism
No dynamic code loading or runtime permission escalation
Privacy policy URL present in store listing and app settings
Scan your APK before Google does
Our App Health Check detects policy violations: dangerous permissions, undeclared SDKs, Data Safety mismatches: before you submit. Free, instant, no account required.