SDK request - Play Billing

[dirkam]

Please provide information about the SDK Name: Play Billing Uses: Owner: Google Links to the SDK: https://developer.android.com/google/play/billing

Please tell us about the platforms for which the SDK exists [x] Android [ ] iOS

If an app uses the "native" Google Play Billing library to handle in-app purchases, do we need to declare any of the financial information stuff in the Data Safety Form? In our case, everything is managed by Google. We don't store the tokens, don't have our own backend infrastructure for this, etc. "Purchase history" is the one that seems to be mostly relevant.

[vaibhavantil1]

Unfortunately, there is no Official Documentation. Here is my take:

Data Collected: Its not just what you are collecting but whatever payload you are sending to Google. It shuld be : Personal Identifiers, Credit card, debit card, or bank account number, Purchase history

Data Shared: None, since Google is acting like a service provider here. I would still wait for official documentation because they could be doing extra stuff here.

Any more questions?

[dirkam]

I'm not sure about the card data, is that correct this way? I mean, it is never available to developers, and it's actually handled by the Play Store stuff directly. I believe the only thing that is available is the purchase history.

[vaibhavantil1]

This is how Google defines collection:

“Collect” means transmitting data from your app off a user’s device. Please note the following guidelines:

Libraries and SDKs: This includes user data transmitted off device from your app by libraries and/or SDKs used in your app, irrespective of whether data is transmitted to you or a third party server.

[vaibhavantil1]

@dirkam - based on the above information, whatever Google Billing is getting needs to be disclosed in Data Types Collected.

[vaibhavantil1]

@dirkam - Google shared additional information. Based on the case you explained, you dont need to disclose the payment data, only purchase as you originally mentioned.

It depends on the nature of your integration with the payment service. If your app uses a payment service such as PayPal, Google Pay, Google Play's billing system, or similar services to complete payment transactions, you don’t need to declare collection of the data that the payment service collects in connection with its processing of financial transactions, such as a credit card number, if the following conditions are met:

Your app never accesses this information; and The payment service collects this information directly from the user, and collection is governed by that service’s terms. You should review your integration with the payment service closely to ensure that your app’s Data safety section declares any relevant data collection and sharing that does not meet these conditions. You should also consider whether your app collects other financial information, like purchase history, and whether your app receives any relevant data from the payments service, for example for risk and anti-fraud purposes.

[vaibhavantil1]

@dirkam - Let me know if I can close this issue?

[dirkam]

Good news. Perhaps you could add this to the CSV list? Play Billing is included in almost every app out there.

Thanks for your work!