Post new topic    
Page 1, 2  »
Liquid Metal King Slime
Send private message
Privacy policy for Android Apps 
 PostFri Oct 11, 2019 1:15 am
Send private message Reply with quote
So it seems that Google play requires a privacy policy now. I had a crack at writing one that would suit my own OHRRPGCE Android Apps

http://hamsterrepublic.com/privacy/android_apps_no_data/

Since it is so short, I'll quote it here entirely

Quote:

Our Android Apps don't collect any personal information.

If our Apps request STORAGE permissions, this is only used for your saved games. We do't collect any information.

If any information about your android device is accidentally collected (for example in an app crash report) we won't keep it any longer than is needed to debug the crash, and we certianly won't share it with anyone.

If you have any questions, you can ask Bob@HamsterRepublic.com

This policy was last updated 2019-10-10


Does anyone have any thoughts on it? Have I missed any important points? I know that when people actually collect an keep personal data they actually have to pay lawyers to write these things, but I figure since I don't collect anything, this is good enough.

For the bit about crash reports I am specifically thinking about whatever built-in crash report features are in Google Play. If I remember correctly, the fancy crash reporter that TMC wrote is for the desktop versions only, not the Android Apps.
Red Slime
Send private message
 
 PostFri Oct 11, 2019 6:14 am
Send private message Reply with quote
Some typos corrected and (perhaps useful) modifications for proper structure and language, given the legal nature of the message:

Quote:
Official OHRRPGCE Android Apps do not collect any personal information. Basic data from your device hardware and/or software may be collected with a crash report upon prompted user permission. Such data will be used only for debugging the crash, and will not be shared.

If our Apps request STORAGE permissions, this is only used for your saved games.

If you have any questions, you can ask Bob@HamsterRepublic.com

This policy was last updated XXXX-XX-XX



EDIT: Of course, I suggest that crash reports on android also confirm user permission.
Liquid Metal Slime
Send private message
 
 PostFri Oct 11, 2019 11:35 pm
Send private message Reply with quote
You may also want to review GDPR Compliance rules, just in case they apply here. That's the European privacy law that all digital vendors and marketers are expected to follow. Not sure games on the OHR would need that, but I'm also not sure that they wouldn't.

It might be a good idea to review other popular Android apps for inspiration on what to write in the privacy statement as they've probably been vetted by lawyers.
Place Obligatory Signature Here
Metal King Slime
Send private message
 
 PostSat Oct 12, 2019 4:51 am
Send private message Reply with quote
We don't send any crash reports on android or (anywhere but Windows) yet. (There is however the "send email" script command (which is also an option in the F8 debug menu) which is intended for sending bug reports - it includes log files and saved games. But that works by opening an email app.) In future I would like to implement something on Unix, including maybe Android, so I guess we might as well future-proof the policy. Does Android actually have a built-in crash reporter? It doesn't appear to.

As Bena pointed out, crash reports currently prompt the user before uploading anything, and we should do the same on Android too.
I would assume GDPR applies if a crash report is submitted. Haven't thought about that.

I asked about crash report privacy before, but I don't think we agreed to anything. What's written in that privacy policy certainly isn't the current policy. We haven't deleted any reports, and I sent summaries of reports including file paths and partially obscured usernames to the mailing list. (The games played/edited and the computers reporting them is very useful information.) I could more thoroughly anonymise the public summaries in future but still want to keep the game names.

"we won't keep it any longer than is needed to debug the crash" -- I'm not sure we should commit to this... but it's not a time limit anyway. Many crashes will never be solved, or it could easily take 5 years to solve a crash. I don't really want to delete reports of unsolved crashes.
"we certianly won't share it with anyone" -- that's vague. "Anyone" is intended to mean non-developers? Since it is an open source project, anyone can be a developer. If someone wants to work on solving a crash, I will want to send reports to them.

On Android, any crash report probably would contain a lot less personal information than on Windows, e.g. no username.


Also I don't think the part about STORAGE permission is correct. If a game runs off internal storage, then I think it will write save games, temporary files and log files there too. I believe we only need the storage permission so that ohrrpgce-game's file browser can pick .rpg files on external storage. So if I'm right we should remove the storage permission when packaging a game, though it would be on by default for ohrrpgce-game.

In future when we add networking support to the engine we'd have less control, but the information accessible by scripts is very limited, so (at that point) we can still write something like "aside from crash reports, any network access only transfers game data, not any device or personal information".

How about (adjusting Bena's version):

Quote:
OHRRPGCE Android Apps in do not collect any personal information or contact web servers with the following exception.
In case of an error you might be prompted for permission to send an error report which contains game data (such as saved games and logs) and basic data about your device. Such data will be used only for debugging the error, and will only be shared for that purpose after being anonymised.

If you have any questions, you can ask Bob@HamsterRepublic.com

This policy was last updated XXXX-XX-XX
Red Slime
Send private message
 
 PostSat Oct 12, 2019 5:02 am
Send private message Reply with quote
Firsthand knowledge of the engine's inner workings is what I was missing, thank you.

In that edit, just some grammatical notes:

Quote:
OHRRPGCE Android Apps in do not collect any


Remove "in"

Quote:
with the following exception.


A colon instead of a period sign, and a paragraph break.
Liquid Metal King Slime
Send private message
 
 PostSat Oct 12, 2019 2:29 pm
Send private message Reply with quote
This is all very good feedback. I am glad we are talking about this :)

I agree that once networking is introduced, the possibilities for collecting information change dramatically-- but we will certainly never create a one-size-fits-all policy for all ohrrpgce games, I was just hoping to come up with something that was adequate for my own games on Google Play, and that could serve as a starting-point template for anyone who wants to customize their own privacy statement.

I like the idea of removing STORAGE permission from packaged android games. I'll look into doing that after I have solved the build issues
Metal Slime
Send private message
 
 PostSat Oct 12, 2019 8:16 pm
Send private message Reply with quote
Thanks for bringing this up and drafting a usable privacy policy! =) This is a big help to me.
Liquid Metal King Slime
Send private message
 
 PostSat Oct 12, 2019 10:13 pm
Send private message Reply with quote
While fixing the broken android nightly build today (Yay! progress) I discovered that the current Android build does not have or request STORAGE permission at all. (or if it is being requested, it is being done in a way that doesn't work anymore?)

To play games you have to copy them to /sdcard/Android/data/com.hamsterrepublic.ohrrpgce.game/files/

It isn't even possible to browse outside that location.

And I am okay with that :)
Red Slime
Send private message
 
 PostSat Oct 12, 2019 10:31 pm
Send private message Reply with quote
I'm actually frustrated with that fact. Not only do we have to get players to download a separate android player, but we make them dig through their system to find the proper folder to put the game in.

Janky install procedures are a huge deterrent.
Liquid Metal King Slime
Send private message
 
 PostSat Oct 12, 2019 11:25 pm
Send private message Reply with quote
That is just when testing with the game player

Definitely the right way to distribute the game on Android is to package it as its own apk file.

Right now I usually do this packaging for people, and I am always happy to do this, but hopefully I can someday get it streamlined enough that people can do it for themselves via a web interface

(I'd also like to write up some detailed instructions for people who want to do it themselves, and are brave enough to install the OHRRPGCE source code, the sdl-android source code, the Android SDK and get them all running)

EDIT: splitting off the Android build discussion to this thread https://www.slimesalad.com/forum/viewtopic.php?p=135983 so as to keep this thread focused on Privacy Policies
Metal King Slime
Send private message
 
 PostMon Oct 14, 2019 12:48 pm
Send private message Reply with quote
Not requesting STORAGE permission ought to be fixed for the generic game player.
Well... actually there's no such permission, there's READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE. It's true that we need the write permission only if we want to put the .saves directory next to the .rpg. (Debug logs aren't put next to the .rpg on Android.)
Apparently apps have read/write access to their own dir on the sdcard on Android 4.4+ but need to request it on lower versions. (See sdl-android upsteam git commit 7f4b9162baf, which we haven't merged.)

Storage permissions changed in Android 6+. Now the app needs to both request the permission in its manifest and also ask at runtime. There are sdl-android upstream commits for this which we haven't merged. I mentioned it before.

Oh, I replied to the bit about people packaging their own .apks in the other thread.
Liquid Metal King Slime
Send private message
 
 PostSat Nov 09, 2019 1:54 pm
Send private message Reply with quote
Okay, I can safely say that my first draft was not adequate. They rejected it.

google play rejection wrote:

Eligibility Issue
Privacy policy
You must provide a link to your app's privacy policy on your app's store listing page. This link must be maintained at all times while the app is available on Google Play, and it must link to a privacy policy that, among other things, accurately describes your app’s data collection and use. Please provide a link to a valid privacy policy in your app's store listing page in the Play Console. For more details, please refer to the Privacy policy section (#6) of the Families Policy Requirements.


Because this was related to the "Families Policy" I think that they only scrutinized the privacy pilicy so closely because I said my "Target Audience" for Crypt of Baconthulhu was ages 9 and above.

I'll use some of your suggestions, and try to revise a better version and try again.
Liquid Metal King Slime
Send private message
 
 PostSat Nov 09, 2019 3:27 pm
Send private message Reply with quote
Okay, here is the new revision. it is mostly based on your suggestions.

I also added some w3.css magic to pretty it up a bit, and hopefully create the illusion of professionalism ;)

https://hamsterrepublic.com/privacy/android_apps_no_data/
Liquid Metal King Slime
Send private message
 
 PostMon Nov 11, 2019 12:45 am
Send private message Reply with quote
Yay! That latest version was accepted for Crypt of Baconthulhu with target audience including 9 and older. I did not attempt to enroll in "designed for families" but I'll try that later.

Thanks for the help!
Metal Slime
Send private message
 
 PostFri Nov 15, 2019 2:55 am
Send private message Reply with quote
Bob the Hamster wrote:
Yay! That latest version was accepted for Crypt of Baconthulhu with target audience including 9 and older. I did not attempt to enroll in "designed for families" but I'll try that later.

Thanks for the help!


Thanks for sharing your experiences here. This is helpful to me. I need to get this done for my apps, still!
Display posts from previous:
Page 1, 2  »