Android Health Permissions: Guidance and FAQs (original) (raw)

This page provides detailed guidance and answers frequently asked questions regarding the use of Android permissions that access sensitive health and fitness data. These permissions include but are not limited to the following:

A. Health Connect permissions: Health Connect provides a centralized and standardized way for apps to store and share health and fitness data while maintaining user privacy and security. It allows apps to request access to specific data types rather than broad permissions, supporting more transparency and control. Examples of Health Connect permissions include:

• android.permission.health.READ_HEART_RATE
• android.permission.health.READ_BLOOD_PRESSURE

More information on Health Connect, including getting started, can be found on our Health Connect developer page. For details on health permissions, refer to Android Health permissions.

B. Body Sensors: Android also provides permissions to access data directly from on-body sensors, such as heart rate monitors, pulse oximeters, and skin temperature sensors. (using android.permission.BODY_SENSORS, or starting in Android 16, more granular android.permission.health.* permissions, like android.permission.health.READ_HEART_RATE.

For more information on the transition, see Behavior changes: Apps targeting Android 16 or higher.

C. Other relevant permissions include:

• Specific health-related permissions such as READ_HEALTH_DATA_IN_BACKGROUND and READ_HEALTH_DATA_HISTORY
• Standard Android permissions (for example, Location, Camera, Microphone, Bluetooth, Background Execution) used within a health app to collect or infer sensitive health information, are also subject to the core principles outlined here (user consent, data minimization, purpose limitation, security) and the User Data policy.

Data access and use: Requirements and guidance

Access and use of health permissions is subject to the following key principles. These apply whether data comes from Health Connect, Body Sensors, or other relevant health, fitness and wellness permissions, and supplement the full requirements of the User Data policy and Health apps policy.

1. Your app's access to health and fitness data obtained through Android permissions must be directly tied to providing a clear benefit to the user within the scope of approved use cases detailed in this guidance.
2. You must comply with all detailed requirements for consent, runtime permission requests, and prominent disclosure outlined in the Google Play User Data policy.
3. Only request permissions and access data types that support the specific, user-facing health features you offer. Do not request broader access than necessary.
4. Maintain a comprehensive and accurate privacy policy, easily accessible from your app and Play Store listing, that clearly explains:

• What health and fitness data your app collects and accesses.
• How the data is used, stored, and potentially shared (including with any third parties).
• Your data retention and deletion policies.
• Your security practices.

Your app's functionality, Play Store listing, and any in-app disclosures related to health data access must accurately represent your data practices and intended use.

1. You must implement robust technical, administrative, and physical security measures to protect sensitive health data from unauthorized access, use, disclosure, modification, loss, or destruction. This includes, at minimum, data encryption both at rest and in transit, strong access controls within your systems, and secure development practices and vulnerability management.
2. You are solely responsible for identifying and complying with all applicable laws, regulations, and industry standards related to health data in every region where your app is distributed. This includes, but is not limited to, requirements like:

• HIPAA in the United States for Protected Health Information (PHI).
• GDPR in Europe regarding personal data processing and in particular the processing of special categories of data.
• Regulations concerning Software as a Medical Device (SaMD) if your app meets the relevant criteria.
• Local data privacy and health information laws.

For a comprehensive list of prohibited uses of Android health and fitness data, refer to the "Prohibited uses of Android Health and Fitness data" section below.

Approved use cases for Android health permissions

Accessing sensitive health and fitness data through Android permissions is strictly limited to apps providing clear user benefit within specific, approved use cases. Your declared use case(s) in the Play Console must accurately reflect your app's functionality that requires health and fitness data.

This section provides detailed descriptions and examples for the primary approved use cases. Note that the suitability of data from Health Connect or Body Sensors may vary depending on the specific feature.

Fitness, wellness and coaching

Apps primarily designed to help users track, monitor, analyze, manage, and improve their physical fitness, general wellbeing, or receive personalized coaching and guidance. Also includes companion apps that sync with and display fitness metrics from wearables.

Features often involve aggregating data from various user sources (apps, wearables) for a holistic view and long-term trend analysis, for example:

• providing real-time feedback during activities (like monitoring exercise intensity, heart rate zones, or post-activity recovery using relevant sensor data),
• tracking daily activity (like steps or detecting walks/runs),
• analyzing sleep health and patterns,
• detecting early signs of potential illness through trend analysis (not intended for medical diagnosis),
• tracking nutrition,
• offering guided exercises or meditation sessions, and
• providing personalized workout or meal plans.

Rewards

Applications that encourage users to adopt and maintain healthy habits,personalize incentives or track progress towards health goals, in exchange for financial rewards.

Corporate wellness

Includes platforms typically offered via employers to promote employee health through wellness programs, challenges, and resources. Functionality often involves aggregating consented to activity data (like steps from various user devices/apps) for participation in company challenges or tracking progress within the employer-sponsored program.

Medical care

Applications that help users receive and manage clinical care, including:

• Direct care: Apps that enable users to connect with healthcare providers, manage appointments, access medical records, and track health conditions
• Condition Management: Apps focused on managing specific medical conditions (for example, diabetes, hypertension) that may utilize user data to personalize treatment plans, monitor progress, and provide relevant education and support.
• Tracking clinical measurements or vital signs (potentially including continuous or near real-time monitoring relevant to the condition, such as heart rate patterns for cardiovascular context, SpO2 for respiratory/sleep issues, or skin temperature for fever/recovery assessment)
• Medication Management: Apps that help users manage their medications, track adherence, and receive reminders, potentially using user data to identify potential drug interactions or provide personalized medication information.

Examples include diabetes management apps (tracking blood glucose, insulin, diet, activity), medication adherence trackers, or platforms providing users access to their electronic health records (EHRs).

Compliance Notes:

• Medical device regulations: Apps performing diagnosis, treatment recommendations, or clinical monitoring may qualify as Software as a Medical Device (SaMD) and be subject to strict regulatory requirements (for example, FDA in the US, CE marking/MDR in Europe). Compliance to any applicable regulations is solely the developer's responsibility.
• Data privacy laws: Handling this type of data requires compliance with health data privacy laws like HIPAA in the US, GDPR in the EU, or equivalent regulations.

Human-subjects research

Applications that enable users to donate their data for health research studies, with appropriate consent and de-identification measures. This could include apps focused on specific conditions, public health surveillance, or clinical trial recruitment. These studies are typically approved by an Institutional Review Board (IRB) or Ethics Committee (EC) and collect user consent for conducting health research.

Note: Apps conducting health-related human subject research using data obtained through Health Connect must obtain consent from participants or, in the case of minors, their parent or guardian. Such consent must include the (a) nature, purpose, and duration of the research; (b) procedures, risks, and benefits to the participant; (c) information about confidentiality and handling of data (including any sharing with third parties); (d) a point of contact for participant questions; and (e) the withdrawal process. Apps conducting health-related human subject research using data obtained through Health Connect must receive approval from an independent board whose aim is 1) to protect the rights, safety, and well-being of participants and 2) with the authority to scrutinize, modify, and approve human subjects research. Proof of such approval must be provided upon request.

Health-integrated games

Games where gameplay mechanics, character progression, or in-game rewards are directly influenced by a user's real-world physical activity or wellness data, often accessed via aggregated activity metrics (like steps) or detected activity states (walking, running). Examples include games using step counts to unlock features, virtual pet sims requiring user activity, or location-based games encouraging movement. The primary purpose must remain gaming; the app should not function as an unregulated medical tool.

Prohibited uses of Android Health and Fitness data

Given the sensitive nature of health, fitness, and wellness data, certain uses are strictly prohibited in order to protect user privacy and safety. Using data accessed via Android health permissions (including Health Connect, Body Sensors or other relevant permissions) for any of the following purposes is forbidden:

Commercial exploitation and advertising

• Transferring or selling user health or fitness data to third parties like advertising platforms, data brokers, or any information resellers.
• Transferring, selling, or using user health and fitness data for serving ads, including personalized or interest-based advertising.
• Transferring, selling, or using user health and fitness data to determine credit-worthiness or for lending purposes.
• Sharing health data with third parties without explicit, informed user consent.

Unauthorized or unsafe applications

• Transferring, selling, or using user health and fitness data with any product or service that may qualify as a medical device, unless the medical device app complies with all applicable regulations, including obtaining necessary clearances or approvals from relevant regulatory bodies (for example, U.S. FDA) for its intended use of health and fitness data, and the user has provided explicit consent for such use.
• Transferring, selling, or using user health and fitness data for any purpose or in any manner involving sensitive health information governed by specific privacy regulations (for example, Protected Health Information under HIPAA) unless user-initiated and in compliance with all such applicable laws and regulations.
• Do not use health and fitness data in developing, or for incorporation into, applications, environments or activities where the use or failure of health data could reasonably be expected to lead to death, personal injury, harm to individuals, or environmental or property damage.
• Do not access data obtained through Android health permissions using headless apps. Apps must display a clearly identifiable icon in the app tray, device app settings, notification icons, etc.
• Do not use health and fitness data APIs with apps that sync data between incompatible devices or platforms.
• Do not use Android health permissions to connect to applications, services or features that solely target children.

How do I request access to data from health and fitness permissions?

1. Review the relevant policies: Review and understand the approved use cases and requirements for accessing, sharing, and protecting health and fitness user data. To know more, read the Health Permissions by Androidpolicy and the guidance mentioned on this page.
2. Request permissions in Play Console: When submitting your app in Play Console, request the specific permissions required for the data types your app needs to support its features.

When requesting permissions, bear the following in mind:

• For each permission requested, provide a clear and detailed justification explaining how your app will use the data to benefit the user.
• If your app does not require access to specific data types, then you must not request access to these data types.
• Be as detailed as possible in documenting the purpose for your access requests.
• Request the minimum data types needed and provide a valid use case for each request.

For a visual guide on managing Health & Fitness permissions, you might find the following video helpful.

Examples of a good justification:

• Permission requested: Access to physical activity data.
• Justification: “Our app provides personalized workout plans. Access to physical activity data allows us to tailor recommendations based on users' current activity levels, enhancing their fitness journey.”
• Permission Requested (Body Sensors): android.permission.health.READ_HEART_RATE
• Justification: “Our app provides real-time heart rate monitoring during workouts to provide feedback to the user and allow them to adjust their workout intensity.”

Example of an incomplete justification:

• Permission requested: Access to physical activity data.
• Justification: “Needed for app functionality.” (This is too broad and lacks specific justification)

1. Describe privacy & security practices: Provide a comprehensive privacy policy that:
2. Provides an overview of your app's data collection, usage, and sharing practices. Include details about what data is collected, how it's used and stored, user controls, and data sharing practices.
3. Describes the security measures implemented to protect user data, such as encryption, access controls, and regular security assessments.

All access requests for health & fitness and body sensor permissions will be subject to review so that the use of this sensitive data aligns with approved use cases.

What happens if my request is incomplete or denied?

If your request is incomplete or denied, you will receive feedback through the Play Console. Common reasons for denial include:

• Lack of clear justification for the requested permissions.
• Misalignment with approved use cases.
• Insufficient detail about data collection, usage, and sharing practices.

Developers can revise and resubmit their requests with additional information or clarification.

Does the Health and fitness permissions policy apply to WearOS apps?

Yes, the Health and fitness permissions policy applies to all apps requesting access to the health, fitness and wellness permissions described above, including those designed for WearOS. Developers must ensure compliance with Health Connect policies regardless of the device type, including adherence to data access, use and privacy requirements.

What are the UI guidelines for Health and Fitness permissions and data requests?

To provide a smooth, reassuring user experience, focus on how you display Health and Fitness data within your app. Explain the purpose behind accessing each data type, and present the information in an organized, easily digestible format. Refer to the

Health Connect UI guidelines

for detailed information on this.

Was this helpful?

How can we improve it?