### Guide for building secure government apps


People need to trust the information provided by and data stored in apps that communicate
government information, such as voting and election information and government services
information (for example safety, licensing, and public assistance). Whether you are
affiliated with a government entity or creating an app to provide access to services,
trust in the app and the information communicated is essential. The key to building that
trust is having a strong security foundation for your app.


This guidance represents best practices for all apps. It may be particularly important
if you're developing an app that communicates government information.

## Security


The best defense for Android apps, to combat today's sophisticated and evolving attacks,
is a layered approach. Think about security before you begin building the app by adding
security practices to your software development lifecycle. Security should not be an
afterthought. Plan to use Android's built-in security features, use third-party libraries
with care, and have a robust testing process. Then, put programs in place so that if any
security issues make it live, you are the first to know about them. By making your
development process and app more secure, you help preserve user trust and device integrity.
[Learn more about security best practices](https://developer.android.com/security#security-best-practices)

## Privacy


While people want to know that their data is safe, they also want to know that their
data is being used as they expect. Start by reviewing all the Google Play user data
and privacy related policies. Then, be transparent about the access, use, collection,
and sharing of personal and sensitive user data using a complete, plain language privacy
policy. Where possible, give your users control over what data they share. By being
transparent and providing control you build people's trust in your app.
[Learn more about privacy best practices](https://developer.android.com/privacy)

## Policy


Whether you decide to publish your app on the Google Play store or distribute it by
other means, your app must comply with the relevant Google policies.


To start, review the policy guidelines regarding
[malware](https://developers.google.com/android/play-protect/phacategories) and
[mobile
unwanted software](https://developers.google.com/android/play-protect/mobile-unwanted-software) that apply to all Android apps. If you decide to publish your app on
the Google Play store, review the policy requirements on the
[Play Policy Center](https://play.google.com/about/developer-content-policy/).
Then check out the Android Developers website for resources and best
practices to effectively design a secure and policy compliant Android app.


Complying with Play Policies ensures your app meets the bar to be published and listed in
Google Play. While all policies apply, it is important to note that for government apps
there are specific policies you need to consider.


Learn more about the
[considerations for apps that communicate government information](https://support.google.com/googleplay/android-developer/answer/9514050).

## Resources

[![](http://android.devsite.corp.google.com/static/security/government/images/government-information-app.png)](https://playacademy.exceedlms.com/student/activity/23137)  

### [Communicate government information through apps](https://playacademy.exceedlms.com/student/activity/23137)

Google Play wants to help you ensure that if your app communicates government information, it does so transparently and empowers users with reliable and clearly sourced information.  
[![](http://android.devsite.corp.google.com/static/security/government/images/googplay-console-2-step-verification.png)](https://android-developers.googleblog.com/2020/08/android-developers.googplay-console-2-step-verification.html)  

### [Protecting your Google Play Console account with 2-Step Verification](https://android-developers.googleblog.com/2020/08/android-developers.googplay-console-2-step-verification.html)

Use Google's 2-step verification to grant your team members safe access to specific features in your developer account and increase the value of our tools for your organization.