Google Play policy update (Apr 15, 2026): contacts access, account transfers, location, health data

Summary

Google Play’s April 15, 2026 policy announcement is one of those “looks like compliance” updates that turns into product work fast.

Key additions:

• A new Contacts Permissions policy that pushes apps away from broad contacts access.
• A new Account Transfer policy that requires using Play Console’s official ownership transfer workflow.

Key updates/reminders:

• Location permissions guidance now points developers toward a smaller “location button” scope as the recommended minimum for precise location.
• Health and Fitness data guidelines were updated to reflect Android’s more granular permissions and newer Health Connect data types, plus clarified prohibited use cases.

Source: https://support.google.com/googleplay/android-developer/answer/16926792?hl=en

What’s new (and what it implies)

1) Contacts Permissions (new policy)

Google explicitly says: if you do not need broad access to a user’s contacts, you should use the Android Contact Picker instead.

Practical implication: if your product currently asks for contacts “for convenience” (invite friends, autofill, suggestions), expect to justify that scope or redesign the flow.

2) Account Transfer (new policy)

If your developer account changes hands, you’re expected to use the official Transfer ownership workflow inside Play Console.

Practical implication: this is less about app code and more about M&A / vendor / ops hygiene. If your org acquires apps or shifts publishing entities, make sure the path you use is “supported”, not improvised.

Updated / clarified items worth a quick audit

Location Permissions (updated)

Google positions the location button as the recommended minimum scope for precise location.

If you still request broad background location, it’s worth re-checking whether:

• you can move to just-in-time requests,
• the UI explains why in plain language, and
• there’s a non-location fallback path.

Health data (reminder + expanded categories)

Google calls out newer Health Connect data types (including high-sensitivity categories) and reiterates prohibited uses (for example, using sensitive health data for employment or insurance eligibility decisions).

If you’re in health/fitness, treat this as a prompt to revisit:

• your data access rationale,
• retention windows,
• and “share” flows that might leak sensitive data.

Timing: the thing teams miss

Google notes you’ll have at least 30 days from Apr 15, 2026 to update impacted apps (and points to Policy Deadlines for specifics). Even if 30 days sounds generous, it disappears fast once you factor in release trains and review cycles.

What to do this week (tiny wins)

1. List every place you touch contacts or location Not “do we request it”, but “where does it create product value”. If you can’t write that sentence, it’s a candidate to remove.

2. Add one “scope-minimising” alternative path Contact picker, manual entry, or a restricted flow. Give yourself an escape hatch before enforcement gets noisy.

3. Write a one-paragraph transfer runbook If your org might ever transfer a developer account, document the intended Play Console workflow now (so it’s not decided mid-incident).

Category tag

Policy & Permissions

Internal links

• Retention marketing guide: /guides/retention-marketing-guide/
• Measurement and attribution guide: /guides/measurement-and-attribution-guide/

Editor: App Store Marketing Editorial Team