Automotive location bypass allowlist policy

To enable an ADAS app (labeled as Features that help you drive for users) to utilize the Automotive Location Bypass API and be controlled separately from the general Android location switch, an OEM must allowlist the app to pass the Google Automotive Service (GAS) requirements. Additional permission is needed to access the GAS partner help center (to learn more, see Android for Cars).

Functionality

The requirement for ADAS-related functionality is described below.

Condition	Requirement
MUST	Limit scope of app to the General Safety Regulation-Intelligent Speed Assist (GSR-ISA) use case only. The GSR-ISA app is a required vehicle safety function mandated by Regulation 2019/2144 of the European Parliament. No other ADAS-related functionality are permitted for allowlisting at this time. No other ADAS-related functionality is permitted for allowlisting.
MUST NOT	Contain any nonessential functionality, not relevant to GSR-ISA, that can be separated into a different app.

User data handling

The requirement for handling user data is detailed below.

Condition	Requirement
MUST	Limit the access, collection, use, and sharing of personal or sensitive data acquired through the app to purposes directly related to providing and improving the GSR-ISA functionality.

Security

The requirement for location data security is described below.

Condition	Requirement
MUST	Handle all location data securely, including its transmission using modern cryptography and security standards (for example, over HTTPS).

User affordance

An affordance is provided to limit the ADAS functionality.

Condition	Requirement
MUST	Provide affordance for users to temporarily or permanently disable the ADAS functionality if they choose to do so. Note: This affordance does not have to be provided within Android.

User transparency

To provide transparency to users, apply the requirements described below.

Condition	Requirement
MUST	Provide a privacy policy comprehensively disclosing the types of personal and sensitive data your app accesses, collects, uses, and shares; and any parties with which any personal or sensitive user data is shared. MUST be posted in the designated fields in Location settings. MUST be presented as an independent disclosure and not be included with other disclosures unrelated to user data. MUST include a comprehensive list of the types of data being accessed or collected. MUST explain the purposes for which the data is accessed, used (for example, which features and functionality the data supports or how the data is used to improve the app), collected (for example, where the data is stored), and shared with other entities (third party or affiliated).
MUST NOT	Modify the user experience (UX) behavior or wording on the Location Settings pages, including any descriptions and strings pertaining to the ADAS location bypass.

Condition

Requirement

MUST

Provide a privacy policy comprehensively disclosing the types of personal and sensitive data your app accesses, collects, uses, and shares; and any parties with which any personal or sensitive user data is shared.

MUST be posted in the designated fields in Location settings.
MUST be presented as an independent disclosure and not be included with other disclosures unrelated to user data.
MUST include a comprehensive list of the types of data being accessed or collected.
MUST explain the purposes for which the data is accessed, used (for example, which features and functionality the data supports or how the data is used to improve the app), collected (for example, where the data is stored), and shared with other entities (third party or affiliated).

MUST NOT

Modify the user experience (UX) behavior or wording on the Location Settings pages, including any descriptions and strings pertaining to the ADAS location bypass.

Best practices for handling location information

The best practices for handing location information are described below.

Best practice Description

STRONGLY RECOMMEND Enable the VHAL property GENERAL_SAFETY_REGULATION_COMPLIANCE_REQUIREMENT to ensure other apps and services (for example, Setup Wizard) are correctly configured when a vehicle needs to meet EU General Safety Regulation (GSR) compliance requirements through Android.

SHOULD

Best practice	Description
STRONGLY RECOMMEND	Enable the VHAL property `GENERAL_SAFETY_REGULATION_COMPLIANCE_REQUIREMENT` to ensure other apps and services (for example, Setup Wizard) are correctly configured when a vehicle needs to meet EU General Safety Regulation (GSR) compliance requirements through Android.
SHOULD	If the app sends location data off the device: Only send the coarsest sensor information needed for functionality. Only send anonymized data whenever possible. Only retain the information temporarily for the shortest period of time needed for functionality.

If the app sends location data off the device:

Only send the coarsest sensor information needed for functionality.
Only send anonymized data whenever possible.
Only retain the information temporarily for the shortest period of time needed for functionality.