API permissions and requests to access sensitive information must be meaningful to the user. You can only request permissions and APIs to access sensitive information needed to implement the current functions or services in an application that are advertised in your Google Play listing. You cannot use permissions or APIs to get sensitive data that you provide access to the user or device data for undisclosed, or unauthorized features or purposes. Personal or sensitive data that is accessed through permissions or APIs to access sensitive information can never be sold.
Expects API to get confidential information and permission to get information in the setting (through steady demands) so that users understand why your application is requesting authorizations. Use the information just for the purposes for which the user has consented. If you later wish to use the data for different purposes, you should ask the user and ensure they fully agree to the additional use.
Restricted Permissions
Confidential devices or user information got via Restricted Permissions might be shared with third parties only if necessary to provide or improve existing features or services in the application from which the data is collected. You can also move data if necessary to comply with applicable law or as part of a merger, acquisition, or sale of assets with legal due notice to users. Any other transfer or sale of user data is prohibited.
Respect the user’s decision if he or she denies a limited permission request and users cannot be manipulated or forced to agree to any non-essential permissions. You should make the best efforts to attract users who do not provide access to private authorizations.