Google Play Personal Loans Policy

Updates in adherence to Google Play Personal Loans Policy

Google Play Personal Loans Policy

Updates in adherence to Google Play Personal Loans Policy

download

Google Play Personal Loans Policy: What changed, impact, and mitigations for digital lenders

Executive summary

  • Google Play has tightened its Financial Services, Personal Loans policy. Personal-loan apps, lines of credit, facilitators/lead generators, accessory credit apps (calculators/guides), and EWA apps are prohibited from accessing several sensitive permissions (e.g., contacts, photos/videos, precise location, phone numbers, broad app visibility, external storage).
  • Expect enforcement during app review and on updates. Non‑compliance can lead to rejection or removal.
  • Impact on data-driven lending: certain device signals will no longer be available, which can reduce model lift if you relied on them.
  • Credolab’s view: Compliance first. Predictive performance can be preserved with a tailor‑made model that taps our 11M+ engineered features (vs. the ~100 features many clients use today) and focuses on permitted, stable signals.

What changed (at a glance)

Who’s in scope

  • Personal‑loan apps (including lead generators/facilitators and lines of credit)
  • Accessory loan/credit apps (e.g., calculators, guides)
  • Earned Wage Access (EWA) apps

Prohibited permissions for in‑scope apps (examples)

  • READ_CONTACTS (no phonebook access)
  • READ_MEDIA_IMAGES / READ_MEDIA_VIDEO (no broad photo/video access)
  • READ_EXTERNAL_STORAGE / WRITE_EXTERNAL_STORAGE
  • ACCESS_FINE_LOCATION (precise location)
  • READ_PHONE_NUMBERS
  • QUERY_ALL_PACKAGES (no broad installed‑app inventory)

Other ongoing requirements (selected)

  • App category must be set to "Finance".
  • Disclose min/max repayment period, max APR, representative cost example, privacy policy in store listing.
  • Short‑term personal loans (≤60 days) are not allowed.
  • US APR ≥36% is not allowed.
  • Country‑specific licensing and disclosures apply for India, Indonesia, Philippines, Nigeria, Kenya, Pakistan, and Thailand.

Timing

Enforcement is active. Assume no grace if you newly request a prohibited permission.

What this means for your app and models

The following signals are likely to disappear:

  • Contacts/phonebook: Referral flows, social‑graph heuristics, collections “friend reach” tactics.
  • Photos/videos/external storage: Any verification or “gallery scan”‑type checks.
  • Precise location: Fine‑grained geolocation features.
  • Read phone numbers: Automatic line detection, some telco‑based heuristics.
  • Installed‑app inventory (broad): Installed apps features via QUERY_ALL_PACKAGES.

GDPR Privacy Policy

GDPR Credolab privacy statement for consumers in the European Union.

CCPA Privacy Policy

Credolab supplemental privacy statement for Californian consumers.

LGPD Privacy Policy

LGPD Credolab privacy statement for consumers in Brazil.

Política de Privacidad LFPDPPP

Ley Federal de Protección de Datos Personales en Posesión de Particulares (LFPDPPP) Declaración de privacidad de Credolab para consumidores en los Estados Unidos Mexicanos.

PDPA Privacy notice

Credolab privacy statement for residents of Singapore.

TruValidate Anti-fraud Privacy Policy

Credolab supplemental privacy statement for clients using the Anti-Fraud solution of TransUnion TruValidate.

Online Demo User Agreement

User agreement for the use of the Online Demo

CredoLab Website Cookie Policy

Credolab privacy statements for visitors of this website.

SUBSCRIBE TO
OUR LATEST NEWSLETTER

Join 25,000+ practitioners from risk, fraud and marketing teams to discover behavioural data insights