This guide helps app developers meet personal information protection requirements when integrating the OSS SDK. Use this guide to verify that your app correctly discloses SDK data practices, initializes the SDK at the right time, and requests only the necessary system permissions.
Disclose the SDK in your privacy policy
Apps that integrate the OSS SDK must inform end users about the SDK in the app's privacy policy or Third-party SDK Sharing List. Include all of the following fields:
| Field | Value |
|---|---|
| SDK name | OSS SDK |
| Purpose | Upload and download objects using Object Storage Service (OSS) |
| Personal information collected | System name, system version number, network connection method, mobile phone model, build ID |
| Privacy policy | OSS compliance certifications |
Copy this table into your app's Third-party SDK Sharing List and update the privacy policy link if needed.
Initialize the SDK after user consent
The OSS SDK must not be initialized until the user has explicitly agreed to the app's privacy policy. Apply the following rules in your integration:
Initialize the SDK only after the user accepts the privacy policy on first launch.
Call SDK API operations only when the user actively uses the corresponding feature — not in advance or in the background.
Do not collect device information immediately after the user accepts the privacy policy. Collect it only when the SDK feature is actually invoked.
Android permissions
The OSS SDK requires the following Android system permissions. Request each permission before calling the relevant API operation.
| Permission | Required | Purpose | If not granted |
|---|---|---|---|
INTERNET | Yes | Access the network for upload and download | Upload and download features are unavailable |
READ_EXTERNAL_STORAGE | Yes | Read local files during data upload | Cannot upload files from local storage |
WRITE_EXTERNAL_STORAGE | No | Write log files and record files for multipart upload and download tasks | Logging and multipart task recording are unavailable |
Note: Grant WRITE_EXTERNAL_STORAGE to enable full logging and multipart upload/download tracking.