your question is very general, therefore you’re getting an answer that is expansive on the topics that I think you should be reading about.
Your “problem” is that you don’t have a privacy policy. Google states in various places that you need a privacy policy when you handle user data in some way.
In your situation you seem to be accessing the following “dangerous” group permissions:
- android.permission.CAMERA,
- android.permission.RECORD_AUDIO,
- android.permission.READ_PHONE_STATE,
- android.permission.GET_ACCOUNTS,
- android.permission.READ_CONTACTS
You can read more about them and how the group works, here.
Adding a privacy policy
I can’t do this any better than Google, so here you go with added emphasis by me:
Adding a privacy policy to your app’s store listing helps provide transparency about how you treat sensitive user and device data.
For apps that request access to sensitive permissions or data (as defined in the user data policies): You must link to a privacy policy on your app’s store listing page and within your app. Make sure your privacy policy is available on an active URL, applies to your app, and specifically covers user privacy.
For apps in the Designed for Families program: You must link to a privacy policy on your app’s store listing page and within your app, regardless of your app’s access to sensitive permissions or data. Make sure your privacy policy is available on an active URL, applies to your app, and specifically covers user privacy.
For other apps: You’re not required to post a privacy policy.
Add a privacy policy to your store listing
- Go to your Google Play Developer Console.
- Select an app.
- Select Store Listing.
- Under “Privacy Policy,” enter the URL where you have the privacy policy hosted online.
- Select Save draft (new apps) or Submit update (existing apps).
What to include in your privacy policy in general
This depends on a lot of factors, but let’s keep it simple here. Below are some commonly requested elements of a privacy policy:
- Who is the site/app owner?
- What data is being collected? How is that data being collected?
- For which purposes is the data collected? Analytics? Email Marketing?
- What third parties will have access to the information? Will any third party collect data through widgets (e.g. social buttons) and integrations (e.g. facebook connect)?
- What rights do users have? Can they request to see the data you have on them, can they request to rectify, erase or block their data (under European regulations most of this is mandatory)?
- Description of process for notifying users and visitors of material changes to the privacy policy
- Effective date of the privacy policy
Your Google Play Permissions issue in particular
Now, given that Google has already helped you identify exactly what kind of information they want to see in addition to your basic privacy policy requirements (under “What to include in your privacy policy in general”), you should be able to add the necessary missing parts:
Tell your users what information you’re collecting in a way that they’ll understand:
- android.permission.CAMERA,
- android.permission.RECORD_AUDIO,
- android.permission.READ_PHONE_STATE,
- android.permission.GET_ACCOUNTS,
- android.permission.READ_CONTACTS
Then tell them what purpose it serves exactly. This needs to be done, it takes time.
The good news is, that there’s a tool that helps you with making disclosures like this that I work on daily. It’s called iubenda. Also, I’ve posted an article that helps you getting started with policies for the Google Play Store/Android. Hope this helps!