Mobile app legal compliance checklist (Australia)
Mobile apps face overlapping legal requirements — privacy law, consumer law, app store policies, and sector-specific regulation. This checklist covers the key legal compliance steps for apps distributed to Australian users.
This is a 12-step checklist for reviewing the legal compliance of a mobile app targeting Australian users. It covers privacy disclosures, app store requirements, in-app purchases, data handling, and consumer law obligations.
The checklist
Draft an app-specific privacy policy
Prepare a privacy policy that covers the app's specific data collection — location, contacts, camera, microphone, health data — and is accessible within the app.
Implement permission consent flows
Request device permissions (location, camera, notifications) at the point of use with clear explanations, not on first launch.
Review app store compliance
Confirm compliance with Apple App Store Review Guidelines and Google Play Developer Policy Centre requirements for the app category.
Check in-app purchase requirements
If the app includes in-app purchases or subscriptions, comply with app store billing rules and ACL requirements for transparent pricing.
Draft terms of service
Prepare app terms of service covering user conduct, licence grant, limitation of liability, and account termination.
Review children's data handling
If the app collects data from children under 18, implement additional safeguards consistent with the APPs and the OAIC's guidance on children's privacy.
Confirm data encryption and storage
Confirm that personal information is encrypted in transit and at rest, and that data storage complies with APP 11 security requirements.
Review third-party SDK data sharing
Audit all third-party SDKs (analytics, advertising, crash reporting) for data collection and sharing practices, and disclose them in the privacy policy.
Check push notification compliance
Confirm push notifications comply with the Spam Act (commercial messages require consent and an opt-out mechanism).
Assess accessibility
Review the app against WCAG 2.1 AA and platform-specific accessibility guidelines to reduce discrimination complaint risk.
Implement data deletion capability
Provide users with the ability to request deletion of their data, consistent with APP 13 and app store account deletion requirements.
Prepare a data breach response plan
Confirm the business has a notifiable data breach response plan that covers the app's data and can be activated within the statutory timeframe.
When this checklist applies
Use this checklist when launching a new mobile app, updating an existing app, or conducting a periodic legal compliance review.
Common pitfalls
- Burying the privacy policy in app store metadata instead of making it accessible within the app
- Not auditing third-party SDKs for hidden data collection
- Requesting all device permissions upfront rather than at point of use
- Failing to implement Apple and Google's account deletion requirements
- Overlooking children's data protections even when the app is not marketed to children
Run this checklist on a real matter
Quillio reviews mobile app policies and permissions for legal compliance. Start a free trial at /free-trial.
This checklist is a general guide. App compliance involves platform-specific rules and sector-specific regulation — obtain tailored legal and technical advice.
Use this checklist on your matter.
Quillio can run this checklist on a specific NSW conveyancing matter — confirm each item, calculate adjustments, and generate the supporting documents. The free trial requires no credit card.
Start your free trial