Hi Developers at Ministerio de Telecomunicaciones Ecuador,
Per last email, your app FirmaEC (ec.gob.firmadigital.firmaec_app) has been rejected from Google Play for not resolving the previously communicated policy issue (copied below for your reference). To resolve this issue and get your app changes published on Google Play, please address the issues highlighted in the earlier email and resubmit the app.
Publishing Status
App Status: Rejected
Your app has been rejected and wasn't published due to the policy issue(s) listed below. If you submitted an update, the previous version of your app is still available on Google Play.
Issue found: Permission use is not directly related to your app's core purpose.
We found that your app is not compliant with how REQUEST_INSTALL_PACKAGES permission is allowed to be used. Specifically, the use of the permission is not directly related to the core purpose of the app.
Issue details
We found an issue in the following area(s):
SPLIT_BUNDLE 15
Additionally, follow these steps to bring your app into compliance:
Please remove the use of REQUEST_INSTALL_PACKAGES permission from your app.
About the Request Install Packages Permission
The REQUEST_INSTALL_PACKAGES permission allows an application to request the installation of app packages. To use this permission, your app’s core functionality must include:
Sending or receiving app packages, AND
Enabling user-initiated installation of app packages.
Permitted functionalities include any of the following:
Web browsing or search
Communication services that support attachments
File sharing, transfer or management
Enterprise device management
Backup and restore
Device migration / phone transfer
The REQUEST_INSTALL_PACKAGES permission may not be used to perform self updates, modifications, or the bundling of other APKs in the asset file unless for device management purposes. All updates or installing of packages must abide by Google Play’s Device and Network Abuse policy and must be initiated and driven by the user.
For more help addressing this issue, read more in our Help Center.
Action required: Submit an updated app for review
Here's what to do to help get your app on Google Play:
Make sure to read the applicable policies or requirements listed below:
Request Install Packages Permission
Make appropriate changes to your app (if possible), and be sure to address the issue described above. You may also want to check your app's store listing for compliance, if applicable.
Double check that your app is compliant with all other Developer Program Policies.
If you made changes to your app bundle, store listing, or APK, please sign in to your Play Console and submit the update(s).
Contact support
If you've reviewed the policy and feel our decision may have been in error, please reach out to our policy support team. We'll get back to you within 2 business days.
try:
App is not compliant with how REQUEST_INSTALL_PACKAGES permission is allowed
Related
I got an email that is my app is rejected but in my developer console it shows in review, why?
App Status: Rejected
Your app has been rejected and wasn't published due to the policy issue(s) listed below. If you submitted an update, the previous version of your app is still available on Google Play.
Issue found: Not a core feature
The feature you identified that is dependent on this permission does not appear to be critical to the core functionality of your app.
Core functionality is defined as the main purpose of the app. Without this core functionality, the app is "broken" or rendered unusable. The core functionality, as well as any core features that comprise this core functionality, must all be prominently documented and promoted in the app's description.
Please update your app so that the feature does not use this permission or ensure that the core functionality is prominently documented and promoted in the app's description and resubmit your app on Play Developer console.
Additionally, follow these steps to bring your app into compliance:
Read more about Use of All Files Access Permission
See Android storage use cases and best practices
About the All Files Access Permission Policy
Files and directory attributes on a user's device are regarded as personal and sensitive user data subject to the Personal and Sensitive User Data policy and the following requirements:
Apps should only request access to device storage which is critical for the app to function, and may not request access to device storage on behalf of any third-party for any purpose that is unrelated to critical user-facing app functionality.
Android devices running Android "R" (Android 11) or later, will require the MANAGE_EXTERNAL_STORAGE permission in order to manage access in shared storage. All apps that target R or later and request broad access to shared storage ("All files access") must successfully pass an appropriate access review prior to publishing. Apps allowed to use this permission must clearly prompt users to enable "All files access" for their app under "Special app access" settings. For more information on the R requirements, please see this help article.
Yesterday my app was removed from Google Playstore because it was using the Stripe-Android SDK.
Here is the reason why my app was removed from Google Playstore :
We’ve identified that your app is using Stripe SDK or library, which
facilitates the transmission and collection of Phone Number and
Installed Application information without meeting the prominent
disclosure guidelines. Make sure to also post a privacy policy in both
the designated field in the Play Developer Console and from within the
Play distributed app itself. If necessary, you can consult your SDK
provider(s) for further information.
As on my side I do not collect any information of any kind, how could I solve this problem?
I finally managed to solve the problem. What you have to do is:
Update the Stripe SDK
Upload your app update to all release tracks (production, open,
closed and internal), incrementing the version number each time. Right after uploading the APK file and before resubmitting your app for review, please make sure to deactivate the non-compliant APK (*).
Go to the Publishing overview page and click Send for review to submit your changes. (This is important. I had missed this point)
Maybe Google will ask you to add a privacy policy too. You will have to:
Post a privacy policy explaining very precisely how you collect data and what you do with it. (even if you do not collect any data)
On the play console page, go to App Content -> Privacy policy and enter the URL of your privacy policy.
Inside your app, put a link to your privacy policy. (I missed that point too)
Less than 24 hours later, my app became accessible again on Play Store.
Good to know 1 : If you've done all of these steps and your app is still offline, you can contact the Google policy support team at https://support.google.com/googleplay/android-developer/contact/emailappeals
(*) Good to know 2 : Here is where you can deactivate the non-compliant Bundle:
In my case,
I forgot to follow the installation instructions from Stripe SDK
I added the following clause in my privacy policy:
"MY_APP uses stripe payments. which requires information about your phone number and apps installed on the device in order to ensure secure and successful payment."
and it worked ✨
our previous apk has been removed from google play store due to new policy because of we are giving permission for READ, SEND and WRITE SMS. Now we have removed all these permission and trying to deploy this modified apk on play store. When we upload it on play store, google ask some permission like Default SMS handler, Phone handler etc. but out app didn't have such permissions. Google restrict us to select at least one permission and when we continue with one of these permission(we are selecting Default SMS handler), every time google is rejecting our apk and removing our apk from play store.
Can any one guide us to get out this problem?
I have searched over google but unable to find how to set permission for Default SMS handler in android manifest.xml?
If you have permissions which deal with Reading SMS, OR Call Logs it will come under the use of high risk or sensitive permission. Please read that for detail info.
Google Play may provide a temporary exception to apps that aren't Default SMS, Phone, or Assistant handlers when:
Use of the permission provides core app functionality to users.
There is currently no alternative method to provide the core functionality.
You must fill the form and google will approve it.
If you think that this permissions are necessary for your app and not just useless, you can follow the steps mentioned in the official document here.
This question already has answers here:
Is my app or its dependencies violating the Android Advertising Id policy?
(19 answers)
Closed 4 years ago.
I received this email a few weeks ago:
Issue: Violation of Usage of Android Advertising ID policy and section
4.8 of the Developer Distribution Agreement
Google Play requires developers to provide a valid privacy policy when
the app requests or handles sensitive user or device information.
We’ve identified that your app collects and transmits the Android
advertising identifier, which is subject to a privacy policy
requirement. If your app collects the Android advertising ID, you must
provide a valid privacy policy in both the designated field in the
Play Console, and from within the app.
But the problem is that I have no access to the source code of the affected app because my laptop was stolen a few months ago and I did not back up the code for that app. So I have a few questions I need to ask.
Can I update the policy in the console alone without updating the app?
Can I just disable the AdMob ads completely without updating the app and will it get accepted?
If the above is not possible then Is there a way to recover my app's source code from the google play console or APK files ?
What else can I do to solve this problem?
Can I update the policy in the console alone without updating the app?
You can simply update the privacy policy URL from the Google Play Console.
You need to mention clearly that you don't collect any personally identifiable data and also mention about other data which may be collected by 3rd party libraries.
Can I just disable the AdMob ads completely without updating the app and will it get accepted?
You can disable ads from Admob's website. But since the Ad SDK is already packed into your app, doing so will not approve your app.
If the above is not possible then Is there a way to recover my app's source code from the google play console or APK files ?
You cannot fully recover the source code. But if you hadn't used proguard to obfuscate the source code, you might be able to get some part of it by decompiling the APK. You can use a tool called JADX to decompile the APK file.
What else can I do to solve this problem?
Apart from updating app without ads and updating privacy policy URL, you can create another similar app from scratch with same package name and signature. But I guess you don't have access to the Keystore, in that case updating privacy policy is your only option.
Today i received an email from Google Play Team. How can I find which library or SDK is violating the conditions of the Google Play? Here is the content of mail:
This is a notification that your application, is currently in
violation of our developer terms. REASON FOR WARNING: Violation of the
Personal and Confidential Information provision of the Developer
Distribution Agreement:
(Dangerous Products): Apps that collect information (such as the
user's location or behavior) without the user's knowledge (spyware) …
are prohibited on Google Play. (Personal and Confidential
Information): We don't allow unauthorized publishing or disclosure of
people's private and confidential information, such as credit card
numbers, government identification numbers, driver's and other license
numbers, non-public contacts, or any other information that is not
publicly accessible. We have determined that one or more Ad SDKs or
libraries used in the above app facilitates the transmission of the
list of installed apps on the user’s device to a server without
conspicuous disclosure to the user that this is happening. This
violates the above policy provision. Please evaluate any third party
libraries for compliance and/or consult your Ad SDK provider(s) for
further information if necessary.
Your application will be removed if you do not bring it into
compliance by removing the ads sdk or library from your app, or
updating to a compliant version of the SDK(s) or library(ies) within
30 days of the issuance of this notification. If you have additional
applications in your catalog, please also review them for compliance.
Note that any remaining applications found to be in violation will be
removed from the Google Play Store.
Please also consult the Policy and Best Practices and the Developer
Distribution Agreement as you bring your applications into compliance.
You can also review this Google Play Help Center article for more
information on this warning.
All violations are tracked. Serious or repeated violations of any
nature will result in the termination of your developer account, and
investigation and possible termination of related Google accounts.
The Google Play Team
WOW!
exactly the same mail I received from Google play 2 days back! Word by word same.
Great, So the issue 100% is the permission settings for the Flurry and TapStream SDKs. I just contacted Flurry/Tapstream for this, awaiting a reply from them.
By the way I checked Tap Stream here
You can clearly see they have asked for adding an intent under the application tag
<receiver android:name="com.tapstream.sdk.ReferrerReceiver" android:exported="true" >
<intent-filter>
<action android:name="com.android.vending.INSTALL_REFERRER" />
</intent-filter>
</receiver>
This is used to get the list of apps installed just to record analytics to count the App installs and see how many users are still using the App.
but regarding the Location collecetion [Dangerous content] I still have to figure out.
One possible measure I have thought of doing is adding an EULA before letting user use the app, on the first run. It makes sure that my back is covered. Additionally, you can also add permission for FINE_LOCATION under manifest. Since it is for sure that one/both of the SDKs are using user location.
Good question!
Will update as soon as I receive any updates.
UPDATE
Finally, I received Mail from Tapstream, they are saying that they have made changes according to the Google's Policy change on November 15 2014 hence, asked me to change the SDK version to the lastest one.
Quoted here
Hi there,
Tapstream has updated its Android SDK to comply with a recent Google Play store policy change.
Due to this policy change, a minor component of Tapstream's device identification process can no longer be collected by the Android SDK. This change will not impact your tracking.
To avoid any app approval issues on the Play store, you should deploy this new SDK as soon as possible.
You can find the updated Android SDK here: tapstream.com/developer/android/sdk
The updated SDK is a drop-in replacement; no other changes are required. If you need any assistance, or would like further information, just reply to this email.
I hope that might serve as a solution apparently.