I'm trying to publish a new version of my app on the Google Play console. Before it was fine but now I'm having difficult because it keeps rejected by Google. I did some research on different sites regarding on the issue for a fix but I could not find anything related to Flutter. Based on the eligibility issue it mention "Stripe SDK" but on my app I don't have or I didn't use any Stripe SDK package etc. I did do project wide search on my project source but I could not find any Stripe keywords. I only have in_app_purchase package (I'm not sure if there is something to do with it) I also added the privacy policy on the Play Developer Console and on the App itself but it still rejected. Has someone encountered this issue and how to fix it?
Screenshot from Google Play Console
Thanks!
Analyze your apk to see if the manifest contains the permission:
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
and also make sure none of your dependencies use the said permission or StripeSDK.
for details how to analyze apk visit:
docs
Related
Is anyone got rejected from google play because of REQUEST_INSTALL_PACKAGES permission ?
I removed this permission from my app even removed plugin which used it but still got this rejection.
I checked all android manifest files, even all logs there is no REQUEST_INSTALL_PACKAGES permission
I had the same issue. Actually, there will be some other older build which is containing REQUEST_INSTALL_PACKAGES permission in the Testing(OPEN, CLOSED, INTERNAL) section that's why they are rejecting the app.
You can find such a build in the Policy Status section of the app console.
Btw, To fix this you have to suspend all such kinds of builds.
One way of doing it is, Take a fresh build and upload it to Internal Testing then promote this build to OPEN testing & after then promote it to production from the OPEN testing section.
This way it will exclude the older build and your fresh build will be approved. Added Screenshot for reference.
It may be in some library that you are using, which cannot be controlled, so remove it by add this to your AndroidManifest.xml:
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES"
tools:node="remove"/>
Status: Approved with Issues - Further Action Required
We found issues with your app. You need to review and take action as described below, so that your app is not impacted in the future.
Issue found: Use of permission is not directly related to the core purpose of the app.
We found that your app is not compliant with how REQUEST_INSTALL_PACKAGES permission is allowed to be used. Specifically, the use of the permission is not directly related to the core purpose of the app.
Additionally, follow these steps to bring your app into compliance:
Please remove the use of REQUEST_INSTALL_PACKAGES permission from your app.
About the Request Install Packages Permission
Starting September 29, 2022, your app must be in compliance with the REQUEST_INSTALL_PACKAGES permission or your app may face additional enforcement actions. The REQUEST_INSTALL_PACKAGES permission allows an application to request the installation of app packages. To use this permission, your app’s core functionality must include:
Sending or receiving app packages, AND
Enabling user-initiated installation of app packages.
Permitted functionalities include any of the following:
Web browsing or search
Communication services that support attachments
File sharing, transfer or management
Enterprise device management
The REQUEST_INSTALL_PACKAGES permission may not be used to perform self updates, modifications, or the bundling of other APKs in the asset file unless for device management purposes. All updates or installing of packages must abide by Google Play’s Device and Network Abuse policy and must be initiated and driven by the user.
For more help addressing this issue, read more in our Help Center.
If your app does not install other apps externally, simply add the following permission to the manifest.
<uses-permission
android:name="android.permission.REQUEST_INSTALL_PACKAGES"
tools:node="remove"/>
I faced the same issue a month ago. This is related to the open_file package using REQUEST_INSTALL_PACKAGES permission in the manifest.
Issue: https://github.com/crazecoder/open_file/issues/204
The recommended solution is to use this fork: https://github.com/bertoldofonseca/better_open_file
I faced the same issue yesterdey. This permission used by open_file package.
you can user alternative packages such as better_open_file or open_filex or you can by pass this permission by adding belove code to AndroidManifest.xml:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="{you package name}"
xmlns:tools="http://schemas.android.com/tools">
and in permissions section add this code:
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES" tools:node="remove"/>
good luck
If you are going to delete this permission from manifest of your app. You need to do these:
REMEMBER It's unnecessary to remove any pub.dev package which uses REQUEST_INSTALL_PACKAGES permission, after adding this to your manifest
android:name="android.permission.REQUEST_INSTALL_PACKAGES" tools:node="remove"/>
because, they remove all such kinda permission from merged manifest file(make sure that manifest opening tag involve xmlns tools like that
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
package="YOU_APP_PACKAGE_NAME">
ONE OF THE MOST IMPORTANT STEP:
You need to update all Open Testing, Internal testing and Closed testing (all tracks even if they are not active). Update your Production channel too. You can check that you updated all required ones in Policy -> App content -> App bundles and APKs using sensitive permissions section. If section is not shown here, then you updated all tracks and channels
AFTER DOING JUST THESE SIMPLE BUT REQUIRED STEPS, YOUR NEW VERSION WILL BE ACCEPTED. GUARANTEED
Remove the permission from your manifest and in-app functionality.
Double check that your app is compliant with all other Developer Program Policies.
Sign in to Play Console and submit the update to your app.
Alternatively, you may also choose to deactivate these versions to avoid additional enforcements that could occur. You may follow the given steps to deactivate the non-compliant app bundles or APKS:
Go to your Play Console.
Select the app.
Go to the track where the non-compliant APK or app bundle is.
Near the top right of the page, click Create new release. (You may need to click Manage track first) If the release with the violating APK is in a draft state, discard the release.
Under the new release page, you can choose to: A) Upload a new, compliant APK/app bundle and make sure the new release is rolled out 100% to completely deactivate the non-compliant APK. B) Not upload any new APK/app bundle (publish an empty release to just deactivate the non-compliant old version).
Regardless of what you choose in step 5, please make sure that the non-compliant version of APK/app bundle is under the Not included section of this new release. For further guidance, please see the "Not included (app bundles and APKs)" section in the Play Console Help article.
To save any changes you make to your release, select Save.
When you've finished preparing your release, select Review release.
If the non-compliant APK is released to multiple tracks, repeat steps 3-8 in each track.
Experienced the same issue a week ago. Check your builds in the Internal Testing or any other environments. Because I received the same email, but there was no information about where exactly this permission exists. Because I removed it from production build. But when I wrote to policy status technical support - they answered that the issues in the build in the Internal testing environment. I updated the build for Internal Testing and app in production was accepted.
I don't know why I have to update build in the Internal testing, because I haven't updated it for months.
But rules are rules.
i have an APP published in play store. This APP has a lib that uses the QUERY_ALL_PACKAGES permission.
So, i remove this permission in my AndroidManifest.xml
<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES" tools:node="remove"
tools:ignore="QueryAllPackagesPermission" />
After that i uploaded a new version to the play console, but it still keeps saying that the QUERY_ALL_PACKAGES permission is present.
My new build: 3603
Note that the QUERY_ALL_PACKAGES permission does not exist in this build
It seems that somehow the problem is still being associated with the previous version where it still had the QUERY_ALL_PACKAGES permission.
ps: BUILD 3494 is a older build
In short, I can't upload a version with updated permissions, because it still asks to fill in the form to use QUERY_ALL_PACKAGES, even removing this permission.
can anyone help?
I had the same issue as well, I ended up following this user's recommendation Updating an app that has sensitive permissions on the Google Play Console . I checked the app functionality, in the description I said I didn't need the functionality anymore with my newest release. I uploaded a bogus youtube video link. After about 5 min I was able to release the newest version without the QUERY_ALL_PACKAGES permission.
I was facing same issue because of my third party packages using Query all packages permission to Solve this
If you are using linux or unix based os then just go to location where flutter third party packages are installed in my case loaction is
~/snap/flutter/common/flutter/.pub-cache/hosted/pub.dartlang.org
Just run the following command in terminal
grep -r QUERY_ALL_PACKAGES *
this will gives all packages pubspec.yaml file path that uses query all packages permission remove or replace that packages
I believe this question describes the same problem, and it was answered.
QUERY_ALL_PACKAGES permission issue while my app doesn't contain it
According to google policy your All active Bundle versions need to be compliant as per google policy,
You just need to update the new version and increase the version number of Your App in all the production and testing(Internal/closed/Open) if any to deactivate the versions using QUERY_ALL_PACKAGES.
Follow this video
https://www.youtube.com/watch?v=mwTefutgXSU
I upgraded APK on Play store but it got rejected with reason as
APK REQUIRES VALID PRIVACY POLICY & Prominent disclosure
Your app is uploading users' phone number, installed packages, and
email account information information via Mobiburn SDK
On checking dependency graph of app, I couldn't find any evidence of Mobiburn SDK. Also verified none of any 3rd party lib used in app, have ever used Mobiburn.
Checked signed/unsigned APK by reverse engineering (APK analyzer). There are few .SO files packaged in APK when using 3rd party SDK(s) - Somehow reverse engineered .SO files too. But no evidence of Mobiburn SDK found in code.
Does anyone experience this issue earlier? or What else I can try to find evidence for Mobiburn. Appreciate help.
I have had an update rejected before. I appealed and the appeal was accepted. It took a few days. You should have details about how to appeal in your email. But in case you don't, here is the link: https://support.google.com/googleplay/android-developer/contact/protectappeals
Don't worry, if it is fine they will reinstate your app.
One of 3rd party sdk/library used in application was extracting user's information without permission. It is then identified as Mobiburn SDK which was doing similar thing, However there are still no evidence of having Mobiburn SDK in our app though problem is resolved by including permission & prominent disclosure in app.
I have an app on Google Play and I tried finding resources on how to "correctly" fix a bug in my app? Do I un publish my app then upload a new APK? I tried this, but I get the message:
"Upload failed
You need to use a different version code for your APK because you already have one with version code 1."
And so I am wondering what is the correct protocol to fix a bug to an already published app on Google Play. That being said, I un published the app currently. Also, I do not feel it's necessary to update the version number because of this minor bug. Any ideas. Thanks!
If you need to update the binary which is in google play store you must increment the version name and version number in Android manifest file. There is no other way to hack this.
Previously versions were maintained in AndroidManifest.xml file. But now in Android Studio it is handled in the app's build.gradle file.