I upgraded APK on Play store but it got rejected with reason as
APK REQUIRES VALID PRIVACY POLICY & Prominent disclosure
Your app is uploading users' phone number, installed packages, and
email account information information via Mobiburn SDK
On checking dependency graph of app, I couldn't find any evidence of Mobiburn SDK. Also verified none of any 3rd party lib used in app, have ever used Mobiburn.
Checked signed/unsigned APK by reverse engineering (APK analyzer). There are few .SO files packaged in APK when using 3rd party SDK(s) - Somehow reverse engineered .SO files too. But no evidence of Mobiburn SDK found in code.
Does anyone experience this issue earlier? or What else I can try to find evidence for Mobiburn. Appreciate help.
I have had an update rejected before. I appealed and the appeal was accepted. It took a few days. You should have details about how to appeal in your email. But in case you don't, here is the link: https://support.google.com/googleplay/android-developer/contact/protectappeals
Don't worry, if it is fine they will reinstate your app.
One of 3rd party sdk/library used in application was extracting user's information without permission. It is then identified as Mobiburn SDK which was doing similar thing, However there are still no evidence of having Mobiburn SDK in our app though problem is resolved by including permission & prominent disclosure in app.
Related
I'm trying to publish a new version of my app on the Google Play console. Before it was fine but now I'm having difficult because it keeps rejected by Google. I did some research on different sites regarding on the issue for a fix but I could not find anything related to Flutter. Based on the eligibility issue it mention "Stripe SDK" but on my app I don't have or I didn't use any Stripe SDK package etc. I did do project wide search on my project source but I could not find any Stripe keywords. I only have in_app_purchase package (I'm not sure if there is something to do with it) I also added the privacy policy on the Play Developer Console and on the App itself but it still rejected. Has someone encountered this issue and how to fix it?
Screenshot from Google Play Console
Thanks!
Analyze your apk to see if the manifest contains the permission:
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
and also make sure none of your dependencies use the said permission or StripeSDK.
for details how to analyze apk visit:
docs
I'm having a really hard time getting new app updates on Google Play:
Before that, I successfully uploaded my app first version (1.0.0) and got approved (April 16, 2021), then I got user feedback regarding Android 11 because it was not possible. read some files, after a while of researching I added the MANAGEMENT_EXTERNAL_STORAGE permission to AndroidManifest.xml and uploaded the updated version 1.0.1 but was rejected because Google does not allow the use of the above permission & asked to remove it. waive this right.
Issue: Access to device storage not required The feature you
identified does not require unrestricted access to device storage.
There are other privacy friendly options for accessing files in shared
storage, such as using the system file picker, or, on the use case,
you can follow the recommendations for receiving data from other apps
listed here. Please update your app so that the feature uses a privacy
friendly alternative and remove All Files Access
(MANAGE_EXTERNAL_STORAGE) permission.
I continued to do more research and found it was directed as "Change Target SDK 30 -> 29 and Remove MANAGEMENT_EXTERNAL_STORAGE permission from AndroidManifest.xml", I followed and re-uploaded again but still denied, to now the number of times i have tried up to 14 times (tried always build .aab & .apk) but nothing changed...
I don't know if there is a better solution so hopefully someone can help me and most importantly why did I remove the permission but Google still reported the reason as above?
Thanks everyone.
Steps to follow:
1.Remove MANAGE_EXTERNAL_STORAGE
2.change version code and version name
3 change api level and build level to 30
4.clean build
Genreate signed Apk
It should work now
This is my first time submitting an app to the Google Play store, so I'm not very experienced with the process at all. After struggling for a bit to get it to build correctly, I was finally able to upload an app bundle and send it in for review. A few minutes later I got an email saying my app was "vulnerable to Intent Redirection" and recommended the following article for support: https://support.google.com/faqs/answer/9267555. The problem is I don't understand much of what the article is saying! As far as I know, I haven't messed with anything like this. I've only downloaded the base NDK and SDK stuff from Unity Hub, and I haven't changed any of the code in Android Studio at all. I asked Google for support, and they said:
"We’ve identified that your app is using the AliPay SDK or library, which facilitates the transmission of phone number information without meeting the prominent disclosure guidelines. If necessary, you can consult your SDK provider(s) for further information or please upgrade AliPay SDK version to 15.5.5 or higher."
Please help! Is there an easy fix to this that I'm missing somehow? I don't even know what AliPay is, as I said I'm a total beginner here. In case it's useful info to have, I'm using Unity 2019.2.13f1 on a Macbook Pro running High Sierra 10.13.6.
Well, do what the message says "upgrade AliPay SDK version to 15.5.5 or higher".
Just go to Android Studio and open your build.gradle file then update that lib version. It will be marked with a yellow line, that means that lib has an update. Focus on that line, then do Alt + Click then Enter, now sync and you've done. Upload the new apk.
I built my app using FirebaseUI-Android (firebaseui:firebase-ui-database) and squareup.picasso from github and I don't know anything about Licenses in github
What if i publish my app in google play without anything of Licenses just I use the libraries and don't know how I dealing with Licenses.
my app is for my users maybe for 20000 users and its for me not for a company.
please anyone explain this issue
what should I do now if my app ready to publish in google play...??
It does not matter how many and what libraries you use in your application. Using libraries is legal and should not cause any issue considering licences when publishing your application to Google Play Store.
Good luck :)
What was the precise error message?
The error message displayed by F-Droid was on the lines of"The new package is requesting a shared user which is already installed on the device and does not have matching signature.". The eror code was INSTALL_FAILED_SHARED_USER_INCOMPATIBLE / -8.
When did I encounter this issue?
When trying to install the app "Termux" from F-Droid. Essentially installing the apk and not from the Play Store.
What have I tried to solve this issue?
Search Stackoverflow for solutions
Uninstall app / Uninstall App for all users
Install App from Play Store and then uninstall it again
Possible Cause:
I previously had the app installed from Play Store and then uninstalled it before trying to reinstall it from F-Droid. This is the most probable cause in my opinion although I wasn't able to reproduce it on another device.
(Preempting my answer) As it turns out /data/system/packages.xml still contained the shared-user entry for the app including the signature. Which explains why I couldn't install the other apk, since they were signed with different key although they're the same apps and opensource.
Problem solved without root access:
I also encountered 'Error (-8): The new package has requested a shared user which is already installed on the device and does not have matching signature." after uninstalling termux in Google Play and attempting to reinstall it from F-Droid.
The phone was not rooted, so the solution suggested above was not available. However I noticed that some accompanying termux apps were still installed, namely termux API, termux tasker and termux styling.
After uninstalling them, as well as emptying the cache of several possibly relevant apps including google play store, google play services and package installer, I was able to install termux, along with the accompanying apps, from F-Droid.
How to solve it:
Warning: This is quite a brachial method to solve this issue. It also requires root access.
Based on one answer on xda-developers by the user tweakradje I have found the following to work for me:
Copy /data/system/packages.xml to another location or your computer.
Edit it with a text editor and remove the xml-block that has the the apps package-id as the name attribute. Example for the app "Termux" in this case:
<shard-user name="com.termux" userId="10102">
<sigs count="1">
<cert [...]/>
</sigs>
</shared-user>
Copy the modified version to /data/system/packages.xml and overwrite the old one.
Clear the dalvik cache ("adb shell rm /data/dalvik-chache/*" or via recovery)
Reboot
Install the apk which should go through this time
Note:
This most probably won't work for system packages (those that start with "android", e.g. "android.uid.system").
Further reading on shared-users:
Explanation of it's constraints
Android-Developer