I have been received a mail from google, saying that your "We found your app is using a non-compliant version of Vungle SDK".
I search-out about this problem but i can't find-out the solution.
Any-one please help me out to this issue i will be very thank full to you.
I also attached the image of mail.
Our sincerest apologies for the flagging from Google. We understand the pain it can be to update SDKs on short notice. The good news is that all recent Vungle SDKs starting, with Vungle’s SDK 6.5.3, are compliant. More detail below:
The warning message relates to Android sideloading functionality present in only our 6.0-6.4 SDKs and has since been deprecated by Vungle. If you still have a pre-6.5 Android SDK present in your applications please update to the latest version. We learned this includes all tracks (production, beta, QA, etc.) which need to be updated. Please find the latest SDK here and Vungle's FAQ here.
Please always feel free to reach out to our support team for help at tech-support#vungle.com
Related
My app is written on android native code and I got this warning on the play store console
Your app "appName" version code "xxxx" includes SDK com.segment.analytics.android:analytics or an SDK that one of your libraries depends on, which collects personal or sensitive data that includes but may not be limited to Advertising ID, Android ID identifiers. Persistent device identifiers may not be linked to other personal and sensitive user data or resettable device identifiers as described in the User Data policy.
ACTION REQUIRED: Upload a new compliant version AND deactivate the noncompliant version.
But I don't have that library on my project, the only libraries related to firebase that I have are these:
"com.google.firebase:firebase-crashlytics:17.4.0",
"com.google.firebase:firebase-analytics:18.0.2",
"com.google.firebase:firebase-perf:20.0.2",
"com.google.firebase:firebase-core:18.0.0",
"com.google.firebase:firebase-auth:20.0.1",
"com.google.firebase:firebase-messaging:21.0.1",
But I don't know how to solve this, should I update all of them and upload my app again and check if I received this warning again or not to see if it was solved? I need to solve this because I won't be able to upload more app versions in the following months.
Thank you for being so helpful, it's really appreciated.
Some people have asked me if I solved this, and the short answer is yes, I did. Unfortunately, nobody gave me a specific answer about how to solve it, and the problem is that I think I used a bazooka to kill a fly.
The process for solving this was this:
I updated all Firebase dependencies, I was using these:
com.google.firebase:firebase-crashlytics,
com.google.firebase:firebase-analytics,
com.google.firebase:firebase-perf,
com.google.firebase:firebase-core,
com.google.firebase:firebase-auth,
com.google.firebase:firebase-messaging
I update them using firebase-bom version 30.3.2
Also, I updated other google dependencies, I'm not 100% sure that this affected the solution, however, I want to document all just in case you are also using them, and you can consider it out.
com.google.android.gms:play-services-auth:20.2.0,
com.google.android.gms:play-services-auth-api-phone:18.0.1,
com.google.android.gms:play-services-analytics:18.0.1,
com.google.android.gms:play-services-base:18.1.0,
com.google.android.gms:play-services-location:20.0.0,
com.google.android.gms:play-services-maps:18.0.1
After using these versions, I uploaded the new build and did not see the problem again in the Google console for this version and later
Sorry for not being specific in the needed dependency to be updated, I didn't have a chance to test the combinations to discover them.
Our App which is being made on unity has been removed from Google Play Store and got these details in email :
Your app is using the Branch IO SDK, which is uploading users Installed
Packages information to https://api.branch.io/v1/applist without a
prominent disclosure. Prior to the collection and transmission, it
must prominently highlight how the user data will be used, describe
the type of data being collected and have the user provide affirmative
consent for such use.
We went through our project and apparently we are not using any branch.io sdk explicitly in our app. We weren't able to find any fix on any forums. How can we find the issue and fix it? Please help.
This was part of a recent change the Google made related to GDPR. You should have gotten a warning email from Google as well as Branch regarding this.
You must remove all versions of your Android App (Active/Inactive/Archived) that have the Android Branch SDK version < 2.11.1.
Once you remove these versions, Google should place your App back onto the Play Store.
Here is a guide on removing older versions of your App: https://branch.app.link/apk-removal-guide.
If you run into any issues, please write into support#branch.io. Thanks.
For a while now I've had a warning on my developer console regarding a MoPub security vulnerability. It comes from my mediation ad network (Appodeal). However, I have long since receiving this warning removed ALL ads from the application and resubmitted quite a few new apk versions, but the warning persists.
When I say i've removed all ads, I mean all external libraries (including MoPub), all code & anything declared in the manifest. I can't figure out what is lingering in the app that is triggering off this warning. Usually after posting an update the warning will go away for a few hours after submission, and then return. It's doing my head in.
What, precisely, do I need to do to stop this warning message? Thanks in advance.
Here is a Google Help link explaining the issue: https://support.google.com/faqs/answer/6345928
You shouldn't remove Mopub, you just need to update Appodeal sdk.
You can find the link to the new sdk version here (native android): http://www.appodeal.com/sdk/documentation?framework=1&full=1&platform=1#p_2
And also you can write to Appodeal support chat about any technical questions :)
Please, explain me, what is it?
I have received a message from GP, with this text:
Hello Google Play Developer,
We detected that your app(s) listed at the end of this email are
potentially leaking credentials used to make network requests (HTTP
and FTP).
Please check for cases where you use url-encoded basic access
authentication, for example a URL such as
https://username:password#www.example.com/. We recommend that you
immediately change the credentials and redesign your app to avoid
including them.
Next steps
Sign in to your Developer Console and submit the updated version of your app.
Check back after five hours - we’ll show a warning message if the app hasn’t been updated correctly.
Exposed developer credentials can allow an attacker to compromise your
systems which puts user data at risk. For other technical questions
about the vulnerability, you can post to Stack Overflow and use the
tag “android-security.”
We’re here to help
If you feel we have sent this warning in error, you can contact our
developer support team.
Regards,
The Google Play Team
I don't understand what a problem with my app, please help me. What should I change in my app?
I was including Appodeal library in my free and premium app. I got this warning recently, I removed Appodeal and no longer have the warning in Google Play. Even though I wasn't using ads in Premium, I was including the Appodeal library in the binary as they are different flavors of the same Android Studio project. Looks like their problem. I had removed Appodeal from my free app a couple days ago for a different reason (https://medium.com/#greenrobotllc/response-to-1-star-review-problem-ads-auto-opening-app-store-on-lolcats-android-f1c7b7991caa#.milc5rcvs). A day or so after the free update to Google, I got this exact email about the premium version which I hadn't updated.
So check your 3rd party libraries.
Andy, Pablo and others wonderful people, who have visited this topic.
The problem was solved recently.
All you need to do - just update Appodeal SDK to the last one (ver. 1.14.15).
You can find it in our docs
Also you can download Android SDK here (Native Android).
Regards,
Andrew
Appodeal Support Team.
I can confirm that If you are using the Appodeal SDK you will get this alert as developer. I have contacted Appodeal support and this is their answer:
Ivan Prokopenko: Hi Pablo! we found the problem. It was problem with network, we contacted with support of network. We'll update SDK in next future, it will solve the problem. but don't worry, it's not critical
mytarget SDK has the same problem like Appodeal SDK. We have contacted mytarget support too and this is their answer:
Hello Yan, Thank you for reaching out.
No credentials and any personal data was involved, so no problem with
leaking any data with our SDK. But to prevent the Google Play to
display the warning yesterday we updated our SDK - latest version is
4.5.1. Here is the change log - "Changed format of internal constant, because of which Google Play could display warning».
So for your next update you can update our SDK. You can download
latest version there -
https://bintray.com/mytarget/maven/mytarget-sdk/view#files/com/my/target/mytarget-sdk
Please let me know if you have any questions.
So check your 3rd party libraries.
I am not happy with the current version of my app in the Play Store. I would like to disable it (for now).
Q: If I disable it, are the users who already upgraded to the new version eventually downgraded to the older (re-activated) version?
No, they stay on the last published version as far as I'm aware. People who have installed the version you are not happy with will keep having it even after you deactivate.
There is no downgrade or "revert to previous" process.
If you're unhappy, best thing to do if possible it to post an update/fixed version before you deactivate.
Edit: Can't find any official info but found someone else who agrees (https://stackoverflow.com/a/13493065/833647).
I speak from experience of doing exactly what you describe :)