According to the Requesting access to background location, Google Play requires a strict(er) set of requirements to be able to use background permissions for apps installed via the Google Play store. It provides a set of guidelines which have to be fulfilled to allow an app to enter- or remain in the store with said permissions. According to the document, it states:
May: Developers can request feedback on their use case via the Play Console with an estimated reply time of two weeks.
Having adjusted the app we have in the store, we're ready for a review to see if everything is correctly implemented. The documentation states that feedback can be requested through the Play Console, but I don't see any such option. How do we go about request a reviewing so that we can keep background permissions for the continued operation of our app?
If you don't use background location service. From your AndroidManifest.xml file, remove
<uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" />
or if some of external libraries want to use background location service but you don't, add this to your AndroidManifest.xml file
<uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION"
tools:node="remove" />
Then open the play store console, select the app in the console > App Content > Sensitive app permission > Manage > Location permissions > Manage
And select "No" option like below and Save it.
After those processes, your app rejection / removing will be gone after google confirm your policy.
The form can be submitted through the new Google Play Console.
It has a top level navigation item now.
Select the app in the console > Policy > App policy > Sensitive app permission > Manage.
I've just talked to the Play Console Support Team. This is not available yet. Google is still working on it and updates will be provided on the blog:
https://android-developers.googleblog.com/2020/02/safer-location-access.html
They're apologising for the delay ;)
June update from the blog:
In February, we announced developers will need to get approval to
access background location in their app to prevent misuse. We're
giving developers more time to make changes and won't be enforcing the
policy for existing apps until 2021.
https://android-developers.googleblog.com/2020/06/
I have received the following instructions from Google Support in order to submit an existing app for their evaluation against their new location policy:
https://support.google.com/googleplay/android-developer/answer/9214102?hl=en
From their email:
"When you complete the Permissions Declaration Form and roll out your release, your app will be subject to an extended review by the Google Play team. Your request may require up to several weeks to process. During this time your new app or app update will be in a pending publication status until your request is reviewed. Your app will also be subject to the standard compliance review against Google Play's Developer Program Policies.
Once your Permission Declaration has been approved and your app has been approved for policy compliance, your release will be published and you can once again use the Publishing API to manage your releases. Otherwise, the Google Play team will notify you if your Permissions Declaration request has been rejected and provide any additional information."
The issue is that an outdated APK/App bundle file was added to the Alpha/Beta testing phase (but never moved to production), and rather than correcting it, you need to add a new APK/App bundle to the live environment. The Alpha/Beta file is currently being reviewed rather than the new production file due to changes in how reviews are carried out by Google. In Google's denial, you can see the versionCode of the previous APK/App bundle.
The new APK/App bundle file should therefore be added to the same Alpha/Beta as the old one before being promoted to production. Issue is resolved.
Related
Hi Developers at Ministerio de Telecomunicaciones Ecuador,
Per last email, your app FirmaEC (ec.gob.firmadigital.firmaec_app) has been rejected from Google Play for not resolving the previously communicated policy issue (copied below for your reference). To resolve this issue and get your app changes published on Google Play, please address the issues highlighted in the earlier email and resubmit the app.
Publishing Status
App Status: Rejected
Your app has been rejected and wasn't published due to the policy issue(s) listed below. If you submitted an update, the previous version of your app is still available on Google Play.
Issue found: Permission use is not directly related to your app's core purpose.
We found that your app is not compliant with how REQUEST_INSTALL_PACKAGES permission is allowed to be used. Specifically, the use of the permission is not directly related to the core purpose of the app.
Issue details
We found an issue in the following area(s):
SPLIT_BUNDLE 15
Additionally, follow these steps to bring your app into compliance:
Please remove the use of REQUEST_INSTALL_PACKAGES permission from your app.
About the Request Install Packages Permission
The REQUEST_INSTALL_PACKAGES permission allows an application to request the installation of app packages. To use this permission, your app’s core functionality must include:
Sending or receiving app packages, AND
Enabling user-initiated installation of app packages.
Permitted functionalities include any of the following:
Web browsing or search
Communication services that support attachments
File sharing, transfer or management
Enterprise device management
Backup and restore
Device migration / phone transfer
The REQUEST_INSTALL_PACKAGES permission may not be used to perform self updates, modifications, or the bundling of other APKs in the asset file unless for device management purposes. All updates or installing of packages must abide by Google Play’s Device and Network Abuse policy and must be initiated and driven by the user.
For more help addressing this issue, read more in our Help Center.
Action required: Submit an updated app for review
Here's what to do to help get your app on Google Play:
Make sure to read the applicable policies or requirements listed below:
Request Install Packages Permission
Make appropriate changes to your app (if possible), and be sure to address the issue described above. You may also want to check your app's store listing for compliance, if applicable.
Double check that your app is compliant with all other Developer Program Policies.
If you made changes to your app bundle, store listing, or APK, please sign in to your Play Console and submit the update(s).
Contact support
If you've reviewed the policy and feel our decision may have been in error, please reach out to our policy support team. We'll get back to you within 2 business days.
try:
App is not compliant with how REQUEST_INSTALL_PACKAGES permission is allowed
Yesterday my app was removed from Google Playstore because it was using the Stripe-Android SDK.
Here is the reason why my app was removed from Google Playstore :
We’ve identified that your app is using Stripe SDK or library, which
facilitates the transmission and collection of Phone Number and
Installed Application information without meeting the prominent
disclosure guidelines. Make sure to also post a privacy policy in both
the designated field in the Play Developer Console and from within the
Play distributed app itself. If necessary, you can consult your SDK
provider(s) for further information.
As on my side I do not collect any information of any kind, how could I solve this problem?
I finally managed to solve the problem. What you have to do is:
Update the Stripe SDK
Upload your app update to all release tracks (production, open,
closed and internal), incrementing the version number each time. Right after uploading the APK file and before resubmitting your app for review, please make sure to deactivate the non-compliant APK (*).
Go to the Publishing overview page and click Send for review to submit your changes. (This is important. I had missed this point)
Maybe Google will ask you to add a privacy policy too. You will have to:
Post a privacy policy explaining very precisely how you collect data and what you do with it. (even if you do not collect any data)
On the play console page, go to App Content -> Privacy policy and enter the URL of your privacy policy.
Inside your app, put a link to your privacy policy. (I missed that point too)
Less than 24 hours later, my app became accessible again on Play Store.
Good to know 1 : If you've done all of these steps and your app is still offline, you can contact the Google policy support team at https://support.google.com/googleplay/android-developer/contact/emailappeals
(*) Good to know 2 : Here is where you can deactivate the non-compliant Bundle:
In my case,
I forgot to follow the installation instructions from Stripe SDK
I added the following clause in my privacy policy:
"MY_APP uses stripe payments. which requires information about your phone number and apps installed on the device in order to ensure secure and successful payment."
and it worked ✨
This app does not meet the Google Play permissions policy relating to the use of SMS or CALL_LOG. You must fix this before March 9. 2019 or your app will be removed from Google Play. Note: if you have recently made a change, it can take up to 12 hours to update this message.
This is the error which i get at my play store console.
Please give me the suggestion to resolve this case
Google has recently updated their SMS and CALL_LOG related permissions. You can find about the changes here.
If your app does not require access to Call Log or SMS permissions: Remove the specified permissions from your app's manifest, or migrate to an alternative implementation. If you require additional time to remove permissions or migrate to an alternative option, submit a Permissions Declaration Form to request an extension until March 9, 2019.
If you really need the permission you can submit a request to Google Play allowing you to use that particular permission, you will be prompted to fill in a form if you have a new "Use Case" it will take up to 2 business days to be reviewed.
I submitted through Developer Console in Release Management -> App Releases -> CREATE RELEASE
I have an Android app that is currently in testing, with only a small handful of testers who are my family members.
I have been uploading APK's to my app's Alpha channel in the Google Play Store. This has been working fine for months. However, today, when I went to upload a new release to the Alpha channel, I got the following error:
The apk has permissions that require a privacy policy set for the app,
e.g: android.permission.GET_ACCOUNTS.
I do use the GET_ACCOUNTS permission, and do not have a privacy policy yet (since my only testers are family members), but I have been using that permission for a long time, have never had a privacy policy, and have not had a problem uploading my APK until now. I was able to upload it without a privacy policy as recently as April 9th, 2017.
Questions:
1) Why did this just start happening now?
2) Do I really need a privacy policy when my app is only in Alpha? It will be a while before my app is released to the public, and I need time to get it right.
Answers:
1) Why did this just start happening now?
Your question is related to several other posts from a couple of weeks ago. That's (15th of March, 17) when Google introduced new rules regarding the requesting of sensitive permissions. GET_ACCOUNTS is one of these sensitive permissions that trigger a privacy policy requirement from Google's side:
For apps that request access to sensitive permissions or data (as defined in the user data policies): You must link to a privacy policy on your app's store listing page and within your app. Make sure your privacy policy is available on an active URL, applies to your app, and specifically covers user privacy.
If you need more information:
Google documentation
How to fix Google Play Developer policy violation (iubenda)
2) Do I really need a privacy policy when my app is only in Alpha? It
will be a while before my app is released to the public, and I need
time to get it right.
Apparently Google chose to make these limitations as early as in the beta phase, probably choosing not to distinguish between those phases to get the developer accustomed early.
In any case, I applaud your determination to get the privacy policy right (and that can only be done towards the end of its development).
So why don't you just submit an initial version stating that the finished version will be available once the data collection practices are fully clear to you?
p.s. if you're up for using a tool for the creation of privacy policies, the company I work for and linked to in the above article (iubenda), does exactly that. :)
Google is now asking for a Privacy Policy for all Android apps that are requesting sensitive permissions from users.
Get accounts is a sensitive permission. Other permissions that will trigger the requirement of a Privacy Policy are: record audio, read phone state, camera, read contacts.
The deadline for adding a Privacy Policy to your app was March 15, 2017. Here's the email that Google sent out to developers:
As we mentioned in our article on this, you can fix this by either:
Adding a Privacy Policy to your Android app.
Login to your Google Play Developer Console > Select "All Applications" > Select your app > Click "Store Listing" > Paste the URL of your Privacy Policy at the "Privacy Policy" field.
Or stop requesting sensitive permissions from users.
Policy issue: Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. Your app requests sensitive permissions (e.g. camera, microphone, accounts, contacts, or phone) or user data, but does not include a valid privacy policy.
this was change in google play policy they also issued notice for same, as i got mail regarding same to update privacy policy before 15th March 2017
here are the change privacy policy of play store
https://play.google.com/about/privacy-security/personal-sensitive/
as per i know last time on 15th April i uploaded app on Beta it's showing warning only but allowed me to upload
Today i received an email from Google Play Team. How can I find which library or SDK is violating the conditions of the Google Play? Here is the content of mail:
This is a notification that your application, is currently in
violation of our developer terms. REASON FOR WARNING: Violation of the
Personal and Confidential Information provision of the Developer
Distribution Agreement:
(Dangerous Products): Apps that collect information (such as the
user's location or behavior) without the user's knowledge (spyware) …
are prohibited on Google Play. (Personal and Confidential
Information): We don't allow unauthorized publishing or disclosure of
people's private and confidential information, such as credit card
numbers, government identification numbers, driver's and other license
numbers, non-public contacts, or any other information that is not
publicly accessible. We have determined that one or more Ad SDKs or
libraries used in the above app facilitates the transmission of the
list of installed apps on the user’s device to a server without
conspicuous disclosure to the user that this is happening. This
violates the above policy provision. Please evaluate any third party
libraries for compliance and/or consult your Ad SDK provider(s) for
further information if necessary.
Your application will be removed if you do not bring it into
compliance by removing the ads sdk or library from your app, or
updating to a compliant version of the SDK(s) or library(ies) within
30 days of the issuance of this notification. If you have additional
applications in your catalog, please also review them for compliance.
Note that any remaining applications found to be in violation will be
removed from the Google Play Store.
Please also consult the Policy and Best Practices and the Developer
Distribution Agreement as you bring your applications into compliance.
You can also review this Google Play Help Center article for more
information on this warning.
All violations are tracked. Serious or repeated violations of any
nature will result in the termination of your developer account, and
investigation and possible termination of related Google accounts.
The Google Play Team
WOW!
exactly the same mail I received from Google play 2 days back! Word by word same.
Great, So the issue 100% is the permission settings for the Flurry and TapStream SDKs. I just contacted Flurry/Tapstream for this, awaiting a reply from them.
By the way I checked Tap Stream here
You can clearly see they have asked for adding an intent under the application tag
<receiver android:name="com.tapstream.sdk.ReferrerReceiver" android:exported="true" >
<intent-filter>
<action android:name="com.android.vending.INSTALL_REFERRER" />
</intent-filter>
</receiver>
This is used to get the list of apps installed just to record analytics to count the App installs and see how many users are still using the App.
but regarding the Location collecetion [Dangerous content] I still have to figure out.
One possible measure I have thought of doing is adding an EULA before letting user use the app, on the first run. It makes sure that my back is covered. Additionally, you can also add permission for FINE_LOCATION under manifest. Since it is for sure that one/both of the SDKs are using user location.
Good question!
Will update as soon as I receive any updates.
UPDATE
Finally, I received Mail from Tapstream, they are saying that they have made changes according to the Google's Policy change on November 15 2014 hence, asked me to change the SDK version to the lastest one.
Quoted here
Hi there,
Tapstream has updated its Android SDK to comply with a recent Google Play store policy change.
Due to this policy change, a minor component of Tapstream's device identification process can no longer be collected by the Android SDK. This change will not impact your tracking.
To avoid any app approval issues on the Play store, you should deploy this new SDK as soon as possible.
You can find the updated Android SDK here: tapstream.com/developer/android/sdk
The updated SDK is a drop-in replacement; no other changes are required. If you need any assistance, or would like further information, just reply to this email.
I hope that might serve as a solution apparently.