Google has apparently decided to crack down on usage of Chinese SDKs, because both a client and a colleague got their apps suspended from the Play Store for using an old version of a Chinese SDK*.
My client got the following email:
Hi Developers at {company name},
After review, {app name},
{app package}[Version:12725], has been removed from Google
Play because it violates our personal and sensitive information
policy. This app won’t be available to users until you submit a
compliant update.
Here’s how you can submit your app for another review:
Review the Personal and Sensitive Information policy and make the
necessary changes to your app. Make sure your app is compliant with
the User Data policy and all other policies listed in the Developer
Program Policies. Remember that additional enforcement could occur if
there are further policy issues with your apps. Your app is using the
AliPay SDK which is uploading the users' phone number without proper
disclosure. Make sure to also post a privacy policy in both the
designated field in the Play Developer Console and from within the
Play distributed app itself. Please upgrade AliPay SDK version to
15.5.5 or higher. Sign in to your Play Console and upload the modified, policy compliant APK. Make sure to increment the version
number of the APK. Submit your app.
The colleague got a very similar email regarding usage of an SDK by Xiaomi.
TL;DR
We both quickly updated the apps according to Google's instructions and submitted new versions (with new versionName and versionCode).
It's been 3 days and 4 versions since and the apps were not reinstated to the store yet.
What are we doing wrong?
I've opened a support ticket with Google and the support rep notified me once more that the offending version is 12725, the old obsolete version.
It turns out that the Beta track still had this version. Even though it was superseded by the production one, Google still won't publish my app.
I had to Remove obsolete beta version from Google Play and the app was reinstated within the hour.
Same story with my colleague's app.
Related
I've uploaded an ecommerce app to Play Store. But my app was rejected due to following reasons:-
We found the following issue(s) with your app:
Eligibility Issue
During testing we experienced stability issues with your app and were unable to successfully evaluate it for policy compliance. Please make sure your app behaves predictably at runtime and does not crash, hang, or display error messages.
About Families Policy Requirements
If one of the target audiences for your app is children, you must comply with the Families Policy Requirements.
App status: Rejected
Your app has been rejected and wasn't published due to this policy issue. If you submitted an update, the previous version of your app is still available on Google Play.
Hi Developers at _______(name deleted by myself),
After a recent review, we found that your app __________(name deleted by myself) is not compliant with one or more of our Developer Program Policies. See below for more information about your app’s status and how to correct the issue.
Reasons of violation
Issue with your app
We found the following issue(s) with your app:
Version(s) Eligibility Issue
App Bundle:1 App stability
During testing we experienced stability issues with your app and were unable to successfully evaluate it for policy compliance. Please make sure your app behaves predictably at runtime and does not crash, hang, or display error messages.
Reasons of violation
About Families Policy Requirements
If one of the target audiences for your app is children, you must comply with the Families Policy Requirements.
Publishing Status
App status: Rejected
Your app has been rejected and wasn't published due to this policy issue. If you submitted an update, the previous version of your app is still available on Google Play.
Action required: Submit an updated app for review
Read through the Families Policy Requirements (and the Designed for Families Program Requirements, if applicable) and make appropriate changes to your app.
Double check that your app is compliant with all other Developer Program Policies before saving your changes.
Sign in to your Play Console, upload the modified, policy compliant APK across all tracks, and deactivate the non-compliant APK(s).
To deactivate a non-compliant APK, please create a new release and upload a compliant APK to the same track.
Be sure to increment the APK version number and set the release to 100% rollout, in order to successfully override and deactivate the non-compliant APK.
I've tested my app on different version of android real devices as well as emulator.No issues. I've selected all age group in Target audience and content . But definitely there is nothing harm to children. It is an ecommerce app for purchase of groceries , fruits , vegetables , house hold products etc. What I'm doing wrong. Is it a policy issue or app stability issue?? Please help
I can see two issues here:
1 App stability. - See the google tests and fix the issues.
2 Wrong category. Shopping apps are not for families. kids shouldn't buy things, obviously. - Change your app description in the store listing.
Yesterday my app was removed from Google Playstore because it was using the Stripe-Android SDK.
Here is the reason why my app was removed from Google Playstore :
We’ve identified that your app is using Stripe SDK or library, which
facilitates the transmission and collection of Phone Number and
Installed Application information without meeting the prominent
disclosure guidelines. Make sure to also post a privacy policy in both
the designated field in the Play Developer Console and from within the
Play distributed app itself. If necessary, you can consult your SDK
provider(s) for further information.
As on my side I do not collect any information of any kind, how could I solve this problem?
I finally managed to solve the problem. What you have to do is:
Update the Stripe SDK
Upload your app update to all release tracks (production, open,
closed and internal), incrementing the version number each time. Right after uploading the APK file and before resubmitting your app for review, please make sure to deactivate the non-compliant APK (*).
Go to the Publishing overview page and click Send for review to submit your changes. (This is important. I had missed this point)
Maybe Google will ask you to add a privacy policy too. You will have to:
Post a privacy policy explaining very precisely how you collect data and what you do with it. (even if you do not collect any data)
On the play console page, go to App Content -> Privacy policy and enter the URL of your privacy policy.
Inside your app, put a link to your privacy policy. (I missed that point too)
Less than 24 hours later, my app became accessible again on Play Store.
Good to know 1 : If you've done all of these steps and your app is still offline, you can contact the Google policy support team at https://support.google.com/googleplay/android-developer/contact/emailappeals
(*) Good to know 2 : Here is where you can deactivate the non-compliant Bundle:
In my case,
I forgot to follow the installation instructions from Stripe SDK
I added the following clause in my privacy policy:
"MY_APP uses stripe payments. which requires information about your phone number and apps installed on the device in order to ensure secure and successful payment."
and it worked ✨
This question already has answers here:
Is my app or its dependencies violating the Android Advertising Id policy?
(19 answers)
Closed 4 years ago.
I received this email a few weeks ago:
Issue: Violation of Usage of Android Advertising ID policy and section
4.8 of the Developer Distribution Agreement
Google Play requires developers to provide a valid privacy policy when
the app requests or handles sensitive user or device information.
We’ve identified that your app collects and transmits the Android
advertising identifier, which is subject to a privacy policy
requirement. If your app collects the Android advertising ID, you must
provide a valid privacy policy in both the designated field in the
Play Console, and from within the app.
But the problem is that I have no access to the source code of the affected app because my laptop was stolen a few months ago and I did not back up the code for that app. So I have a few questions I need to ask.
Can I update the policy in the console alone without updating the app?
Can I just disable the AdMob ads completely without updating the app and will it get accepted?
If the above is not possible then Is there a way to recover my app's source code from the google play console or APK files ?
What else can I do to solve this problem?
Can I update the policy in the console alone without updating the app?
You can simply update the privacy policy URL from the Google Play Console.
You need to mention clearly that you don't collect any personally identifiable data and also mention about other data which may be collected by 3rd party libraries.
Can I just disable the AdMob ads completely without updating the app and will it get accepted?
You can disable ads from Admob's website. But since the Ad SDK is already packed into your app, doing so will not approve your app.
If the above is not possible then Is there a way to recover my app's source code from the google play console or APK files ?
You cannot fully recover the source code. But if you hadn't used proguard to obfuscate the source code, you might be able to get some part of it by decompiling the APK. You can use a tool called JADX to decompile the APK file.
What else can I do to solve this problem?
Apart from updating app without ads and updating privacy policy URL, you can create another similar app from scratch with same package name and signature. But I guess you don't have access to the Keystore, in that case updating privacy policy is your only option.
I have developed and published several apps on the Play Store. Because of an old ads sdk (which had a security issue), I had to update all my apps with the new compliant ads sdk.
The problem is that once I update my apps, the update got rejected with this message :
This is a notification that your application, *, for package
ID *, has been removed from Google Play.
Please address the issue described below and submit a compliant
update. Once approved, your application will again be available with
all installs, ratings and reviews intact.
REASON FOR REMOVAL:Violation of section 4.3 of the Developer
Distribution Agreement.Please refer to the policy help article for
more information.
We classify user information including but not limited to, email
address, phone number, name, social media account information, and
contacts as private and confidential information.
An app downloaded from Google Play (or its components or derivative
elements) which transmits this information off of the device without
making this clear to the user and obtaining the user’s explicit
consent are regarded as being in violation of section 4.3 of the DDA.
All removals are tracked. Repeated removals will result in app
suspension, at which point this app will count as a strike against the
good standing of your developer account and no longer be available on
Google Play.
This notification also serves as notice for other apps in your
catalog. You can avoid future removals and/or app suspensions by
immediately ensuring that no other apps in your catalog are in
violation of (but not limited to) the above policy. Before publishing
applications, please ensure your apps’ compliance with the Developer
Distribution Agreement and Content Policy.
If you feel we have made this determination in error, you can visit
this Google Play Help Center article.
The Google Play Team
I am using several ads SDKs :
AdMob (Play services 7.5), AppBrain (10.51), Vungle(3.3.1), InMobi(4.5.5) and StartApp(3.1.1)
I also use analytics :
Google Analytics (Play services 7.5), Crashlytics (Fabric.io, 2.3)
Here are all the permissions I ask for :
CAMERA, ACCESS_NETWORK_STATE, ACCESS_WIFI_STATE,
INTERNET, VIBRATE, WRITE_EXTERNAL_STORAGE, BILLING and CHECK_LICENSE
and the features :
android.hardware.camera, android.hardware.camera.autofocus,
android.hardware.camera.front, android.hardware.wifi-required=false
and android.hardware.touchscreen-required=false
And now, my app has been suspended.
I have absolutely no idea of what could be the cause -> is this a specific SDK issue ?
This is likely caused by one of two issues. Either you're using an SDK that is not compliant with the Google Play policy or your SDKs are adding permissions that you're not accounting for in your privacy policy.
This thread may be helpful:
http://forums.makingmoneywithandroid.com/advertising-networks/3584-google-play-developer-term-violation-4.html
I have built an application that we will be selling to customers through the Google Play store.
We also have individuals in house that will support outside customers, and also use it in house. They need to have the application running on their own device. If I distribute it to them via an .apk file, can they receive updates via Google Play? Or do they have to purchase it through Google Play to receive updates?
Secondary question: Is there a better solution to distributing to internal users?
As curious myself and not having official info on this, I just did a test:
On Google Play I have an App at version 1.3.2
I've installed via ADB the version 1.3.0 on my device.
Opened Google Play > My Apps.
The update to version 1.3.2 was available.
Did the update
All seems to work normally.
So my word on this is: Yes they will receive the update (the app has to have the same signature of course).
Maybe you might just have a look on term of services if this isn't breaking any rules.
On the second question, the "better" solution may wary based on the company infrastructure which we don't know.
If the version on Google Play is identical to the version you distributed, signed with the same signature, and it is available as a free app, then Google Play can be used to update the version distributed outside of Google Play.
I received the following in an email from a member of the Google Play Team:
"The side-loaded apps used by your internal users will not receive updates from Google Play. You will need to provide them with the new APK in order for them to access the new features/functionality. This is working as intended to ensure that only users who have purchased a paid app will receive notifications and updates."
So: Paid for apps cannot be updated via Google Play if they are "side-loaded" (installed outside of Google Play).