My app has been removed due to violating the Android Advertising ID. So I requested an appeal to get my app into the app store and this is what they respond.
There are three ways to address this issue:
If your app requests user data or makes sensitive permissions
requests such as Phone, Accounts, Contacts, Camera, Microphone, or if your app uses the Android advertising identifier, you'll need
to add a valid privacy policy in two places: your app's store
listing page (instructions below) and within your app.
As a second option, you can remove any requests for user data or
sensitive permissions such as Android Advertising identifier. You
will not need to add a privacy policy if you remove these
requests.
If you cannot complete steps 1 or 2, you'll need to
unpublish the app from Google Play. If your app is already
unpublished, you don’t need to take action unless you re-publish
the app in the future.
I recently just add a valid privacy policy in my app's store listing page and my app was published into the Google Play store again.
However, I don't know how to put it within my app. I have searched all over the place on how to do it and I can't find anyway to do it. They only show me on how to add privacy policy into the app's store listing page which I already did.
I don't want to risk getting removed again.
There are sites that help you write a privacy policy for your app (privacy policy generators), for example:
https://app-privacy-policy-generator.firebaseapp.com/.
The file you get in the end you can upload to a website, if you have one, or even to dropbox (with permission to everyone to read), and add a link in your app to this file. You can also do it with a webview or any other way to present text in the app.
Related
My application was published on Google play store and suddenly without any updates Google removed it and I don't why , After that i tried many times to follow Google policy all over steps but still app is being rejected.
My app is depend on get location and take access from user and that is what application does , talking permission from user of all application collect of user data like ( location - photo - contacts .. etc ) all of these cases i handled in Data safety in Google Play store consul of app
So i don't know what is problem exactly.
this is my privacy policy : https://shoobekloobek.com/privacy
and that is from Data safety
I tried to follow steps of Google Policy and edit Data Safety also tried modify in app interface to get permission and inform users that app collects data in clearly way (as Google needs) , tried also to upload a video of app recording which declares talking permissions from user and also that users can choose if they agree the privacy policy and conditions or not.
I All, I have created a very simple app for Auto SMS reply. The main objective of this application is to automatically send back a SMS when someone is unavailable to read or respond to that SMS.
The main issue is that It's not getting approved on Google Play Store as it is not fall under their policy.
I have implemented the disclosure form or activity about SMS permissions also that user without using granting that permission not able use that app. Added the privacy policy also that it's collecting or transferring any information to third party.
Can someone help me on this? How can I get approval for this android app on Google Play Store? Under which category I can put my app for approval?
Thanks,
Gaurav Kapoor
Google restricts the usage of the SMS permissions group to either the default SMS app or the one of permitted use-cases.
You can check the list of permitted use-cases here:
https://support.google.com/googleplay/android-developer/answer/10208820?hl=en
When you submit an app to Google Play that requests the user for the SMS permission, you must fill out a form in Google Play Console with the specific use-case your app is using, or else it'll be automatically denied.
From your explanation of the app's purpose it might go under 2 permitted use-cases: Device automation or In-vehicle hands-free use, but you probably know best which one to choose.
Then, it will be up to the Google reviewer that will check your app to decide whether or not your app's use-case is indeed what you claim it to be and is permitted to use SMS.
Here I have an android application its core functionality is forwarding incoming text messages (SMS) to E-Mail Inbox, there it requires RECEIVE_SMS permission. my app is removed from the play store due to the google play policy violation. SMS_permission is mandatory in my application.
I submitted an appeal to google play, their response is given below
...
I’ve reviewed your appeal request and found that your app still violates Google Play Policy. I’ve included details below about the specific issue with your app and what you can do to get your app back on Google Play.
Issue
During review, we found that your app violates the Permissions policy :
You may only request permissions that are necessary to implement critical features or services currently available in your app. You may not use permissions that give access to user or device data for undisclosed, unimplemented, or disallowed features or purposes. SMS and Call Log Permissions are subject to additional restrictions; in order to use these permissions, you must first receive approval from Google Play.
For example, we found that your app contains :
RECEIVE_SMS
...
please tell how can I republish the application in to playstore with those sms permissions
Yes Google removed apps which have READ_SMS permission.
Try to implement using Google API,
You don't need READ_SMS permission anymore after that.
Have a look at this Google code,
https://developers.google.com/identity/sms-retriever/overview
There are quite a few rules regarding privacy around these permissions and sometimes it's hard to understand, but maybe this will help. First of all:
Google Play restricts the use of high risk or sensitive permissions, including the SMS or Call Log permission groups.
Assuming that your app needs some of these permissions in order to work properly, Google says that it needs to be set as the default phone/sms handler. The app has to be registered as the default handler BEFORE the permission is requested and stop using them once the app is not the default handler anymore.
However, this is not the case for your app. You need access to that information, but your app cannot be set as a handler for sms/calls. In this case, an exception can be made for your app, provided that you satisfy two requirements: you have no other way to achieve the same behaviour (checks for your app) and the use case you implement can be found in the list of excepted use cases (see the Exceptions section from the link above). Here is a little bit tricky because there is no use case that clearly matches your app, but I think that you might be able to use Cross-device synchronization or transfer of SMS or calls (make sure that you check the list in detail and select the one that best fits your app).
Now, the final step is here:
If you believe your app meets the policy requirements for acceptable use or is eligible for an exception, you should declare any Call Log or SMS permissions directly through the Play Console.
Details about the process can be found here and if you did all of these, then your request will be sent to the Google Play team, they will review it and decided if your app will be published or not.
P.S. Make sure that you clearly indicate why your app needs those permissions.
I have one application which used to be taking sensitive SMS permissions. But I removed them and tried to upload a new APK without those permissions. But when submitting the app we are required to choose at least one of the options from the list. But am clear that we do not have to choose any of the below options. Is there any ways to override the permission declaration form as I'm not able to find the option "I don't use any of the options above".
Here is the list of permissions. If anyone knows the correct choice for this type of app I’d appreciate the advice.
==== Permissions Choices =======
Default SMS handler
Default Phone handler
Default Assistant handler
Transactional backup and restore for users and archive for enterprise (time-limited/non-continuous)
Enterprise SMS call archives
Caller ID, spam detection, and blocking
Connected device companion apps (for example, smartwatch or automotive)
Cross-device synchronization or transfer of SMS or calls
SMS-based financial transactions and related activity where access is restricted to financial SMS transactions (for example, 5-digit messages)
SMS based money management
Proxy calls
Services - Carrier
Services - OEM
Device Automation
Physical safety / emergency alert apps (e.g., senior safety)
Call-based OTP account verification
Using SMS_CB_RECEIVED for customer communications (e.g., Smart Zone Cast service)
Write and Show Call History in Dialer
After Mar 9, 2019, The option of No, this release does not meet the SMS and call log permissions policy has been gone,
and we stuck in the Declaration form that not exactly needed after we removed the sensitive permission list.
I solved that issue by the following steps:
All our work will be in "App releases" tab
Make sure you don't use any of the sensitive permissions for the
last APK that you uploaded in the Google Console play
You can check the final list of permissions by open production track or any track that has the last APK and open the required permissions:
click on the android app bundle
expand the "Required permissions"
If all your APK permissions not on the list of the google sensitive permissions high risk or sensitive permissions you ready to go to the next step
Remove all Active APKs that using the sensitive permissions from all Release tracks.
Now check all Tracks (Open track, Closed tracks, Internal test track & Pre-registration)
Click on Manage for every track that has an Active sensitive permissions APK
Create Release
DON'T choose any active APK just make sure your Active sensitive permissions APK in the Retain section to be deactivated
Choose any option from Declaration form and click review rollout
Do the above steps with all active tracks that have active APK with sensitive APK except the Production Track.
Then for the Production track Create Release with your Latest APK (without sensitive APK) and you will find that Declaration form has gone.
Submit and Rollout
The form should be submitted only if you want to keep the permission in your app. If you have removed the permission then follow the below steps.
Upload the APK
Choose No this release does not meet the SMS and Call log permission policy.
Don't choose any of the choices in the core functionality section and don't fill any thing further in the form.
Release the app.
Next time you won't be asked to submit the form.
Note: you should remove the permission and you should not add it in
the next release.
First try to replace your current functionality with default one and remove the permission related to particular functionality. After Upload build on play store and fill the form.
If your functionality is preset in following list, explain properly in the form and submit it.
I have one application which used to be taking sensitive SMS permissions. But I removed them and tried to upload a new APK without those permissions. But when submitting the app we are required to choose at least one of the options from the list. But am clear that we do not have to choose any of the below options. Is there any ways to override the permission declaration form as I'm not able to find the option "I don't use any of the options above".
Here is the list of permissions. If anyone knows the correct choice for this type of app I’d appreciate the advice.
==== Permissions Choices =======
Transactional backup and restore for users and archive for enterprise (time-limited/non-continuous)
Enterprise SMS call archives
Caller ID, spam detection, and blocking
Connected device companion apps (for example, smartwatch or automotive)
Cross-device synchronization or transfer of SMS or calls
SMS-based financial transactions and related activity where access is restricted to financial SMS transactions (for example, 5-digit messages)
SMS based money management
Proxy calls
Services - Carrier
Services - OEM
Device Automation
Physical safety / emergency alert apps (e.g., senior safety)
Call-based OTP account verification
Using SMS_CB_RECEIVED for customer communications (e.g., Smart Zone Cast service)
Write and Show Call History in Dialer
I have seen that Play Store Developers received a mail to inform users about the usage of their personal data and to state why and how app's make use of certain features (like writing to the external storage/SD Card). I have to admit, I am new to Android Development and helping out here.
In our existing Play Store App we plan to release a new feature to take photos and thus access the camera for this purpose.
I now wanted to ask how the following requirement has to be implemented:
"Post a privacy policy in both the designated field in the Play Developer Console and from within the Play distributed app itself."
Is it some kind of Readme file, we have to upload or (like Apple does) have to provide a website with those information for the Play Store?
(see http://www.iubenda.com/blog/privacy-policy-for-android-app/ first abstract), whereas other sources just talk about active URLs. Basically, a URL is not always available in an application (consider the case where a user got no internet connection)
How does it have to be presented in the App? Simple Toast, when accessing the Camera the first time or rather a new menu item "Privacy Policy" for the user and display the information in a website with formatted HTML, which we could also use for the PlayStore?
For the overal requirements see:
https://play.google.com/about/privacy-security/personal-sensitive/
This question does not ONLY cover the Google PlayStore but also the best practises for embedding a such IN an Android Application.
I would look at how other Google apps do this to see their (Google's) preferred way of handling this. Most Google apps have a privacy policy menu item in the navigation drawer for basic privacy information, and show a full-screen popup where you have to tap "I agree" for more sensitive topics like location history, for example. This seems like a good approach to me, but you'll have to consult with a lawyer regarding privacy laws/requirements within your home country.
For our implementation it was only concerning two aspects:
1) Camera Access
2) Storing data
I think the reason for Google to request a license Post was and still is to
Developers more aware of how they use possible resources
Users more aware of the usage of THEIR resources
Camera Access
We came up with the solution to not include the camera on our own, but instead performing "the Android way of delegating actions to other applications" and let someone else perform this for us. with the MediaStore.ACTION_IMAGE_CAPTURE. Bit unlucky it is that we had to write a FileProvider to support Androids new Sandboxing feature, as we come to step 2 "Storing Data"
Storing Data
We don't use the external storage anymore for this, instead we use the app's personal storage, as the data is tightly coupled to the rest of the application anyway. Of course, we had to ensure the app is still working if:
1. The user wants to delete specific files
2. The user deletes the app's data in settings
That's it: No Privacy Policy required anymore, as we don't use anything that would require certain permissions :-)