Please, explain me, what is it?
I have received a message from GP, with this text:
Hello Google Play Developer,
We detected that your app(s) listed at the end of this email are
potentially leaking credentials used to make network requests (HTTP
and FTP).
Please check for cases where you use url-encoded basic access
authentication, for example a URL such as
https://username:password#www.example.com/. We recommend that you
immediately change the credentials and redesign your app to avoid
including them.
Next steps
Sign in to your Developer Console and submit the updated version of your app.
Check back after five hours - we’ll show a warning message if the app hasn’t been updated correctly.
Exposed developer credentials can allow an attacker to compromise your
systems which puts user data at risk. For other technical questions
about the vulnerability, you can post to Stack Overflow and use the
tag “android-security.”
We’re here to help
If you feel we have sent this warning in error, you can contact our
developer support team.
Regards,
The Google Play Team
I don't understand what a problem with my app, please help me. What should I change in my app?
I was including Appodeal library in my free and premium app. I got this warning recently, I removed Appodeal and no longer have the warning in Google Play. Even though I wasn't using ads in Premium, I was including the Appodeal library in the binary as they are different flavors of the same Android Studio project. Looks like their problem. I had removed Appodeal from my free app a couple days ago for a different reason (https://medium.com/#greenrobotllc/response-to-1-star-review-problem-ads-auto-opening-app-store-on-lolcats-android-f1c7b7991caa#.milc5rcvs). A day or so after the free update to Google, I got this exact email about the premium version which I hadn't updated.
So check your 3rd party libraries.
Andy, Pablo and others wonderful people, who have visited this topic.
The problem was solved recently.
All you need to do - just update Appodeal SDK to the last one (ver. 1.14.15).
You can find it in our docs
Also you can download Android SDK here (Native Android).
Regards,
Andrew
Appodeal Support Team.
I can confirm that If you are using the Appodeal SDK you will get this alert as developer. I have contacted Appodeal support and this is their answer:
Ivan Prokopenko: Hi Pablo! we found the problem. It was problem with network, we contacted with support of network. We'll update SDK in next future, it will solve the problem. but don't worry, it's not critical
mytarget SDK has the same problem like Appodeal SDK. We have contacted mytarget support too and this is their answer:
Hello Yan, Thank you for reaching out.
No credentials and any personal data was involved, so no problem with
leaking any data with our SDK. But to prevent the Google Play to
display the warning yesterday we updated our SDK - latest version is
4.5.1. Here is the change log - "Changed format of internal constant, because of which Google Play could display warning».
So for your next update you can update our SDK. You can download
latest version there -
https://bintray.com/mytarget/maven/mytarget-sdk/view#files/com/my/target/mytarget-sdk
Please let me know if you have any questions.
So check your 3rd party libraries.
Related
My app is written on android native code and I got this warning on the play store console
Your app "appName" version code "xxxx" includes SDK com.segment.analytics.android:analytics or an SDK that one of your libraries depends on, which collects personal or sensitive data that includes but may not be limited to Advertising ID, Android ID identifiers. Persistent device identifiers may not be linked to other personal and sensitive user data or resettable device identifiers as described in the User Data policy.
ACTION REQUIRED: Upload a new compliant version AND deactivate the noncompliant version.
But I don't have that library on my project, the only libraries related to firebase that I have are these:
"com.google.firebase:firebase-crashlytics:17.4.0",
"com.google.firebase:firebase-analytics:18.0.2",
"com.google.firebase:firebase-perf:20.0.2",
"com.google.firebase:firebase-core:18.0.0",
"com.google.firebase:firebase-auth:20.0.1",
"com.google.firebase:firebase-messaging:21.0.1",
But I don't know how to solve this, should I update all of them and upload my app again and check if I received this warning again or not to see if it was solved? I need to solve this because I won't be able to upload more app versions in the following months.
Thank you for being so helpful, it's really appreciated.
Some people have asked me if I solved this, and the short answer is yes, I did. Unfortunately, nobody gave me a specific answer about how to solve it, and the problem is that I think I used a bazooka to kill a fly.
The process for solving this was this:
I updated all Firebase dependencies, I was using these:
com.google.firebase:firebase-crashlytics,
com.google.firebase:firebase-analytics,
com.google.firebase:firebase-perf,
com.google.firebase:firebase-core,
com.google.firebase:firebase-auth,
com.google.firebase:firebase-messaging
I update them using firebase-bom version 30.3.2
Also, I updated other google dependencies, I'm not 100% sure that this affected the solution, however, I want to document all just in case you are also using them, and you can consider it out.
com.google.android.gms:play-services-auth:20.2.0,
com.google.android.gms:play-services-auth-api-phone:18.0.1,
com.google.android.gms:play-services-analytics:18.0.1,
com.google.android.gms:play-services-base:18.1.0,
com.google.android.gms:play-services-location:20.0.0,
com.google.android.gms:play-services-maps:18.0.1
After using these versions, I uploaded the new build and did not see the problem again in the Google console for this version and later
Sorry for not being specific in the needed dependency to be updated, I didn't have a chance to test the combinations to discover them.
I have been received a mail from google, saying that your "We found your app is using a non-compliant version of Vungle SDK".
I search-out about this problem but i can't find-out the solution.
Any-one please help me out to this issue i will be very thank full to you.
I also attached the image of mail.
Our sincerest apologies for the flagging from Google. We understand the pain it can be to update SDKs on short notice. The good news is that all recent Vungle SDKs starting, with Vungle’s SDK 6.5.3, are compliant. More detail below:
The warning message relates to Android sideloading functionality present in only our 6.0-6.4 SDKs and has since been deprecated by Vungle. If you still have a pre-6.5 Android SDK present in your applications please update to the latest version. We learned this includes all tracks (production, beta, QA, etc.) which need to be updated. Please find the latest SDK here and Vungle's FAQ here.
Please always feel free to reach out to our support team for help at tech-support#vungle.com
I am working on client project. I submitted the android app on play store from my account. It was showing on Play store. Than according to requirement i have to publish the app from client play console account. I removed app from my account and published the same app with different package name. Than it shows app rejected because of some family policy violation. I fixed this and resubmit the app. Now it taking a lot of time in reviewing the app.
I have tried to resubmit the app after editing the policies required by google.
I want to know how much time google will take to republish my app after reviewing it again.
Or How i can connect from google with any #support email.
It usually they review my apps within few hours... but... I feel there's something wrong inside Google and one of many emails I had from their support told me it's because there's a new review process for apps on the Family program. Well I will tell a little bit about my journey may give you some idea why you are having this problem.
We experienced this problem with 2 apps:
First App: I received a message saying that my update was rejected because of the violation on the Family program alleging that it was crashing or giving an error (pretty generic message without any detail at all), I enter in contact on the support form and they send an email asking for me to read the terms and to update my APK number and submit again, I read the terms, I already had complied with everything so I replied saying that, we already comply with everyhting and we tested the APK and OBB installation and game play, all good, please send more details, they replied copying and pasting the same message, I once more insisted and asked for them to explain the problem, they replied asking for update my APK version and submit again, I said this will solve no crashes, please explain what is the problem and the support called Sara highlighted in the message asking to update the APK version, kind of talking with a machine that do not responded what I asked, but I updated my APK version, submitted again and... Worked. Why? For some reason they will not explain, my guess is they just marked my APK as dirty as an attempt to remove apps that the developers don't update, there's no other logical thing I can think off.
Second App: This one I didn't had a happy end as the previous one, I tried the technique of updating the APK version 6 times, none worked, I asked help on the form (many times), they just copy and paste the message about read the Terms, I started to insist for some details, provided them with many proves that my APK+OBB files sent to Google Play are working fine, and asked for any clue about this "problem", like a device model and Android Version that they experienced it (isn't the minimum they suppose to provide us?) but after requesting this many times, for the first time the support guy called Arthur didn't copied and pasted and finally wrote an email, his answer was:
Hi Developer,
Thanks again for contacting the Google Play Team.
As much as I'd like to help, due to policy, I’m not able to provide any more information or a better answer to your question. In our previous email, I made sure to include all the information available to me.
If you have a different question about Google Play policies, please let me know.
Regards,
Arthur
The Google Play Team
It means, he has no information at all about what is the problem, I've trying to solve this for 2 months, our flagship game is threatened of been removed from the store and they can't even explain why, the support team can just copy and paste a generic message without any understanding of our problem and we have no other channel to ask for help.
I'm really disappointed with Google for such poor support for developers.
Hope you can solve your problem updating your APK and submitting again, otherwise you can enter on the same loop as me.
Good luck!
Our App which is being made on unity has been removed from Google Play Store and got these details in email :
Your app is using the Branch IO SDK, which is uploading users Installed
Packages information to https://api.branch.io/v1/applist without a
prominent disclosure. Prior to the collection and transmission, it
must prominently highlight how the user data will be used, describe
the type of data being collected and have the user provide affirmative
consent for such use.
We went through our project and apparently we are not using any branch.io sdk explicitly in our app. We weren't able to find any fix on any forums. How can we find the issue and fix it? Please help.
This was part of a recent change the Google made related to GDPR. You should have gotten a warning email from Google as well as Branch regarding this.
You must remove all versions of your Android App (Active/Inactive/Archived) that have the Android Branch SDK version < 2.11.1.
Once you remove these versions, Google should place your App back onto the Play Store.
Here is a guide on removing older versions of your App: https://branch.app.link/apk-removal-guide.
If you run into any issues, please write into support#branch.io. Thanks.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
I've recently found a bug on the Android SDK for AppInvites.
I searched the web, looking for a bug tracker for AppInvites and couldn't find any.
So I posted on the classic b.android.com receiving this response from a Googler:
Sorry, this tracker is for issues with the Android OS only. Please use https://support.google.com/ to obtain support for Google products or services.
which was not useful at all. The support google page just list support pages for end users, not for developers, and there's nothing there that can work as a bug tracking tool for AppInvite.
So I tried to post in the Google Group android-developers#googlegroups.com, to just discover a while later that group has been discontinued by Google in favor of StackOverflow. But since I can't do a bug report on a Google Product here I just ask for the right place to report a bug to Google.
Example of Google Products or Services:
Google Play Services Android/iOS SDK
Google AppInvites Android/iOS SDK
Google Maps Android/iOS SDK
Google Analytics Android/iOS SDK
etc...
So, where do I file a bug to Google about one of its Android (or iOS) SDK / products for developers?
Edit: this question was closed because some people think this is off topic. It's not! This speaks about tools commonly used in development. Finding bug in SDK is part of programming. Filing bug on those instrument is either a good practice and sometimes the only option to have your bug fixed. For this reason I think this is on-topic.
Looking at this question there are mixed answers on how or where to report a bug for Google Services.
In my opinion Google Play Developer Console would be the best option.
Contact Us > App development & technical support
which leads you to http://developer.android.com/support.html. Clicking on Report a platform bug opens the form to submit a bug.
The default template states:
This form is only for reporting bugs found in the Android system while
developing Android applications. Use the Tools templates for issues
with the developer tools.
Changing the template to Tools bug report links you to http://tools.android.com/filing-bugs, and looking at Project Overview, you can see that Services is one of the projects inside. I think this would be the right place, because Services should be under developer tools.
I understand your "frustration", Google in this case is the essence of fragmentation and it seems it will not change in the immediate future (also after Alphabet).
For this reason for me there is no one answer to your question or better the answer is not conventional.
When I look for the issue tracker related to a Google SDK I do a google search query with this pattern:
"google sdk name" issue site:https://code.google.com/p/
e.g for google analytics I do "google analytics" issue site:https://code.google.com/p/ .
For the SDKs you listed in your question these are the direct links to the respective issue trackers:
Google Play Services Android/iOS SDK
Google AppInvites Android/iOS SDK
Google Maps Android/iOS SDK
Google Analytics Android/iOS SDK
To be clear what I mean with not conventional I give you the link for the issue tracker of Google Support Libraries
. As you may see, it's not an issue tracker per se but belongs to the android issue tracker in the form of search result with label "Component-Support-Libraries".
I remember when I filed an issue for an android security bug, it wasn't easy to find an e-mail address to do that confidentially.
I hope Google will change and I think that a way to let them to best understand that, is to up-vote your question, as I do now.
For where do I file a bug to Google about one of its Android (or iOS) SDK / products for developers?
Here is the link where you can report issues regarding google.
You can describe below issues to Google.
I need assistance with my Google account.
I want to remove content on Google Search, Youtube, or another service.
I want to report a technical security bug in a Google product (SQLi, XSS, etc.).
I want to report fraud, malware, or other problems not listed above.
If vulnerability is vaild and they successfully reproduce it you may get Bug Bounty.
Google will contact you within day or two.
Bug Report Link :
https://www.google.com/appserve/security-bugs/m2/new?rl=&key=
Steps :
Select option for reporting bug.
Enter your contact details.
Select Google Product as affected.
Enter how to reproduce that vulnerability
Submit It.
Or
There is one more link provided by android to report bugs.
Hope it will help you.
I think here it is, have a look at the template its says:
"This form is only for reporting bugs found in the Android system while
developing Android applications. Use the Tools templates for issues with
the developer tools.":
https://code.google.com/p/android/issues/entry?template=Developer%20bug%20report
and for apple here :
https://developer.apple.com/bug-reporting/
and for google maps: https://www.google.co.in/maps/
click on menu in right side of the screen, click on "Send Feedback"--> "Other feedback" and fill the form..
I hope this may help you...