I have developed and published several apps on the Play Store. Because of an old ads sdk (which had a security issue), I had to update all my apps with the new compliant ads sdk.
The problem is that once I update my apps, the update got rejected with this message :
This is a notification that your application, *, for package
ID *, has been removed from Google Play.
Please address the issue described below and submit a compliant
update. Once approved, your application will again be available with
all installs, ratings and reviews intact.
REASON FOR REMOVAL:Violation of section 4.3 of the Developer
Distribution Agreement.Please refer to the policy help article for
more information.
We classify user information including but not limited to, email
address, phone number, name, social media account information, and
contacts as private and confidential information.
An app downloaded from Google Play (or its components or derivative
elements) which transmits this information off of the device without
making this clear to the user and obtaining the user’s explicit
consent are regarded as being in violation of section 4.3 of the DDA.
All removals are tracked. Repeated removals will result in app
suspension, at which point this app will count as a strike against the
good standing of your developer account and no longer be available on
Google Play.
This notification also serves as notice for other apps in your
catalog. You can avoid future removals and/or app suspensions by
immediately ensuring that no other apps in your catalog are in
violation of (but not limited to) the above policy. Before publishing
applications, please ensure your apps’ compliance with the Developer
Distribution Agreement and Content Policy.
If you feel we have made this determination in error, you can visit
this Google Play Help Center article.
The Google Play Team
I am using several ads SDKs :
AdMob (Play services 7.5), AppBrain (10.51), Vungle(3.3.1), InMobi(4.5.5) and StartApp(3.1.1)
I also use analytics :
Google Analytics (Play services 7.5), Crashlytics (Fabric.io, 2.3)
Here are all the permissions I ask for :
CAMERA, ACCESS_NETWORK_STATE, ACCESS_WIFI_STATE,
INTERNET, VIBRATE, WRITE_EXTERNAL_STORAGE, BILLING and CHECK_LICENSE
and the features :
android.hardware.camera, android.hardware.camera.autofocus,
android.hardware.camera.front, android.hardware.wifi-required=false
and android.hardware.touchscreen-required=false
And now, my app has been suspended.
I have absolutely no idea of what could be the cause -> is this a specific SDK issue ?
This is likely caused by one of two issues. Either you're using an SDK that is not compliant with the Google Play policy or your SDKs are adding permissions that you're not accounting for in your privacy policy.
This thread may be helpful:
http://forums.makingmoneywithandroid.com/advertising-networks/3584-google-play-developer-term-violation-4.html
Related
Yesterday my app was removed from Google Playstore because it was using the Stripe-Android SDK.
Here is the reason why my app was removed from Google Playstore :
We’ve identified that your app is using Stripe SDK or library, which
facilitates the transmission and collection of Phone Number and
Installed Application information without meeting the prominent
disclosure guidelines. Make sure to also post a privacy policy in both
the designated field in the Play Developer Console and from within the
Play distributed app itself. If necessary, you can consult your SDK
provider(s) for further information.
As on my side I do not collect any information of any kind, how could I solve this problem?
I finally managed to solve the problem. What you have to do is:
Update the Stripe SDK
Upload your app update to all release tracks (production, open,
closed and internal), incrementing the version number each time. Right after uploading the APK file and before resubmitting your app for review, please make sure to deactivate the non-compliant APK (*).
Go to the Publishing overview page and click Send for review to submit your changes. (This is important. I had missed this point)
Maybe Google will ask you to add a privacy policy too. You will have to:
Post a privacy policy explaining very precisely how you collect data and what you do with it. (even if you do not collect any data)
On the play console page, go to App Content -> Privacy policy and enter the URL of your privacy policy.
Inside your app, put a link to your privacy policy. (I missed that point too)
Less than 24 hours later, my app became accessible again on Play Store.
Good to know 1 : If you've done all of these steps and your app is still offline, you can contact the Google policy support team at https://support.google.com/googleplay/android-developer/contact/emailappeals
(*) Good to know 2 : Here is where you can deactivate the non-compliant Bundle:
In my case,
I forgot to follow the installation instructions from Stripe SDK
I added the following clause in my privacy policy:
"MY_APP uses stripe payments. which requires information about your phone number and apps installed on the device in order to ensure secure and successful payment."
and it worked ✨
Google has apparently decided to crack down on usage of Chinese SDKs, because both a client and a colleague got their apps suspended from the Play Store for using an old version of a Chinese SDK*.
My client got the following email:
Hi Developers at {company name},
After review, {app name},
{app package}[Version:12725], has been removed from Google
Play because it violates our personal and sensitive information
policy. This app won’t be available to users until you submit a
compliant update.
Here’s how you can submit your app for another review:
Review the Personal and Sensitive Information policy and make the
necessary changes to your app. Make sure your app is compliant with
the User Data policy and all other policies listed in the Developer
Program Policies. Remember that additional enforcement could occur if
there are further policy issues with your apps. Your app is using the
AliPay SDK which is uploading the users' phone number without proper
disclosure. Make sure to also post a privacy policy in both the
designated field in the Play Developer Console and from within the
Play distributed app itself. Please upgrade AliPay SDK version to
15.5.5 or higher. Sign in to your Play Console and upload the modified, policy compliant APK. Make sure to increment the version
number of the APK. Submit your app.
The colleague got a very similar email regarding usage of an SDK by Xiaomi.
TL;DR
We both quickly updated the apps according to Google's instructions and submitted new versions (with new versionName and versionCode).
It's been 3 days and 4 versions since and the apps were not reinstated to the store yet.
What are we doing wrong?
I've opened a support ticket with Google and the support rep notified me once more that the offending version is 12725, the old obsolete version.
It turns out that the Beta track still had this version. Even though it was superseded by the production one, Google still won't publish my app.
I had to Remove obsolete beta version from Google Play and the app was reinstated within the hour.
Same story with my colleague's app.
I have used Admob in my application but i forgot to add privacy policy but now I added privacy policy to the application and playstore but the application didn't appear on playstore again.
Please guide my how to resolve this issue.
Hi developers at Cmptrsntst,
After review, The News Headlines, binarysole.com.thenewsheadlines, has
been removed from Google Play due to a policy violation. This app
won’t be available to users until you submit a compliant update.
Issue: Violation of Usage of Android Advertising ID policy and section
4.8 of the Developer Distribution Agreement
Google Play requires developers to provide a valid privacy policy when
the app requests or handles sensitive user or device information.
We’ve identified that your app collects and transmits the Android
advertising identifier, which is subject to a privacy policy
requirement. If your app collects the Android advertising ID, you must
provide a valid privacy policy in both the designated field in the
Play Console, and from within the app.
Next steps: Submit your app for another review
Read through the Usage of Android Advertising ID and User Data
policies, as well as the Developer Distribution Agreement, and make
appropriate changes to your app. If you decide to collect sensitive
user information, be sure to abide by the above policies, and include
a link to a valid privacy policy on your app's store listing page and
within your app. Make sure that your app is compliant with all other
Developer Program Policies. Additional enforcement could occur if
there are further policy violations. Sign in to your Play Console and
submit the update to your app. Alternatively, you may opt-out of this
requirement by removing any requests for sensitive permissions or user
data.
If approved, your app will again be available with all installs,
ratings, and reviews intact.
If you’ve reviewed the policy and feel this removal may have been in
error, please reach out to our policy support team. One of my
colleagues will get back to you within 2 business days.
Thanks for helping us provide a clear and transparent experience for
Google Play users.
Regards,
Justin
The Google Play Team
I also had the exact same issue with one of my app and got same email because I hadn't included a privacy policy URL.
Now after I included the privacy policy URL and resubmitted the app from Store Listing, the app is now live after around 2 hours.
If you have already updated the privacy policy URL, make sure it is clear and it follows the Google's policies. Mention clearly that your app doesn't collect personally identifiable data.
2 years ago, I have received 2 email from google in the same day ( check below ). How many violations/strikes does my account need now to get suspended indefinitely ?
This is a notification that your application submission, xxx,
for package ID com.xxx.xxx.xxx, has been rejected. If
this submission was an update to an existing app, the version
published prior to this update is still available on Google Play.
Please address the issue described below, then submit an update with
your changes.
REASON FOR REJECTION:Violation of the Google Play content rating
policy.
These guidelines apply to all content in your app, including user
generated content, in-app products, and advertisements.
After a regular review, we’ve determined that your app has an
inaccurate content rating. Please retake the content rating
questionnaire for your app and resubmit your app for publishing.
All submission rejections are tracked. Repeated rejections due to
policy violations will result in app suspension, at which point this
app will count as a strike against the good standing of your developer
account and no longer be available on Google Play.
If you feel we have made this determination in error, you can submit
an appeal on the Google Play Help Center.
The Google Play Team
We’re always looking for ways to improve. Please share your feedback
on Play policy notification emails by completing this brief survey.
This is a notification that your application, xxx,
with package ID com.xxx.xxx.xxx, has been
suspended from the Google Play Store.
REASON FOR SUSPENSION:Violation of the impersonation or deceptive
behavior provisions of the Content Policy. Please refer to the
impersonation policy help article for more information.
If you are authorized to publish on behalf of the original content or
brand owner, please contact us via the Google Play Help Center and
attach verifiable and accepted proof of permission.
This particular app has been disabled as a policy strike. If your
developer account is still in good standing, you may revise and upload
a policy compliant version of this application as a new package name.
This notification also serves as notice for other apps in your
catalog. You can avoid further app suspensions by immediately ensuring
that no other apps in your catalog are in violation of (but not
limited to) the above policy. Please also ensure your apps’ compliance
with the Developer Distribution Agreement and Content Policy.
All violations are tracked. Additional suspensions of any nature may
result in the termination of your developer account, and investigation
and possible termination of related Google accounts. If your account
is terminated, payments will cease and Google may recover the proceeds
of any past sales and/or the cost of any associated fees (such as
chargebacks and transaction fees) from you.
If you feel we have made this determination in error, you can visit
this Google Play Help Center article.
Only a suspension counts as a strike on your account. Right now you have one suspension. If you get two more suspension your account will be terminated.
Today i received an email from Google Play Team. How can I find which library or SDK is violating the conditions of the Google Play? Here is the content of mail:
This is a notification that your application, is currently in
violation of our developer terms. REASON FOR WARNING: Violation of the
Personal and Confidential Information provision of the Developer
Distribution Agreement:
(Dangerous Products): Apps that collect information (such as the
user's location or behavior) without the user's knowledge (spyware) …
are prohibited on Google Play. (Personal and Confidential
Information): We don't allow unauthorized publishing or disclosure of
people's private and confidential information, such as credit card
numbers, government identification numbers, driver's and other license
numbers, non-public contacts, or any other information that is not
publicly accessible. We have determined that one or more Ad SDKs or
libraries used in the above app facilitates the transmission of the
list of installed apps on the user’s device to a server without
conspicuous disclosure to the user that this is happening. This
violates the above policy provision. Please evaluate any third party
libraries for compliance and/or consult your Ad SDK provider(s) for
further information if necessary.
Your application will be removed if you do not bring it into
compliance by removing the ads sdk or library from your app, or
updating to a compliant version of the SDK(s) or library(ies) within
30 days of the issuance of this notification. If you have additional
applications in your catalog, please also review them for compliance.
Note that any remaining applications found to be in violation will be
removed from the Google Play Store.
Please also consult the Policy and Best Practices and the Developer
Distribution Agreement as you bring your applications into compliance.
You can also review this Google Play Help Center article for more
information on this warning.
All violations are tracked. Serious or repeated violations of any
nature will result in the termination of your developer account, and
investigation and possible termination of related Google accounts.
The Google Play Team
WOW!
exactly the same mail I received from Google play 2 days back! Word by word same.
Great, So the issue 100% is the permission settings for the Flurry and TapStream SDKs. I just contacted Flurry/Tapstream for this, awaiting a reply from them.
By the way I checked Tap Stream here
You can clearly see they have asked for adding an intent under the application tag
<receiver android:name="com.tapstream.sdk.ReferrerReceiver" android:exported="true" >
<intent-filter>
<action android:name="com.android.vending.INSTALL_REFERRER" />
</intent-filter>
</receiver>
This is used to get the list of apps installed just to record analytics to count the App installs and see how many users are still using the App.
but regarding the Location collecetion [Dangerous content] I still have to figure out.
One possible measure I have thought of doing is adding an EULA before letting user use the app, on the first run. It makes sure that my back is covered. Additionally, you can also add permission for FINE_LOCATION under manifest. Since it is for sure that one/both of the SDKs are using user location.
Good question!
Will update as soon as I receive any updates.
UPDATE
Finally, I received Mail from Tapstream, they are saying that they have made changes according to the Google's Policy change on November 15 2014 hence, asked me to change the SDK version to the lastest one.
Quoted here
Hi there,
Tapstream has updated its Android SDK to comply with a recent Google Play store policy change.
Due to this policy change, a minor component of Tapstream's device identification process can no longer be collected by the Android SDK. This change will not impact your tracking.
To avoid any app approval issues on the Play store, you should deploy this new SDK as soon as possible.
You can find the updated Android SDK here: tapstream.com/developer/android/sdk
The updated SDK is a drop-in replacement; no other changes are required. If you need any assistance, or would like further information, just reply to this email.
I hope that might serve as a solution apparently.