Today i received an email from Google Play Team. How can I find which library or SDK is violating the conditions of the Google Play? Here is the content of mail:
This is a notification that your application, is currently in
violation of our developer terms. REASON FOR WARNING: Violation of the
Personal and Confidential Information provision of the Developer
Distribution Agreement:
(Dangerous Products): Apps that collect information (such as the
user's location or behavior) without the user's knowledge (spyware) …
are prohibited on Google Play. (Personal and Confidential
Information): We don't allow unauthorized publishing or disclosure of
people's private and confidential information, such as credit card
numbers, government identification numbers, driver's and other license
numbers, non-public contacts, or any other information that is not
publicly accessible. We have determined that one or more Ad SDKs or
libraries used in the above app facilitates the transmission of the
list of installed apps on the user’s device to a server without
conspicuous disclosure to the user that this is happening. This
violates the above policy provision. Please evaluate any third party
libraries for compliance and/or consult your Ad SDK provider(s) for
further information if necessary.
Your application will be removed if you do not bring it into
compliance by removing the ads sdk or library from your app, or
updating to a compliant version of the SDK(s) or library(ies) within
30 days of the issuance of this notification. If you have additional
applications in your catalog, please also review them for compliance.
Note that any remaining applications found to be in violation will be
removed from the Google Play Store.
Please also consult the Policy and Best Practices and the Developer
Distribution Agreement as you bring your applications into compliance.
You can also review this Google Play Help Center article for more
information on this warning.
All violations are tracked. Serious or repeated violations of any
nature will result in the termination of your developer account, and
investigation and possible termination of related Google accounts.
The Google Play Team
WOW!
exactly the same mail I received from Google play 2 days back! Word by word same.
Great, So the issue 100% is the permission settings for the Flurry and TapStream SDKs. I just contacted Flurry/Tapstream for this, awaiting a reply from them.
By the way I checked Tap Stream here
You can clearly see they have asked for adding an intent under the application tag
<receiver android:name="com.tapstream.sdk.ReferrerReceiver" android:exported="true" >
<intent-filter>
<action android:name="com.android.vending.INSTALL_REFERRER" />
</intent-filter>
</receiver>
This is used to get the list of apps installed just to record analytics to count the App installs and see how many users are still using the App.
but regarding the Location collecetion [Dangerous content] I still have to figure out.
One possible measure I have thought of doing is adding an EULA before letting user use the app, on the first run. It makes sure that my back is covered. Additionally, you can also add permission for FINE_LOCATION under manifest. Since it is for sure that one/both of the SDKs are using user location.
Good question!
Will update as soon as I receive any updates.
UPDATE
Finally, I received Mail from Tapstream, they are saying that they have made changes according to the Google's Policy change on November 15 2014 hence, asked me to change the SDK version to the lastest one.
Quoted here
Hi there,
Tapstream has updated its Android SDK to comply with a recent Google Play store policy change.
Due to this policy change, a minor component of Tapstream's device identification process can no longer be collected by the Android SDK. This change will not impact your tracking.
To avoid any app approval issues on the Play store, you should deploy this new SDK as soon as possible.
You can find the updated Android SDK here: tapstream.com/developer/android/sdk
The updated SDK is a drop-in replacement; no other changes are required. If you need any assistance, or would like further information, just reply to this email.
I hope that might serve as a solution apparently.
Related
Hi Developers at Ministerio de Telecomunicaciones Ecuador,
Per last email, your app FirmaEC (ec.gob.firmadigital.firmaec_app) has been rejected from Google Play for not resolving the previously communicated policy issue (copied below for your reference). To resolve this issue and get your app changes published on Google Play, please address the issues highlighted in the earlier email and resubmit the app.
Publishing Status
App Status: Rejected
Your app has been rejected and wasn't published due to the policy issue(s) listed below. If you submitted an update, the previous version of your app is still available on Google Play.
Issue found: Permission use is not directly related to your app's core purpose.
We found that your app is not compliant with how REQUEST_INSTALL_PACKAGES permission is allowed to be used. Specifically, the use of the permission is not directly related to the core purpose of the app.
Issue details
We found an issue in the following area(s):
SPLIT_BUNDLE 15
Additionally, follow these steps to bring your app into compliance:
Please remove the use of REQUEST_INSTALL_PACKAGES permission from your app.
About the Request Install Packages Permission
The REQUEST_INSTALL_PACKAGES permission allows an application to request the installation of app packages. To use this permission, your app’s core functionality must include:
Sending or receiving app packages, AND
Enabling user-initiated installation of app packages.
Permitted functionalities include any of the following:
Web browsing or search
Communication services that support attachments
File sharing, transfer or management
Enterprise device management
Backup and restore
Device migration / phone transfer
The REQUEST_INSTALL_PACKAGES permission may not be used to perform self updates, modifications, or the bundling of other APKs in the asset file unless for device management purposes. All updates or installing of packages must abide by Google Play’s Device and Network Abuse policy and must be initiated and driven by the user.
For more help addressing this issue, read more in our Help Center.
Action required: Submit an updated app for review
Here's what to do to help get your app on Google Play:
Make sure to read the applicable policies or requirements listed below:
Request Install Packages Permission
Make appropriate changes to your app (if possible), and be sure to address the issue described above. You may also want to check your app's store listing for compliance, if applicable.
Double check that your app is compliant with all other Developer Program Policies.
If you made changes to your app bundle, store listing, or APK, please sign in to your Play Console and submit the update(s).
Contact support
If you've reviewed the policy and feel our decision may have been in error, please reach out to our policy support team. We'll get back to you within 2 business days.
try:
App is not compliant with how REQUEST_INSTALL_PACKAGES permission is allowed
Yesterday my app was removed from Google Playstore because it was using the Stripe-Android SDK.
Here is the reason why my app was removed from Google Playstore :
We’ve identified that your app is using Stripe SDK or library, which
facilitates the transmission and collection of Phone Number and
Installed Application information without meeting the prominent
disclosure guidelines. Make sure to also post a privacy policy in both
the designated field in the Play Developer Console and from within the
Play distributed app itself. If necessary, you can consult your SDK
provider(s) for further information.
As on my side I do not collect any information of any kind, how could I solve this problem?
I finally managed to solve the problem. What you have to do is:
Update the Stripe SDK
Upload your app update to all release tracks (production, open,
closed and internal), incrementing the version number each time. Right after uploading the APK file and before resubmitting your app for review, please make sure to deactivate the non-compliant APK (*).
Go to the Publishing overview page and click Send for review to submit your changes. (This is important. I had missed this point)
Maybe Google will ask you to add a privacy policy too. You will have to:
Post a privacy policy explaining very precisely how you collect data and what you do with it. (even if you do not collect any data)
On the play console page, go to App Content -> Privacy policy and enter the URL of your privacy policy.
Inside your app, put a link to your privacy policy. (I missed that point too)
Less than 24 hours later, my app became accessible again on Play Store.
Good to know 1 : If you've done all of these steps and your app is still offline, you can contact the Google policy support team at https://support.google.com/googleplay/android-developer/contact/emailappeals
(*) Good to know 2 : Here is where you can deactivate the non-compliant Bundle:
In my case,
I forgot to follow the installation instructions from Stripe SDK
I added the following clause in my privacy policy:
"MY_APP uses stripe payments. which requires information about your phone number and apps installed on the device in order to ensure secure and successful payment."
and it worked ✨
I've come across a collection of android apps that utilise a questionable practice.
With the help of misleading ads user gets tricked into buying an app via SMS service (with prices up to 10 EUR). Afterwards the user then can enter an activation code in the free app distributed on Google Play store.
The entire operation is in grey-area, because it is the user itself who sends the SMS and is responsible for the cost. Due to the nature of the ads, its mostly unsuspecting older people that get tricked into this, because they assume that they must do it or they'll have problems with their device.
In app functionality being sold outside of the app store would most likely be a violation of Apple Store and the app could be reported.
I am wondering if there's similar rules for Play Store, so that this practice could be reported to Google.
The short answer is that Google allows this practice for now, but they are already working on changing it. From my experience, Google allows devs to use any payment/licensing model that their app requires. However, this is subject to change and the end results will be something similar with Apple's policy.
From their support page, it seems that from January 2021, they require that all new apps will use the GooglePlay IAP API. Existing apps have until the end of September to make the switch. As with any other policy, there are some exceptions, but please check the official page to receive the correct information.
I have used Admob in my application but i forgot to add privacy policy but now I added privacy policy to the application and playstore but the application didn't appear on playstore again.
Please guide my how to resolve this issue.
Hi developers at Cmptrsntst,
After review, The News Headlines, binarysole.com.thenewsheadlines, has
been removed from Google Play due to a policy violation. This app
won’t be available to users until you submit a compliant update.
Issue: Violation of Usage of Android Advertising ID policy and section
4.8 of the Developer Distribution Agreement
Google Play requires developers to provide a valid privacy policy when
the app requests or handles sensitive user or device information.
We’ve identified that your app collects and transmits the Android
advertising identifier, which is subject to a privacy policy
requirement. If your app collects the Android advertising ID, you must
provide a valid privacy policy in both the designated field in the
Play Console, and from within the app.
Next steps: Submit your app for another review
Read through the Usage of Android Advertising ID and User Data
policies, as well as the Developer Distribution Agreement, and make
appropriate changes to your app. If you decide to collect sensitive
user information, be sure to abide by the above policies, and include
a link to a valid privacy policy on your app's store listing page and
within your app. Make sure that your app is compliant with all other
Developer Program Policies. Additional enforcement could occur if
there are further policy violations. Sign in to your Play Console and
submit the update to your app. Alternatively, you may opt-out of this
requirement by removing any requests for sensitive permissions or user
data.
If approved, your app will again be available with all installs,
ratings, and reviews intact.
If you’ve reviewed the policy and feel this removal may have been in
error, please reach out to our policy support team. One of my
colleagues will get back to you within 2 business days.
Thanks for helping us provide a clear and transparent experience for
Google Play users.
Regards,
Justin
The Google Play Team
I also had the exact same issue with one of my app and got same email because I hadn't included a privacy policy URL.
Now after I included the privacy policy URL and resubmitted the app from Store Listing, the app is now live after around 2 hours.
If you have already updated the privacy policy URL, make sure it is clear and it follows the Google's policies. Mention clearly that your app doesn't collect personally identifiable data.
I have developed and published several apps on the Play Store. Because of an old ads sdk (which had a security issue), I had to update all my apps with the new compliant ads sdk.
The problem is that once I update my apps, the update got rejected with this message :
This is a notification that your application, *, for package
ID *, has been removed from Google Play.
Please address the issue described below and submit a compliant
update. Once approved, your application will again be available with
all installs, ratings and reviews intact.
REASON FOR REMOVAL:Violation of section 4.3 of the Developer
Distribution Agreement.Please refer to the policy help article for
more information.
We classify user information including but not limited to, email
address, phone number, name, social media account information, and
contacts as private and confidential information.
An app downloaded from Google Play (or its components or derivative
elements) which transmits this information off of the device without
making this clear to the user and obtaining the user’s explicit
consent are regarded as being in violation of section 4.3 of the DDA.
All removals are tracked. Repeated removals will result in app
suspension, at which point this app will count as a strike against the
good standing of your developer account and no longer be available on
Google Play.
This notification also serves as notice for other apps in your
catalog. You can avoid future removals and/or app suspensions by
immediately ensuring that no other apps in your catalog are in
violation of (but not limited to) the above policy. Before publishing
applications, please ensure your apps’ compliance with the Developer
Distribution Agreement and Content Policy.
If you feel we have made this determination in error, you can visit
this Google Play Help Center article.
The Google Play Team
I am using several ads SDKs :
AdMob (Play services 7.5), AppBrain (10.51), Vungle(3.3.1), InMobi(4.5.5) and StartApp(3.1.1)
I also use analytics :
Google Analytics (Play services 7.5), Crashlytics (Fabric.io, 2.3)
Here are all the permissions I ask for :
CAMERA, ACCESS_NETWORK_STATE, ACCESS_WIFI_STATE,
INTERNET, VIBRATE, WRITE_EXTERNAL_STORAGE, BILLING and CHECK_LICENSE
and the features :
android.hardware.camera, android.hardware.camera.autofocus,
android.hardware.camera.front, android.hardware.wifi-required=false
and android.hardware.touchscreen-required=false
And now, my app has been suspended.
I have absolutely no idea of what could be the cause -> is this a specific SDK issue ?
This is likely caused by one of two issues. Either you're using an SDK that is not compliant with the Google Play policy or your SDKs are adding permissions that you're not accounting for in your privacy policy.
This thread may be helpful:
http://forums.makingmoneywithandroid.com/advertising-networks/3584-google-play-developer-term-violation-4.html