App violates the Android Advertising Id policy
I've just received this message from Google Play but I'm not collecting the Advertising ID.
Reason for warning: Violation of Usage of Android Advertising ID
policy and section 4.8 of the Developer Distribution Agreement
Google Play requires developers to provide a valid privacy policy when
the app requests or handles sensitive user or device information.
We’ve identified that your app collects and transmits the Android
advertising ID, which is subject to a privacy policy requirement.
Is it possible any of my dependicies uses it? Here's the list of dependencies:
implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
implementation "org.jetbrains.anko:anko-common:$anko_version"
implementation ("com.android.support:appcompat-v7:$android_support_version") {
exclude group: 'com.android.support', module: 'animated-vector-drawable'
exclude group: 'com.android.support', module: 'design'
}
implementation ("com.android.support:design:$android_support_version") {
exclude group: 'com.android.support', module: 'animated-vector-drawable'
}
implementation ("com.android.support:cardview-v7:$android_support_version") {
exclude group: 'com.android.support', module: 'animated-vector-drawable'
exclude group: 'com.android.support', module: 'design'
}
implementation 'com.github.PhilJay:MPAndroidChart:v3.0.2'
implementation 'com.github.apl-devs:appintro:v4.2.3'
implementation('com.crashlytics.sdk.android:crashlytics:2.6.8@aar') {
transitive = true
}
implementation 'com.firebase:firebase-jobdispatcher:0.7.0'
implementation ("com.google.firebase:firebase-firestore:$firestore_version") {
exclude group: 'com.google.firebase', module: 'firebase-auth'
}
implementation ("com.google.firebase:firebase-auth:$firebase_version") {
exclude group: 'com.google.firebase', module: 'firebase-firestore'
}
implementation ("com.google.firebase:firebase-storage:$firebase_version") {
exclude group: 'com.google.firebase', module: 'firebase-firestore'
}
implementation ('com.google.android.gms:play-services-auth:16.0.0') {
exclude group: 'com.google.firebase', module: 'firebase-firestore'
}
implementation 'com.android.support.constraint:constraint-layout:1.1.3'
implementation 'com.android.support:multidex:1.0.3'
implementation ("com.android.support:exifinterface:$android_support_version") {
exclude group: 'com.android.support', module: 'animated-vector-drawable'
exclude group: 'com.android.support', module: 'design'
}
implementation 'com.soundcloud.android:android-crop:1.0.1@aar'
implementation 'com.github.bumptech.glide:glide:4.7.1'
Today many developers are getting this same issue.
I also got this issue. I didn't collect any sensitive data, I am not even showing ads to my users. In your case the Crashlytics lib could be an issue. It deals with advertising IDs.
In the mail they mention the required action:
Action required: Add a privacy policy to your store listing and app
So I think all of us should add a privacy policy on the store listing as well as on the app. Before taking the action we should go through the related privacy policy.
Here are some links from where you can get help:
Privacy policy to upload an app
Usage of Android Advertising ID
Developer Distribution Agreement
Developer Program Policies
You are using crashlytics below 2.9.3. Apparently it's collecting and sending the google advertising id as a key in their header. That might be the or one of the issues.
You can check if it's sending the advertising id through a proxy like Charles.
Edit ***
It seems that version 2.9.3 and above are still getting the advertisingID from by calling AdvertisingIdClient.getAdvertisingIdInfo() from the com.google.android.gms.ads.identifier package. I checked it by setting a break point on the method. I am assuming it is somehow still being send to fabric. Which would mean updating to higher version will not solve it..
According to the docs you can disable advertising id collection by setting
<meta-data android:name="google_analytics_adid_collection_enabled" android:value="false" />
in your AndroidManifest.xml under the <Application> tag.
this is the cause
Google Play Services version 4.0 introduced new APIs and an ID for use by advertising and analytics providers.
We need to provide a privacy statement and make it available on the web.
For a sample go
https://digital.com/blog/best-privacy-policy-generators/
To change settings on your android app. Developer Console, Store Listing, scroll down to Privacy Policy. Add the url here.
For Unity users, the problem is in Unity Analytics.
To resolve this problem, we need to do 2 tasks:
In Google Play Console, add the link: https://unity3d.com/legal/privacy-policy into Privacy Policy field in Store presence / Store listing
In your app, add a Privacy Policy button by using the Unity's own plugin Unity Data Privacy Plug-in: https://assetstore.unity.com/packages/add-ons/services/unity-data-privacy-plug-in-118922
After resubmitted about some minutes, Google Play approved my app.
my app deleted from store today .. same issue
all i do that i add privacy policy to the app from(App console - Store presence - Store listing)
Like the image
you can create it from App Privacy Policy Generator
and uplaod it and write the link in Store listing and resubmit the app
That is work for me
and sorry for my bad language
I am using Crashlytics and OneSignal. Relying on @RikvanVelzen tests with Crashlytics 2.9.3, it is not the reason for my getting the messasge from Google, but OneSignal.
Google requirement is "you must provide a valid privacy policy in both the designated field in the Play Console, and from within the app."
Therefore, I believe that I need to do only two things which are not too complicated:
Add a privacy policy link from Google Play's console, to a webpage with the info
Add privacy policy info in the app
The following seems to provide instructions on how to do it (just one of many):
https://www.iubenda.com/blog/warning-google-play-developer-policy-violation-action-required-policy-issue/
Privacy policy webpage creation:
First, create a page with the privacy policy of the blocked
application.
Write what information you process. If you do not process private data, write it clearly.
Add information (link) about app privacy policy in Google Play Console
App update with consent:
Follow the instruction from Google website: https://developers.google.com/admob/android/eu-consent
Add link to your privacy policy:
privacyUrl = new URL("https://www.your.com/privacyurl");
ConsentForm form = new ConsentForm.Builder(context, privacyUrl)
Add the privacy policy webpage by opening it in browser or in webview in your application
Update app with consent and upload on Google Play Console
I had one of my app removed and another got removed for reason given as
Issue: Violation of Usage of Android Advertising ID policy and section 4.8 of the Developer Distribution Agreement
I created the privacy policies for both the apps, updated the link in play console store listing, included privacy policy link in main menu of both apps and resubmitted apps.
Both the apps are now live and running .
If you need you can copy the policy, make sure to do edits according to your app permissions and name.
Privacy policy
I don't know if these play console removal and warning count as strike, or somebody can enlighten me.
I also recieved the same message and got some of my apps suspended today.
So i just deleted those three firebase dependencies:
compile 'com.google.firebase:firebase-core:10.0.1'
compile 'com.google.firebase:firebase-ads:10.0.1'
compile 'com.google.firebase:firebase-appindexing:10.0.1'
Then, i re-submitted the apps, and they was accepted after review :)
copied from google mail
Please contact policy support team.
If your app requests user data or makes sensitive permissions requests such as Phone, Accounts, Contacts, Camera, Microphone, or if your app uses the Android advertising identifier, you'll need to add a valid privacy policy in two places: your app's Store Listing page (instructions below) and within your app.
As a second option, you can remove any requests for user data or sensitive permissions. For example, you would need to remove {copy and paste permissions here} from the manifest. You will not need to add a privacy policy if you remove these requests.
If you cannot complete steps 1 or 2, you'll need to unpublish the app from the Play Store.
If your app is already unpublished, you don’t need to take action unless you re-publish the app in the future.
You can follow these steps to add a privacy policy to your Store Listing:
Sign in to your Play Console.
Select your app.
On the left side, select Store presence > Store listing.
Under "Privacy Policy," enter the URL where you have the privacy policy hosted online.
Save your changes to submit the update to your app.
Please visit our help center for more information about Google Play privacy policy requirements.
I got 3 apps suspended today.
I had a busy day but managed to start working on the apps after lunch. I worked on and submitted 2 updates out of 3. Now I'm working on the third one.
A few minutes ago, one just got approved.
Most of my apps already have privacy policies. The ones that got suspended did not.
The suspect libraries in my case are Admob and Firebase Analytics.
What I did:
1. I created a privacy policy web-page and added a link in the Google Play Store listing.
2. I added the privacy policy as a string in the app and it pops up via a dialog the user can accept or decline one time.
After the updates, I held my breath for 2 hours and voila!
I've just received the same email this morning (18th September 2018) for my Expo built standalone app. I don't use Crashalytics; the only libraries I do use are Segment and Amplitude, both of which are officially supported by Expo.
As noted above, I'm going to attempt to use the linked policy generator and host this on Github.
I found this post useful too.
You also need to include a link to our privacy policy from inside the app itself, I've read this needs to be available offline too?
I got this mail today 18/9/2018 at 8:39 pm, I was very mad and very scared because I thought that my only source of income has gone because I had quitted my job like 5 months ago, luckily i came into this thread and i used the privacy policy generator tool (https://app-privacy-policy-generator.firebaseapp.com) recommended by I cannot recall who and then i used gist to host the file generated, from there I copy pasted the link on my play store listing page where I also updated the app and put a menu called privacy policy which when the user clicks it will open the default browser with the gist url. I rolled out the app to 10% of my user base and crossed fingers. After two hours I got a notification that my update is live and my app status changed from removed to published. Please note that I did not know that I was violating this policy and after a small research i found it was caused by facebook audience SDK.
Reason for warning: Violation of Usage of Android Advertising ID
policy and section 4.8 of the Developer Distribution Agreement
Google Play requires developers to provide a valid privacy policy when
the app requests or handles sensitive user or device information.
We’ve identified that your app collects and transmits the Android
advertising ID, which is subject to a privacy policy requirement.
Is it possible any of my dependicies uses it? Here's the list of dependencies:
implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
implementation "org.jetbrains.anko:anko-common:$anko_version"
implementation ("com.android.support:appcompat-v7:$android_support_version") {
exclude group: 'com.android.support', module: 'animated-vector-drawable'
exclude group: 'com.android.support', module: 'design'
}
implementation ("com.android.support:design:$android_support_version") {
exclude group: 'com.android.support', module: 'animated-vector-drawable'
}
implementation ("com.android.support:cardview-v7:$android_support_version") {
exclude group: 'com.android.support', module: 'animated-vector-drawable'
exclude group: 'com.android.support', module: 'design'
}
implementation 'com.github.PhilJay:MPAndroidChart:v3.0.2'
implementation 'com.github.apl-devs:appintro:v4.2.3'
implementation('com.crashlytics.sdk.android:crashlytics:2.6.8@aar') {
transitive = true
}
implementation 'com.firebase:firebase-jobdispatcher:0.7.0'
implementation ("com.google.firebase:firebase-firestore:$firestore_version") {
exclude group: 'com.google.firebase', module: 'firebase-auth'
}
implementation ("com.google.firebase:firebase-auth:$firebase_version") {
exclude group: 'com.google.firebase', module: 'firebase-firestore'
}
implementation ("com.google.firebase:firebase-storage:$firebase_version") {
exclude group: 'com.google.firebase', module: 'firebase-firestore'
}
implementation ('com.google.android.gms:play-services-auth:16.0.0') {
exclude group: 'com.google.firebase', module: 'firebase-firestore'
}
implementation 'com.android.support.constraint:constraint-layout:1.1.3'
implementation 'com.android.support:multidex:1.0.3'
implementation ("com.android.support:exifinterface:$android_support_version") {
exclude group: 'com.android.support', module: 'animated-vector-drawable'
exclude group: 'com.android.support', module: 'design'
}
implementation 'com.soundcloud.android:android-crop:1.0.1@aar'
implementation 'com.github.bumptech.glide:glide:4.7.1'
Today many developers are getting this same issue.
I also got this issue. I didn't collect any sensitive data, I am not even showing ads to my users. In your case the Crashlytics lib could be an issue. It deals with advertising IDs.
In the mail they mention the required action:
Action required: Add a privacy policy to your store listing and app
So I think all of us should add a privacy policy on the store listing as well as on the app. Before taking the action we should go through the related privacy policy.
Here are some links from where you can get help:
Privacy policy to upload an app
Usage of Android Advertising ID
Developer Distribution Agreement
Developer Program Policies
You are using crashlytics below 2.9.3. Apparently it's collecting and sending the google advertising id as a key in their header. That might be the or one of the issues.
You can check if it's sending the advertising id through a proxy like Charles.
Edit ***
It seems that version 2.9.3 and above are still getting the advertisingID from by calling AdvertisingIdClient.getAdvertisingIdInfo() from the com.google.android.gms.ads.identifier package. I checked it by setting a break point on the method. I am assuming it is somehow still being send to fabric. Which would mean updating to higher version will not solve it..
According to the docs you can disable advertising id collection by setting
<meta-data android:name="google_analytics_adid_collection_enabled" android:value="false" />
in your AndroidManifest.xml under the <Application> tag.
this is the cause
Google Play Services version 4.0 introduced new APIs and an ID for use by advertising and analytics providers.
We need to provide a privacy statement and make it available on the web.
For a sample go
https://digital.com/blog/best-privacy-policy-generators/
To change settings on your android app. Developer Console, Store Listing, scroll down to Privacy Policy. Add the url here.
For Unity users, the problem is in Unity Analytics.
To resolve this problem, we need to do 2 tasks:
In Google Play Console, add the link: https://unity3d.com/legal/privacy-policy into Privacy Policy field in Store presence / Store listing
In your app, add a Privacy Policy button by using the Unity's own plugin Unity Data Privacy Plug-in: https://assetstore.unity.com/packages/add-ons/services/unity-data-privacy-plug-in-118922
After resubmitted about some minutes, Google Play approved my app.
my app deleted from store today .. same issue
all i do that i add privacy policy to the app from(App console - Store presence - Store listing)
Like the image
you can create it from App Privacy Policy Generator
and uplaod it and write the link in Store listing and resubmit the app
That is work for me
and sorry for my bad language
I am using Crashlytics and OneSignal. Relying on @RikvanVelzen tests with Crashlytics 2.9.3, it is not the reason for my getting the messasge from Google, but OneSignal.
Google requirement is "you must provide a valid privacy policy in both the designated field in the Play Console, and from within the app."
Therefore, I believe that I need to do only two things which are not too complicated:
Add a privacy policy link from Google Play's console, to a webpage with the info
Add privacy policy info in the app
The following seems to provide instructions on how to do it (just one of many):
https://www.iubenda.com/blog/warning-google-play-developer-policy-violation-action-required-policy-issue/
Privacy policy webpage creation:
First, create a page with the privacy policy of the blocked
application.
Write what information you process. If you do not process private data, write it clearly.
Add information (link) about app privacy policy in Google Play Console
App update with consent:
Follow the instruction from Google website: https://developers.google.com/admob/android/eu-consent
Add link to your privacy policy:
privacyUrl = new URL("https://www.your.com/privacyurl");
ConsentForm form = new ConsentForm.Builder(context, privacyUrl)
Add the privacy policy webpage by opening it in browser or in webview in your application
Update app with consent and upload on Google Play Console
I had one of my app removed and another got removed for reason given as
Issue: Violation of Usage of Android Advertising ID policy and section 4.8 of the Developer Distribution Agreement
I created the privacy policies for both the apps, updated the link in play console store listing, included privacy policy link in main menu of both apps and resubmitted apps.
Both the apps are now live and running .
If you need you can copy the policy, make sure to do edits according to your app permissions and name.
Privacy policy
I don't know if these play console removal and warning count as strike, or somebody can enlighten me.
I also recieved the same message and got some of my apps suspended today.
So i just deleted those three firebase dependencies:
compile 'com.google.firebase:firebase-core:10.0.1'
compile 'com.google.firebase:firebase-ads:10.0.1'
compile 'com.google.firebase:firebase-appindexing:10.0.1'
Then, i re-submitted the apps, and they was accepted after review :)
copied from google mail
Please contact policy support team.
If your app requests user data or makes sensitive permissions requests such as Phone, Accounts, Contacts, Camera, Microphone, or if your app uses the Android advertising identifier, you'll need to add a valid privacy policy in two places: your app's Store Listing page (instructions below) and within your app.
As a second option, you can remove any requests for user data or sensitive permissions. For example, you would need to remove {copy and paste permissions here} from the manifest. You will not need to add a privacy policy if you remove these requests.
If you cannot complete steps 1 or 2, you'll need to unpublish the app from the Play Store.
If your app is already unpublished, you don’t need to take action unless you re-publish the app in the future.
You can follow these steps to add a privacy policy to your Store Listing:
Sign in to your Play Console.
Select your app.
On the left side, select Store presence > Store listing.
Under "Privacy Policy," enter the URL where you have the privacy policy hosted online.
Save your changes to submit the update to your app.
Please visit our help center for more information about Google Play privacy policy requirements.
I got 3 apps suspended today.
I had a busy day but managed to start working on the apps after lunch. I worked on and submitted 2 updates out of 3. Now I'm working on the third one.
A few minutes ago, one just got approved.
Most of my apps already have privacy policies. The ones that got suspended did not.
The suspect libraries in my case are Admob and Firebase Analytics.
What I did:
1. I created a privacy policy web-page and added a link in the Google Play Store listing.
2. I added the privacy policy as a string in the app and it pops up via a dialog the user can accept or decline one time.
After the updates, I held my breath for 2 hours and voila!
I've just received the same email this morning (18th September 2018) for my Expo built standalone app. I don't use Crashalytics; the only libraries I do use are Segment and Amplitude, both of which are officially supported by Expo.
As noted above, I'm going to attempt to use the linked policy generator and host this on Github.
I found this post useful too.
You also need to include a link to our privacy policy from inside the app itself, I've read this needs to be available offline too?
I got this mail today 18/9/2018 at 8:39 pm, I was very mad and very scared because I thought that my only source of income has gone because I had quitted my job like 5 months ago, luckily i came into this thread and i used the privacy policy generator tool (https://app-privacy-policy-generator.firebaseapp.com) recommended by I cannot recall who and then i used gist to host the file generated, from there I copy pasted the link on my play store listing page where I also updated the app and put a menu called privacy policy which when the user clicks it will open the default browser with the gist url. I rolled out the app to 10% of my user base and crossed fingers. After two hours I got a notification that my update is live and my app status changed from removed to published. Please note that I did not know that I was violating this policy and after a small research i found it was caused by facebook audience SDK.
Comments
Post a Comment