Android Advertising ID policy violation

I got an email from Google today about two of my apps being taken down.  One of them was created with Corona and last updated in March 2018. I’ve had it around since 2014. 

The issue has to do with violation of the Advertising ID policy and that I need a privacy policy (really??).  

Hi developers at <my name>,

After review, <my app name>, <app id>, has been removed from Google Play due to a policy violation. This app won’t be available to users until you submit a compliant update.

Issue: Violation of Usage of Android Advertising ID policy and section 4.8 of the Developer Distribution Agreement

Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. We’ve identified that your app collects and transmits the Android advertising identifier, which is subject to a privacy policy requirement. If your app collects the Android advertising ID, you must provide a valid privacy policy in both the designated field in the Play Console, and from within the app.

Next steps: Submit your app for another review

  1. Read through the Usage of Android Advertising ID and User Data policies, as well as the Developer Distribution Agreement, and make appropriate changes to your app. If you decide to collect sensitive user information, be sure to abide by the above policies, and include a link to a valid privacy policy on your app’s store listing page and within your app. 
  2. Make sure that your app is compliant with all other Developer Program Policies. Additional enforcement could occur if there are further policy violations.
  3. Sign in to your Play Console and submit the update to your app.

Alternatively, you may opt-out of this requirement by removing any requests for sensitive permissions or user data.

If approved, your app will again be available with all installs, ratings, and reviews intact.  

If you’ve reviewed the policy and feel this removal may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.

Thanks for helping us provide a clear and transparent experience for Google Play users. 

I’m currently using the AdMob plugin and also the Google Play Game Services… it’s been this way the last 4 years with very little changes. So I’m puzzled why they’re telling me this now.

I have about 8 other apps and am worried those will also be taken down soon for the same reason.  

Anyone else get this, and is there a setting I missed so that I don’t need a privacy policy?  Do I need to rebuild the app with a new build of Corona SDK?

EDIT:  It’s apparently happening to a lot of apps today:

https://stackoverflow.com/questions/52380615/app-violates-the-android-advertising-id-policy

As far as I know, all Admob plugins and most ad providers use the Android Advertising Id. I have a couple that got taken down. Just put a Policy page somewhere and resubmit.

I know we had this discussion once, but I can’t find the answer:   does the hasUserConsent flag for the Admob plugin still use the Advertising ID if it’s set to false?    I hadn’t updated this app in a while so it’s still set to true.

Google still uses the advertising ID even when “hasUserConsent” = false.

Although non-personalized ads don’t use cookies or mobile ad identifiers for ad targeting, they do still use cookies or mobile ad identifiers for frequency capping, aggregated ad reporting, and to combat fraud and abuse. 

From this link at the bottom:

https://support.google.com/admob/answer/7676680?hl=en&ref_topic=2745287

Where do you guys host your privacy policy URL?  I know there are privacy policy generator sites.  But where would you host it?  

Also, is it sufficient to just have a simple message box pop up at the game start (one-time only) that displays the privacy policy along with an ‘OK’ button?

Currently, I am switching over to the free plan from Termly.com. They host it and have a wizard. 25K view limit and 2 edits per month. I have a link on the app that goes to the url.

What is termly.com?  It looks like a parked domain.

Can’t I just put the privacy policy on my Wordpress site, in a single post?  I’m just looking for a quick solution.

Sorry I meant .io:

https://termly.io/

Yes you can do that also.

OK I’ll check it out.  Thank you.  

i think it took me a total of 10 minutes to set it up. click, click, click… and then login with Google. The hardest part was finding where to copy the link from.

Do they provide a link along with the policy text?

And you also had to put it in your app, right?

You don’t have to put in your app. Just in the Policy URL box for the store and then resubmit. You don’t even need to update the binary. Yes they provide the URL.

Interesting. Did you need a different policy per app (with specific wording mentioning the app) or are you using a generic one for all your apps?

A generic one for all. It says “Apps” in the URL.

If you have a Wordpress site, I would create a “page” instead of a “post”. Page’s are a little more permanent and you get a URL like:

http://yoursite.com/privacy/ 

instead of 

http://yoursite.com/blog/2018/09/14/privacy-policy

If it’s a page, it can easily be added to your website’s menu too.

There are plenty of free web hosting sites like WIX.  I have a web hosting account at hosts4geeks.com which lets me also have https:// addresses at no extra charge. It’s about $7 USD per month for pretty much unlimited everything.

As for putting a privacy policy in your app, if you have a settings screen you can just drop a display.newText() with a tap handler that will do a system.openURL() to your privacy policy. If it’s a kids app you may need to hide it behind a parental gate.

FWIW, any ad plugin is going to use the Android Advertising ID.

Rob

I read another solution is to create privacy policy .pdf and upload to google drive than share the google drive link on your Google Play  page.  I will try that tomorrow and report if it works.

Looks like Apple requires a privacy policy as well.  In the app as well as the listing:

https://www.macrumors.com/2018/08/31/all-app-store-apps-to-require-privacy-policy/

Did you guys get away with having the privacy policy only in the listing (instead of also within the app) for Google Play and/or Apple?

Looks like it’s going to be a long night…

So I added a privacy policy as a new page in my Wordpress site (which my domain already forwards to), and then I linked the URL into all my app listings for Google Play, iOS and Amazon. The two apps that were removed have now been reinstated on Google Play, just by adding the URL in the store listing and submitting (no new APK was uploaded).

But I will work on getting the in-app privacy policy button implemented in the apps themselves. I’ve already got it done on a couple apps, not hard at all. As Rob suggested, just make it go directly to the URL instead of opening a new overlay or whatever.

BTW the private policy generator I used is at: https://app-privacy-policy-generator.firebaseapp.com

As far as I know, all Admob plugins and most ad providers use the Android Advertising Id. I have a couple that got taken down. Just put a Policy page somewhere and resubmit.

I know we had this discussion once, but I can’t find the answer:   does the hasUserConsent flag for the Admob plugin still use the Advertising ID if it’s set to false?    I hadn’t updated this app in a while so it’s still set to true.