App removed due to policy violations by OneSignal SDK

Anyone facing same issue? And how do we resolve this?

Issue: Violation of Personal and Sensitive Information policy

We have identified that your app is using the OneSignal SDK or library, that facilitates the collection and transmission of users’ install application information without meeting the prominent disclosure guideline. Make sure to also post a privacy policy in both the designated field in the Play Developer Console and from within the Play distributed app itself.

Did you have a privacy policy in both google play and in app? Sounds like a non-issue.

I agree with @pixec. I don’t really see what the issue is. Based on what you’ve told us, Google has simply stated that you need to have a link to a privacy policy in both Google Play and prominently in the app itself.

You didn’t mention if you’ve actually done this. If you haven’t, then RTFM. If you have, then you should bring that fact up in your post (at which point this is a post-worthy issue).

Yes, I do have a privacy policy both in store and the app. My apps have been around for a while and I did not update to the latest OneSignal SDK for few months so I am wondering if that is the issue.

Does your privacy policy list all data controllers and processors, as well as what is done with the collected data and what type of data is collected? I’ve seen some privacy policies that more or less read: “We collect data and use it for what we need, kkthxbb.” and those are no longer enough.

If your privacy policy is both up to date and up to par, then I would appeal to Google.

There was some chatter about this on the slack channel.  It looks like iOS 13 made some breaking changes to OneSignal’s functionality.  You need to reach out to OneSignal and ask them to update their Corona plugin in the marketplace store

May be but the op talks about Google Play and not App Store. It cant affect Android can it?

  1. The free version of Onesignal is no longer GDRP compliant.

  2. The version of Onesignal is fairly old, but a while ago I was told that they recommend we use the rest api until they update the plugin (no timeline was given).

We have updated the OneSignal-Corona-SDK to the OneSignal-Android-SDK 3.11.1 on August 5th 2019. This version complies with the Google Play store policies. However to get this version of the OneSignal SDK you must use Corona Build 2019.3510 or newer. It seems the latest default Corona public build is quite old at 2018.3326.

We are looking to apply our SDK update back to 2018.3326, however in the meantime please update to Corona Build 2019.3510 or newer.

Thanks Josh.

Everyone needs to be using the latest daily build as of today anyway. According to Google app updates have to target SDK level 28 (Android 9) or newer starting today:
 

Android 9 (API level 28)

  • August 1, 2019: Required for new apps
  • November 1, 2019: Required for app updates

You cannot submit apps to Google play with 2018.3326 either new or updates.

Rob

Thanks for the update Rob!

We will omit updating OneSignal for 2018.3326 in that case.

Will Corona be prompting a new specific build number for the default public download then?

I don’t know when we will get a public build out. We need to.

Rob

My app has been removed by google due to the same reason. So, simply making a new build with latest corona SDK can fix this? 

It doesn’t seem to help as the rejection is not lifted and my other apps built with OneSignal are slowly been rejected one by one. I am contacting Google to request for more clarification.

Thanks Falcon77 and others that have contributed. We’re having the same issue with our apps… any update on the solution?

Update to the latest daily build of Corona and resubmit your apps.

Rob

Issued resolved after contacting the Google support team. Please ensure you replace all builds in the console including beta, alpha ones with a version compiled with the latest SDK. Hope this helps.  :)