HELP! App removed from Google Play - needs *prominent disclosure*?

My app that’s been on Google Play for MONTHS was just suddenly removed due to a policy violation.  The only information that they will provide me is:

**

During my review, I noticed your app sends user information to fill in website without prominent disclosure, in your APK version code {107}. Based on this, I’m not able to approve your app at this time.

 

Your app violates section 4.8 of the Developer Distribution Agreement and our User Data policy by uploading user information without the user’s knowledge and consent. We classify user information including, but not limited to, email address, phone number, name, social media account information, and contacts as private and confidential information.

 

Please make sure that the uploading of any user information only takes place  after  users have read and agreed to a proper disclosure.

**

 

Section 4.8 states this:

4.8 You agree that if You make Your Products available through Google Play, You will protect the privacy and legal rights of users. If the users provide You with, or Your Product accesses or uses, usernames, passwords, or other login information or personal information, You agree to make the users aware that the information will be available to Your Product, and You agree to provide legally adequate privacy notice and protection for those users. Further, Your Product may only use that information for the limited purposes for which the user has given You permission to do so. If Your Product stores personal or sensitive information provided by users, You agree to do so securely and only for as long as it is needed. However, if the user has opted into a separate agreement with You that allows You or Your Product to store or use personal or sensitive information directly related to Your Product (not including other products or applications), then the terms of that separate agreement will govern Your use of such information. If the user provides Your Product with Google Account information, Your Product may only use that information to access the user’s Google Account when, and for the limited purposes for which, the user has given You permission to do so.

 

 

The information that Google is providing me is incredibly vague so has anyone solved this type of problem? I need to get my app back in the store ASAP and am not totally sure what they need me to do!  I have a privacy policy that shows the first time a user runs the app, but apparently that’s not enough and they won’t tell me any more.  

 

Anyone have any thoughts? PLEASE HELP!!

Hi zolnier,

“During my review, I noticed your app sends user information to fill in website without prominent disclosure, in your APK version code {107}. Based on this, I’m not able to approve your app at this time.”

 

Above seems to be the biggest clue…is there a way users can leave your app and are sent to a webpage? Are you pre-filling fields in this webpage with personal identifiable information (PII)? If users can, the reviewer assumes that you’re collecting, storing and using PII. And if you did not get user to agree to all this…then you’re breaking a policy.

 

Ben.

  1. You have to have a website page with a privacy policy that states what data you’re collecting

  2. You have to have a button in your app’s UI that will link to said privacy policy or show a screen that shows what data you’re collecting.

  3. Corona doesn’t collect any data. However Ad Providers do. Several Appodeal users have been posting the same thing today as there was an Aug 19 deadline to update to the latest Appodeal (apparently). The current Appodeal Beta plugin is using the right version of Appodeal. But you’ve not shared your build.settings with us to see what plugin you’re using and we don’t know if you’re asking users to login, etc. So we can only speculate or give you broad advice to tell people that you’re collecting data.

Rob

Yeah, thanks Rob.  I did update the Appodeal framework before and have the recommended consent process my app  that so I believe it’s around the information I request for a user to submit a custom roster.  I’ve had the privacy policy on my website for awhile and I did resubmit the app with a disclaimer screen in the roster submission process that says the following:


Consent to share potentially identifiable information: 

 

On the next two screens, you will be asked to enter 1) a Name or Tag and then 2) optionally provide an email address. Either of these pieces of sensitive personal information could be used to potentially identify you personally in some manner and we take every effort to securely transfer and store this data. Zolnier Games will NOT share or distribute this information to anyone, under any circumstances.

 

Zolnier Games will only use this data to 1) help display in-game content (in this case, a custom roster) and 2) to (optionally) contact you to let you know your roster has been approved. Your email address, should you provide it, will NOT be shown publicly or otherwise associated with your custom roster in any way. In fact, upon approval of your roster, your provided email address will be deleted from our system. We take your privacy very seriously.

 

By tapping YES below, you give consent for Zolnier Games to accept, transfer and temporarily store your provided information (name/tag and optional email address) for the express purposes of accepting your custom roster.


Hopefully this does the trick, but Google sure has been slow in responding to my emails!  Ugh!  

So, just to let you know, 5 days later there has been no resolution to this frustrating situation.  I keep getting very generic responses to my questions and I’ve done all that I believe I should have. This is absurd and this new process the Google has instituted is horribly managed.  How am I supposed to know what’s wrong if they cannot provide any detail as to what the issue is?!?  Is there a way to escalate or contact Google Play developer support that has worked for anyone? I’m at my wits end with them!!

Allow me to share my experience, maybe it will give you a clue.

Some time ago, I was submitting android builds to Google Play and it was rejected. I got a vague message from the reviewer about “external content”. My app does not link to any external content, so it perplexed me.

I started checking all my app links and found a single webpage that only referenced iOS apps. I updated that webpage to include both iOS and Android - and my builds were approved.

Ben.

Gamebit, what exactly do you mean by “app links” in your last statement?

I was referring to URLs in my app, linking to external webpages.

The issue was not my app, but webpages associated with my app…the reviewer was thorough.

Ben.

Hi zolnier,

“During my review, I noticed your app sends user information to fill in website without prominent disclosure, in your APK version code {107}. Based on this, I’m not able to approve your app at this time.”

 

Above seems to be the biggest clue…is there a way users can leave your app and are sent to a webpage? Are you pre-filling fields in this webpage with personal identifiable information (PII)? If users can, the reviewer assumes that you’re collecting, storing and using PII. And if you did not get user to agree to all this…then you’re breaking a policy.

 

Ben.

  1. You have to have a website page with a privacy policy that states what data you’re collecting

  2. You have to have a button in your app’s UI that will link to said privacy policy or show a screen that shows what data you’re collecting.

  3. Corona doesn’t collect any data. However Ad Providers do. Several Appodeal users have been posting the same thing today as there was an Aug 19 deadline to update to the latest Appodeal (apparently). The current Appodeal Beta plugin is using the right version of Appodeal. But you’ve not shared your build.settings with us to see what plugin you’re using and we don’t know if you’re asking users to login, etc. So we can only speculate or give you broad advice to tell people that you’re collecting data.

Rob

Yeah, thanks Rob.  I did update the Appodeal framework before and have the recommended consent process my app  that so I believe it’s around the information I request for a user to submit a custom roster.  I’ve had the privacy policy on my website for awhile and I did resubmit the app with a disclaimer screen in the roster submission process that says the following:


Consent to share potentially identifiable information: 

 

On the next two screens, you will be asked to enter 1) a Name or Tag and then 2) optionally provide an email address. Either of these pieces of sensitive personal information could be used to potentially identify you personally in some manner and we take every effort to securely transfer and store this data. Zolnier Games will NOT share or distribute this information to anyone, under any circumstances.

 

Zolnier Games will only use this data to 1) help display in-game content (in this case, a custom roster) and 2) to (optionally) contact you to let you know your roster has been approved. Your email address, should you provide it, will NOT be shown publicly or otherwise associated with your custom roster in any way. In fact, upon approval of your roster, your provided email address will be deleted from our system. We take your privacy very seriously.

 

By tapping YES below, you give consent for Zolnier Games to accept, transfer and temporarily store your provided information (name/tag and optional email address) for the express purposes of accepting your custom roster.


Hopefully this does the trick, but Google sure has been slow in responding to my emails!  Ugh!  

So, just to let you know, 5 days later there has been no resolution to this frustrating situation.  I keep getting very generic responses to my questions and I’ve done all that I believe I should have. This is absurd and this new process the Google has instituted is horribly managed.  How am I supposed to know what’s wrong if they cannot provide any detail as to what the issue is?!?  Is there a way to escalate or contact Google Play developer support that has worked for anyone? I’m at my wits end with them!!

Allow me to share my experience, maybe it will give you a clue.

Some time ago, I was submitting android builds to Google Play and it was rejected. I got a vague message from the reviewer about “external content”. My app does not link to any external content, so it perplexed me.

I started checking all my app links and found a single webpage that only referenced iOS apps. I updated that webpage to include both iOS and Android - and my builds were approved.

Ben.

Gamebit, what exactly do you mean by “app links” in your last statement?

I was referring to URLs in my app, linking to external webpages.

The issue was not my app, but webpages associated with my app…the reviewer was thorough.

Ben.