OneSignal - All my apps Removed from Google Play Store because of OneSignal?

Corona Marketplace OneSignal
#1

OneSignal,

I just received notification from Google Play Store that all my apps have been removed from the store due to my app collecting the Android Advertising ID.

I believe this is resulting from my integration of OneSignal as I don’t use any advertising plugins.

This is the message received.

*****

Issue: Violation of Usage of Android Advertising ID policy and section 4.8 of the Developer Distribution Agreement

Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. We’ve identified that your app collects and transmits the Android advertising identifier, which is subject to a privacy policy requirement. If your app collects the Android advertising ID, you must provide a valid privacy policy in both the designated field in the Play Console, and from within the app.

*****

Since I don’t collect the data and don’t know how it is being used, I don’t feel comfortable submitting a privacy policy of my own.

How should I proceed?  Does the new OneSignal plugin resolve  this issue?

I realize I could remove OneSignal from my apps, but I would like to continue using it.

Has anyone else had their apps removed from the Play Store because of this issue?  How did the issue get resolved?

Thanks,

Nail

#2

I suspect that it is OneSignal. No from what I understand the new plugin still collects the advertising Id. I had a few of them removed and I also got a warning form Appodeal that Google is removing apps without a privacy policy inside the app that use Advertising IDs.

In any case, I use OneSignal but with REST calls so I know exactly what I am sending, and I have this page or something similar in the apps that have not been removed or the apps that I have modified to meet the new requirements:

#3

See my response here:

https://forums.coronalabs.com/topic/73958-notification-from-google-play-about-app-collects-the-android-advertising-id/

Also you can search the forums for “Privacy policy” and find where other’s have been having this issue.  Create a privacy policy, add the URL to your google play portal for each app and resubmit it.

Any ad plugin, analytics plugin and perhaps OneSignal will use this ID and you now have to have a privacy policy for it. 

Rob

#4

Thanks for the help with this!

I see how I can get around the issue, but my issue is this is NOT my issue, this is OneSignals.

They are collecting an Advertising ID, but I do not know how it is being used or who it is being shared with.  I really don’t have any idea what data they are collecting.

I really don’t know at what point in my app launch this is happening.  Does it happen when I call the init() or before as it is a plugin and I don’t know what is happening in the plugin.

I need a privacy policy from OneSignal that I can link to in my privacy policy so I can confidently create my own policy declarations.

Nail

#5

There is a reason why OneSignal is free. :-). Here is their privacy policy:

https://onesignal.com/privacy_policy

  1. When permitted by the operating system, OneSignal may check to see if the device has specific applications installed, based on a limited list, for purposes that include attribution, relevancy of ads, and relevancy of notifications related to those applications.
  2. Purchases made within an app.
  3. Information about End User’s transactions and interactions with apps and websites
  4. Mobile advertising identifiers, such as iOS IDFAs and Android Advertising IDs (“Mobile IDs”). These Mobile IDs may be associated with other Information, including with Data Segments.
  5. Precise Location information, generally an End User’s lat/long data (i.e., GPS-level data) or WiFi information, which we may associate with Mobile IDs, and which may be collected whether or not an app is in use.
  6. Email address, which we may (in our discretion) hash or otherwise deidentify.
  7. IP address as well as system configuration information
  8. Information associated with or related to devices, such as device type (e.g., mobile, tablet); type and version of operating system (e.g., Android, iOS); network provider; mobile browser (e.g. Safari, Chrome, etc.); language setting; time zone; and network status type (such as WiFi).
#6

agramonte,

Thanks for the privacy policy link, I had actually just read it and was going to add the link to my post above.

This works for me.

Thanks again,

Nail

#7

I suspect that it is OneSignal. No from what I understand the new plugin still collects the advertising Id. I had a few of them removed and I also got a warning form Appodeal that Google is removing apps without a privacy policy inside the app that use Advertising IDs.

In any case, I use OneSignal but with REST calls so I know exactly what I am sending, and I have this page or something similar in the apps that have not been removed or the apps that I have modified to meet the new requirements:

#8

See my response here:

https://forums.coronalabs.com/topic/73958-notification-from-google-play-about-app-collects-the-android-advertising-id/

Also you can search the forums for “Privacy policy” and find where other’s have been having this issue.  Create a privacy policy, add the URL to your google play portal for each app and resubmit it.

Any ad plugin, analytics plugin and perhaps OneSignal will use this ID and you now have to have a privacy policy for it. 

Rob

#9

Thanks for the help with this!

I see how I can get around the issue, but my issue is this is NOT my issue, this is OneSignals.

They are collecting an Advertising ID, but I do not know how it is being used or who it is being shared with.  I really don’t have any idea what data they are collecting.

I really don’t know at what point in my app launch this is happening.  Does it happen when I call the init() or before as it is a plugin and I don’t know what is happening in the plugin.

I need a privacy policy from OneSignal that I can link to in my privacy policy so I can confidently create my own policy declarations.

Nail

#10

There is a reason why OneSignal is free. :-). Here is their privacy policy:

https://onesignal.com/privacy_policy

  1. When permitted by the operating system, OneSignal may check to see if the device has specific applications installed, based on a limited list, for purposes that include attribution, relevancy of ads, and relevancy of notifications related to those applications.
  2. Purchases made within an app.
  3. Information about End User’s transactions and interactions with apps and websites
  4. Mobile advertising identifiers, such as iOS IDFAs and Android Advertising IDs (“Mobile IDs”). These Mobile IDs may be associated with other Information, including with Data Segments.
  5. Precise Location information, generally an End User’s lat/long data (i.e., GPS-level data) or WiFi information, which we may associate with Mobile IDs, and which may be collected whether or not an app is in use.
  6. Email address, which we may (in our discretion) hash or otherwise deidentify.
  7. IP address as well as system configuration information
  8. Information associated with or related to devices, such as device type (e.g., mobile, tablet); type and version of operating system (e.g., Android, iOS); network provider; mobile browser (e.g. Safari, Chrome, etc.); language setting; time zone; and network status type (such as WiFi).
#11

agramonte,

Thanks for the privacy policy link, I had actually just read it and was going to add the link to my post above.

This works for me.

Thanks again,

Nail