Warning of Google Play Developer policy violation - help needed

Hello,

We received a Google Play notice today on 2 applications that they state violate the User Data policy regarding personal and sensitive information.

The link they gave us is here:

https://play.google.com/about/privacy-security/personal-sensitive/

Here is what is detailed in the request: Just as a note: we DID provide a privacy policy link but they still rejected this, and the app is on notice.

Is there any way Corona can remove these permissions so we don’t have to add privacy policies to our apps inside the app itself? Please advise.

Policy issue : Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. Your app requests sensitive permissions (e.g. camera, microphone, accounts, contacts, or phone) or user data, but does not include a valid privacy policy.

Action required:  Include a link to a valid privacy policy on your app’s Store Listing page and within your app. You can find more information in our help center.

Alternatively, you may opt-out of this requirement by removing any requests for sensitive permissions or user data.

If you have additional apps in your catalog, please make sure they are compliant with our Prominent Disclosure requirements.

Please resolve this issue by  March 15, 2017 , or administrative action will be taken to limit the visibility of your app, up to and including removal from the Play Store. Thanks for helping us provide a clear and transparent experience for Google Play users.

Regards,

The Google Play Team

What are the permissions you’re using?

What plugins are you using that might be injecting permissions Google doesn’t like?

I would think your provided privacy policy would have solved their needs.

Rob

Admob was the only plug-in we used. Does Corona add any extra permissions at all to apps that may be triggering this? It’s the first time we’ve ever had a violation notice - Google tends to do housecleaning every year though and always comes up with stuff that needs updating.

I contacted them, and turns out adding the privacy policy fixed the issue.

AdMob only needs:

“android.permission.INTERNET”,
“android.permission.ACCESS_NETWORK_STATE”

All plugins will inject needed permissions and we should be documenting what will be added in the plugin docs. We are usually at the mercy of what a plugin’s SDK requires.

Glad the privacy policy solved it.

Rob

I got the same email today, and my app only uses the AdMob plugin as well.

I don’t have a privacy policy however.  Anyone have tips on how to create a proper privacy policy of my own that can be linked from multiple apps?

And I’m assuming it’s okay to just have a link to the policy rather than having it in the app as well?

EDIT :  I just noticed at the bottom of my Store Listing there is the following notice -

Your app has an apk with version code 83 that requests the following permission(s): android.permission.READ_PHONE_STATE. Apps using these permissions in an APK are required to have a privacy policy set.

Actually, this may be due to an error on my part.  

Do we still need to use android.permission.READ_PHONE_STATE for Admob?  I was under the impression we needed it in the build.settings, as I’ve done so for the past few years.

No, you don’t need READ_PHONE_STATE for the new AdMob plugin. I’m not sure about the old one.

Thanks for clarifying.   Is it required for system.getInfo(“environment”) or in cases where we need to know if it’s a  Google/Apple/Amazon device?

I can’t think of any reason why I even have this set.

It may have been a requirement a while back for the really old admob plugin or some other Android feature you might have been using.

I believe that is what it is on our end because we aren’t getting it across the board - I believe it may have been due to permissions from the old Admob plug-in - at least that’s what it looks like on my end too.

What are the permissions you’re using?

What plugins are you using that might be injecting permissions Google doesn’t like?

I would think your provided privacy policy would have solved their needs.

Rob

Admob was the only plug-in we used. Does Corona add any extra permissions at all to apps that may be triggering this? It’s the first time we’ve ever had a violation notice - Google tends to do housecleaning every year though and always comes up with stuff that needs updating.

I contacted them, and turns out adding the privacy policy fixed the issue.

AdMob only needs:

“android.permission.INTERNET”,
“android.permission.ACCESS_NETWORK_STATE”

All plugins will inject needed permissions and we should be documenting what will be added in the plugin docs. We are usually at the mercy of what a plugin’s SDK requires.

Glad the privacy policy solved it.

Rob

I got the same email today, and my app only uses the AdMob plugin as well.

I don’t have a privacy policy however.  Anyone have tips on how to create a proper privacy policy of my own that can be linked from multiple apps?

And I’m assuming it’s okay to just have a link to the policy rather than having it in the app as well?

EDIT :  I just noticed at the bottom of my Store Listing there is the following notice -

Your app has an apk with version code 83 that requests the following permission(s): android.permission.READ_PHONE_STATE. Apps using these permissions in an APK are required to have a privacy policy set.

Actually, this may be due to an error on my part.  

Do we still need to use android.permission.READ_PHONE_STATE for Admob?  I was under the impression we needed it in the build.settings, as I’ve done so for the past few years.

No, you don’t need READ_PHONE_STATE for the new AdMob plugin. I’m not sure about the old one.

Thanks for clarifying.   Is it required for system.getInfo(“environment”) or in cases where we need to know if it’s a  Google/Apple/Amazon device?

I can’t think of any reason why I even have this set.

It may have been a requirement a while back for the really old admob plugin or some other Android feature you might have been using.

I believe that is what it is on our end because we aren’t getting it across the board - I believe it may have been due to permissions from the old Admob plug-in - at least that’s what it looks like on my end too.