App has been removed from Google Play


#1

I received the following mail from Google Play support, Please help what changes need in my app for republishing in play store.
After review, Bank Balance Caller, com.appybuilder.prajapatishankar5.BankBalanceCaller, has been removed from Google Play due to a policy violation. This app won’t be available to users until you provide us with more information through the Play Console.

Issue: Violation of the Permissions policy

You may only request permissions that are necessary to implement critical features or services currently available in your app. You may not use permissions that give access to user or device data for undisclosed, unimplemented, or disallowed features or purposes. SMS and Call Log Permissions are subject to additional restrictions; in order to use these permissions, you must first receive approval from Google Play.

Next steps

Please read through the Permissions policy and the Play Console Help Center article (which describes intended uses, exceptions, invalid uses, and alternative options for use of Call Log or SMS permissions) to determine which of the following options applies to your app:

Option 1) If your app does not require access to Call Log or SMS permissions:

Remove the specified permissions from your app’s manifest, or migrate to an alternative implementation, then publish the updated version of your app using the standard release process.
Option 2) If your app’s use case is not eligible but you require additional time to make the necessary changes to your app:

You may request an extension by releasing a new version of your APK with a higher version code. You’ll be required to complete a Permissions Declaration as a step in the release process. Select the option “No, this release does not meet the SMS and Call Log permissions policy,” and fill out the remainder of the form’s required fields. You will have until March 9, 2019 to make the necessary changes to your app.
Option 3) If your app is a default handler, or you believe your app qualifies for an exception:

Release a new version of your APK with a higher version code. You’ll be required to complete a Permissions Declaration as a step in the release process. Select the appropriate use case for your app and fill out the remainder of the form’s required fields.
For more information, please visit our blog which provides information about what to do after an app has been removed. You can also find detailed steps for completing the Permissions Declaration and preparing and rolling out your release in this Play Console Help Center article.


#2

It is a very very clear email. Go through it step by step, look at what you are doing in your app for SMS and Call functions and follow the instructions.

If you run into a specific issue, please post a clear question about it.


#3

Hi, I have a similar problem.
Google says I am collecting IMEI but that is not the case, I do not even know how would I do that.
Please check Email from Google below.

I intentionally collect no data from users (there is no user data to collect) just access-code and passwords that are defined by admin.
My app uses TyniDB local storage for persistent user choices.

Assistance welcome.
Thanks in Advance.

Hi Paulo,

Thanks for contacting the Google Play team.

I’ve reviewed your appeal request and found that your app still violates Google Play Policy. I’ve included details below about the specific issue with your app and what you can do to get your app back on Google Play.

Step 1: Fix the policy violation with your app ( br.com.HidroFlux )

During review, we found that your app, violates the Usage of Android Advertising ID policy. We determined that your app’s attribution SDK enables collection of IMEI from devices which have an Android advertising ID without prominent disclosure. You must be transparent in how you handle this data, including by disclosing the collection, use, and sharing of the data, and you must limit use of the data to the description in the disclosure and within your app’s privacy policy.

If your app’s collection of IMEI is unrelated to functionality described prominently in the app’s listing on Google Play or in the app interface, then prior to the collection and transmission, it must prominently highlight how the user data will be used and have the user provide affirmative consent for such use.

Please update your app to fix this issue by following the steps below:

  1. Read through the Android Advertising ID, User Data and Personal and Sensitive Information policy pages for more details and examples of common violations.
  2. Make changes to your app to bring it into compliance:
  • If you wish to continue to enable the collection of IMEI from devices which have an Android Advertising ID, please modify your app to no longer handle IMEI. You may need to contact your attribution SDK provider for an updated version to include in your app.
  • or-
    • Modify your app to meet privacy policy, prominent disclosure requirements for handling of personal or sensitive user data.
  1. Double check that your app complies with all other Developer Program Policies as additional enforcement could occur if there are further policy violations.

Step 2: Submit your app for another review

  1. Sign in to your Play Console and upload the modified, policy compliant APK. Be sure to increment the version number of the APK.
  2. Submit your app.

If approved, your app will again be available with all installs, ratings, and reviews intact.

This removal doesn’t impact the standing of your Google Play Developer Account, but repeated violations can result in the suspension of this app or your Google Play Developer account.

Thanks for working with us to fix the policy issue and for your continued support of Google Play.

Regards,
Yuki
The Google Play Team


#4

Do you use any extension or component that asks permission to view the status of the phone?

That is the permission that then gives you access to the IMEI. If you have that permission request, then your app is capable of getting that information.

That is the issue.


#5

and what is with crahslytics, this feature collect that information if a app crashed.
This is a feature whatg appybuilder have implemented to see which error they have if a app crashed.


#6

That does not need a read phone_state

That is the same as Kodular, and you and I have talked about it over there


#7

When I install the App it asks for permission to access photos, media and files probably due to the use of TinyDB local storage.
But still it appears to Google as if I was collecting IMEI.
The App is likely doing something I did not ask and Google will only allow me back if I fix whatever my App is doing to collect the IMEI.

My problem is: I have no idea where I should look.

Components my App uses:
Notifier, Web, TinyDB, KitchenSink, Decoration, OneSignalPush, BluetoothClient, DelayClock, ChartMaker and DateTools

Thanks
Paulo


#8

I bet that is it. You need to put a privacy policy together and put information in your app about what you use it for.


#9

Hi again.
You are right.
I just checked OneSignalPlus web site and its documentation states that its mobile SDK collects information as below:

Information Collected About End Users by Our Mobile SDKs

  • When permitted by the operating system, OneSignal may check to see if the device has specific applications installed, based on a limited list, for purposes that include attribution, relevancy of ads, and relevancy of notifications related to those applications.
  • Purchases made within an app.
  • Information about End User’s transactions and interactions with apps and websites
  • Mobile advertising identifiers, such as iOS IDFAs and Android Advertising IDs (“Mobile IDs”). These Mobile IDs may be associated with other Information, including with Data Segments.
  • Precise Location information, generally an End User’s lat/long data (i.e., GPS-level data) or WiFi information, which we may associate with Mobile IDs, and which may be collected whether or not an app is in use.
  • Email address, which we may (in our discretion) hash or otherwise deidentify.
  • IP address as well as system configuration information
  • Information associated with or related to devices, such as device type (e.g., mobile, tablet); type and version of operating system (e.g., Android, iOS); network provider; mobile browser (e.g. Safari, Chrome, etc.); language setting; time zone; and network status type (such as WiFi).

As noted above, we refer to all of the above collectively as the “ SDK Information .”

Now I will look into how to write a privacy police to satisfy Google.

Thanks again
Paulo


#10

one sinal track your imei,


#11

if you pay 99 dollar in a month than onesignal is GPDr compatible


#12

Hi, yes tanks, I have reviewed OneSignal polices and found they use IMEI for identification and removed OneSignal from my App, recompiled and resubmitted to Google Play.

Google usually takes some days to analise compliance but the app is back online and available for download.
I am convinced it will solve the problem.

Thanks all of you for your kind assistance.
Regards
Paulo