I recently received many mails from google for many of my apps.
The email content is:
Hello Google Play Developer,
Our records show that your app, XXXX, with package name com.XXXX.XXXXXXXXXX, currently violates our User Data policy regarding Personal and Sensitive Information.
Policy issue: Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. Your app requests sensitive permissions (e.g. camera, microphone, accounts, contacts, or phone) or user data, but does not include a valid privacy policy.
Action required: Include a link to a valid privacy policy on your app's Store Listing page and within your app. You can find more information in our help center.
Alternatively, you may opt-out of this requirement by removing any requests for sensitive permissions or user data.
If you have additional apps in your catalog, please make sure they are compliant with our Prominent Disclosure requirements.
Please resolve this issue by March 15, 2017, or administrative action will be taken to limit the visibility of your app, up to and including removal from the Play Store. Thanks for helping us provide a clear and transparent experience for Google Play users.
Regards,
The Google Play Team
The manifest permissions of the apps are listed below:
1-)
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="android.permission.SEND_SMS" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
2-)
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
<!--
IMPORTANT: Change "com.parse.starter.permission.C2D_MESSAGE" in the lines below
to match your app's package name + ".permission.C2D_MESSAGE".
-->
<permission android:protectionLevel="signature"
android:name="com.XXXX.XXXXX.permission.C2D_MESSAGE" />
<uses-permission android:name="com.XXXX.XXXXXX.permission.C2D_MESSAGE" />
3-)
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.GET_TASKS" />
<uses-permission android:name="android.permission.CHANGE_CONFIGURATION" />
<uses-permission android:name="android.permission.WRITE_SETTINGS" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-feature android:name="android.hardware.camera" />
4-)
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="com.xxxx.xxxxx.permission.C2D_MESSAGE"
android:protectionLevel="signature" />
5-)
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="com.android.vending.BILLING" />
<permission
android:name="com.xxx.xxxx.permission.C2D_MESSAGE"
android:protectionLevel="signature" />
<uses-permission android:name="com.xxxx.xxxx.permission.C2D_MESSAGE" />
These are the libraries which Im using
compile 'com.google.android.gms:play-services-ads:10.0.1'
compile 'com.android.support:support-v4:25.1.1'
compile 'com.readystatesoftware.sqliteasset:sqliteassethelper:2.0.1'
compile 'com.melnykov:floatingactionbutton:1.3.0'
compile 'com.android.support:appcompat-v7:25.1.1'
compile 'com.baoyz.swipemenulistview:library:1.2.1'
compile 'com.google.android.gms:play-services-analytics:10.0.1'
compile 'com.flaviofaria:kenburnsview:1.0.7'
compile 'com.commit451:PhotoView:1.2.4'
compile 'com.squareup.picasso:picasso:2.5.2'
compile 'com.astuetz:pagerslidingtabstrip:1.0.1'
compile 'com.code-troopers.betterpickers:library:2.2.2'
compile 'com.android.support:cardview-v7:25.1.1'
compile 'com.onesignal:OneSignal:3.3.1@aar'
compile 'com.google.android.gms:play-services-gcm:10.0.1'
compile 'com.google.android.gms:play-services-location:10.0.1'
compile 'com.android.support:design:25.1.1'
compile 'me.leolin:ShortcutBadger:1.1.10@aar'
// retrofit
compile('com.squareup.retrofit2:retrofit:2.1.0') {
exclude module: 'okhttp'
}
compile 'com.squareup.okhttp3:okhttp:3.0.0'
compile 'com.squareup.okhttp3:logging-interceptor:3.0.1'
compile 'com.squareup.retrofit2:adapter-rxjava:2.1.0'
compile 'com.squareup.retrofit2:converter-gson:2.1.0'
compile 'io.reactivex:rxandroid:1.1.0'
// UI binding
compile 'com.jakewharton:butterknife:8.2.1'
apt 'com.jakewharton:butterknife-compiler:8.2.1'
// DB
compile 'org.greenrobot:greendao:3.0.1'
compile 'com.github.paolorotolo:appintro:4.1.0'
compile 'com.readystatesoftware.sqliteasset:sqliteassethelper:+'
Which of those permissions are violating Google User Data? Is there a list of permissions which are violating Google User Data? How to fix it? Should I remove those or is there another solution for it? Also if I have to prepare a privacy policy are there some example ones?
Thanks in regards.
There is some way to overcome this policy violation. First of all you need to make policy violation file. To do this here is some way:
Go to this link: https://app-privacy-policy-generator.firebaseapp.com/
and then provide your app name, developer account name etc then generate your policy file.
or you may use this template: https://gist.github.com/alphamu/c42f6c3fce530ca5e804e672fed70d78
and then just replace app name, developer account etc with yours.
Now how you link up your privacy file:
If you have a own server then you can host the file in your server and use that link. If not then there are some other way to make your work done.
- You may put your file in git then use that link
- You also go for a better way, such as just create a docs file in your google drive and then paste your policy text on that and then select
File->Publish for the webyou will get a link to share just use that link in your policy url.
Hope these will help you.
You need to add a privacy policy. To add a privacy policy to your store listing:
- Go to your Google Play Developer Console.
- Select an app.
- Select Store Listing.
- Under "Privacy Policy," enter the URL where you have the privacy policy hosted online.
- Select Save draft (new apps) or Submit update (existing apps).
READ_CONTACTS is a sensitive permission and Google requires you to have a Privacy Policy.
Other sensitive permissions are camera, audio recording, contacts.
You can fix the violation by either removing those sensitive permissions that ask for personal data or by adding a Privacy Policy URL to your Android app:
- Log into your Google Play Developer Console.
- Select All Applications
- Select the application
- Click Store Listing
- Enter the public URL of your Privacy Policy at the Privacy Policy field:
Note that you need to host your Privacy Policy on your website and provide the URL on that "Privacy Policy " field. Google won't host the agreement for you.
Other alternatives to host the policy that you can use are GitHub Pages.
There is a yellow comment near the field privacy policy URL is which permission cause this in your apk.
However from first review of your Manifest READ_PHONE_STATE and GET_ACCOUNTS are definetly permissions that need a policy URL.
In my case, old app (deployed on BETA track) was creating problem and console was giving alert for the same.
So check all active apps in all tracks(Beta, Alpha, Internal and Production) for restricted permission groups.
I asked them about what can be the solution and they sent me this email today:
I'm happy to help clarify any questions you have about the privacy policy warning. There are three ways to address this issue:
1- If your app requests user data or makes sensitive permissions requests such as Phone, Accounts, Contacts, Camera, or Microphone, you'll need to add a valid privacy policy in two places: your app's Store Listing page (instructions below) and within your app.
2- As a second option, you can remove any requests for user data or sensitive permissions. For example, you would need to remove the potentially sensitive permissons from the manifest. You will not need to add a privacy policy if you remove these requests.
3- If you cannot complete steps 1 or 2, you'll need to unpublish the app from the Play Store. If your app is already unpublished, you don’t need to take action unless you re-publish the app in the future.
anyway in my application i dont have requests for the mentioned permissions (Camera, Contacts, Microphone ...etc)
I use google Admob in it. And i think it maybe causes the requests for those permissions !!!. I saw also that you are using the google play service ads (admob) in your gradle:
compile 'com.google.android.gms:play-services-ads:10.0.1'
Possible Solution: There is a way to remove the permissions in gradle:
<uses-permission android:name="android.permission.Camera" tools:node="remove" />
<uses-permission android:name="android.permission.READ_CONTACTS" tools:node="remove" />
It is not the best solution, we may wait for another better solution but this is what i got till now...
This violation error is arising because of the permission
<uses-permission android:name="android.permission.READ_CONTACTS" />
You should read about the google developer policies for the same. If this permission is not mandatory you can remove it and you won't get this error then. Else you first have to provide policy url to your app in google play developer console and you must also provide the same url in the app.
confirm Naitik Soni reply. We have "READ_SMS" permission on production track, so we only able to rollout new version without it permission to production.
来源:https://stackoverflow.com/questions/42100397/warning-of-google-play-developer-policy-violation-action-required