Play Store: Publishing status: Removed - APK REQUIRES VALID PRIVACY POLICY

Asked 6/5, 2021 at 6:35 Answered 28/7, 2021 at 8:25

android flutter google-play privacy-policy

I have been sent the below notification via email 3 times now. Each time I have appealed it with the privacy team. The 3rd is being processed now, the other 2 were overturned within 4 days.

The email reads:

APK REQUIRES VALID PRIVACY POLICY

Your app is uploading users Primary Account information to https://api-recipe.stashcook.com without posting a privacy policy in both the designated field in the Play Developer Console and from within the Play distributed app itself.

Note:

the only primary account information I can find that is being sent to https://api-recipe.stashcook.com is the device id. Authentication and profile data is sent to a different API.
the privacy policy URL is in the correct field on the Play Console

The app is made with Flutter. The buttons are created with the following code. I even added the semanticsLabel in case it is a bot that is removing the app, I thought it might help it "find" the buttons.


  Widget _buildBody() {
    return ListView(
      children: [
        _buildTile("Terms", onPressed: () {
          _urlLauncher.tryLaunch("https://stashcook.com/terms-and-conditions");
        }),
        _buildTile("Privacy Policy", onPressed: () {
          _urlLauncher.tryLaunch("https://stashcook.com/privacy-policy");
        }),
      ]);
  }

  Widget _buildTile(
    String title, {
    void Function() onPressed,
    Widget trailing,
  }) {
    return ListTile(
       title: Text(
         title,
         semanticsLabel: "$title button",
         style: TextStyle(fontWeight: FontWeight.bold, color: Colors.black),
       ),
       onTap: onPressed,
       trailing: trailing ??
           Icon(
             StashcookIcons.arrow_right,
             color: ThemeDataDefaults.darkBlue,
             size: 18,
           ),      
    );
  }

I have contacted the Play Store support team and they gave me an automated response, even after pleading with the support engineer for some information specific to my issue.

Hi Roy,

Thanks again for contacting Google Play team.

As much as I'd like to help, I’m not able to provide any more detail or a better answer to your question. In our previous email, I made sure to include all the information available to me.

You should be able to find more about your issue here: User Data and Mobile Unwanted Software policy pages.

Thanks for your understanding.

Does anyone have any suggestions?

Decembrist answered 6/5, 2021 at 6:35 Comment(3)

It has been 2 months already. Did you manage to solve the problem? I am having the same problem. – Barnwell 14/7, 2021 at 16:4

Same for me, any updates? – Electrolysis 19/7, 2021 at 8:17

Please see the answer I added below. If you have received this message it might be a red hearing, whereby the actual issue is with the privacy policy wording, NOT it's visibility in the Play Store or within the mobile app like the issue text states. That being said do make sure you have it somewhere in your app and assigned to the appropriate fields in the Play Console. – Decembrist 28/7, 2021 at 8:30

After much pleaing to the Play Store support staff they finally pointed me in the right direction.

The issue wasn't that I didn't add a privacy policy in the correct locations, like the email from the Play Store suggested. It was that the privacy policy did not include explicit details informing the user that their device ID would be sent to my apps external API.

It appeared that, depending on the person reviewing the app, some reviewers would deem the privacy policy acceptable and other would not. Hence the back and forth. It seems the Play Store reviewers don't have any better error message to send developers when this issue arises.

Once I editing the privacy policy wording the app was reinstated on the Play Store and I haven't had an issue since.

Decembrist answered 28/7, 2021 at 8:25 Comment(3)

Hi there - can you share what exact change you made? we are in a similar situation where they are being vague about what exactly the issue is and we are finding the same thing ie " you are uploading some data to internal api" when we are not really doing anything. Thanks – Microfiche 7/8, 2021 at 14:23

Hello Roy. What were those exact "MAGIC" words, that you changed in the privacy-policy? "Once I editing the privacy policy wording the app was reinstated...". Thanks. – Rath 22/9, 2021 at 6:39

Hi @PawanJain I can't really comment on the exact wording that would have swayed the opinion of the reviewer. Also made a lot of changes to the privacy policy from the standard template I had before. However, I believe explicit statements in you privacy policy like: "your device ID is used to backup and restore <enter your features that use device id here>" help. I can't really give you a generic statement to help everyone but in my limited experience it seems being thoroughly explicit about any information you capture from your users, will only help you case with the play store. – Decembrist 29/11, 2021 at 10:59

For certain user permissions, you need to upload a privacy policy, during app submission.

You can generate a policy using this link

https://app-privacy-policy-generator.firebaseapp.com/

After that create a simple site in Google Sites, and upload the policy within it. Copy the link address

On play store, in your app submission page, paste the link in Add A Privacy Policy option.

This could resolve the issue

Dishonest answered 6/5, 2021 at 8:24 Comment(2)

Thanks for the reply. This is not is, though. I have a privacy policy hosted on my website. The link is in the app and on the Play Console. To me, it looks like a bot is analysing the app can't find the privacy policy links. As soon as a member of the Google policy team reviews the case the app is made available on the Play Store again (or at least the first 2 times). – Decembrist 6/5, 2021 at 17:19

Generated policy in the above link, but also App is removed for segment issue htttps://api.segment.io/ – Wauters 22/7, 2021 at 9:37

Not sure about flutter code but if you are using Firebase Auth, you can set the policies hosted on your website while creating the Auth instance.

This may have a better probability of the bot registering/scanning it.

You may find something equivalent in flutter for this sample android code:

AuthUI.getInstance()
        .createSignInIntentBuilder()
        .setAvailableProviders(providers)
        .setTosAndPrivacyPolicyUrls(
                "https://example.com/terms.html",
                "https://example.com/privacy.html")
        .build();

Gypsy answered 27/7, 2021 at 6:44 Comment(0)

-2

Have you solved the problem? I have the same thing on one project. And I saw that in it some API calls are written to logcat. For example:

print (apiRequest);

I think this is what the Bot sees and removes the application.

Cacilia answered 27/7, 2021 at 6:29 Comment(1)

I do not see how this answers the question at the top of this page, but it should. Please edit according to How to Answer or delete the answer. Otherwise it risks being flagged as "not an answer" and being deleted. – Eng 27/7, 2021 at 6:37

Recommended topics

Hot tags