Login/Register
My app violates the Android Advertising ID policy [duplicate]
Asked Answered
Solved androidgoogle-playimei
E

5

22

Google Play Team has rejected my app because:

The advertising identifier must not be connected to personally-identifiable information or associated with any persistent device identifier (for example: SSAID, MAC address, IMEI, etc.) without explicit consent of the user.

For example, we have identified that your app's attribution SDK enables collection of IMEI from devices which have an Android advertising ID without prominent disclosure, which is a violation of our Android Advertising ID policy.

I'm not collecting the IMEI explicitly so the IMEI must be accessed by one of the dependencies of the app.

How I could detect which one is accessing to the IMEI?

Updated: These are my dependencies

    compile "com.android.support:appcompat-v7:$support_version"
    compile "com.android.support:mediarouter-v7:$support_version"      // I'm using icons from here, like ic_media_pause and such
    compile "com.android.support:recyclerview-v7:$support_version"
    compile "com.android.support:design:$support_version"
    compile "com.android.support:support-compat:$support_version"

    compile 'com.android.support:multidex:1.0.2'

    // individual dependencies -- https://mcmap.net/q/162462/-how-to-suppress-the-quot-avoid-using-bundled-version-of-google-play-services-sdk-quot-warning
    compile "com.google.android.gms:play-services-maps:$gms_version"
    compile "com.google.android.gms:play-services-analytics:$gms_version"
    compile "com.google.android.gms:play-services-gcm:$gms_version"
    compile "com.google.firebase:firebase-appindexing:$gms_version"
    compile "com.google.firebase:firebase-core:$gms_version"

    compile "com.facebook.android:facebook-android-sdk:$facebook_version"
    compile 'com.facebook.android:notifications:1.0.2'

    compile 'com.batch.android:batch-sdk:1.11.0'

    compile 'commons-codec:commons-codec:1.9'
    compile 'com.nostra13.universalimageloader:universal-image-loader:1.9.3'
    compile 'com.github.chrisbanes.photoview:library:1.2.2'
    compile 'de.greenrobot:eventbus:2.4.0'
    compile 'info.hoang8f:android-segmented:1.0.5'
    compile 'io.card:android-sdk:5.4.2'
    compile 'me.dm7.barcodescanner:zxing:1.9'
    compile 'com.google.android.exoplayer:exoplayer:r2.2.0'
    compile 'com.squareup.retrofit:retrofit:1.9.0'
    compile 'com.squareup.okhttp:okhttp:2.2.0'

    compile 'io.reactivex:rxandroid:1.1.0'
    compile 'io.reactivex:rxjava:1.1.0'
    //compile 'io.reactivex:rxjava-joins:0.22.0' // to use JoinObservable (and-then-when combinator)

    compile "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"

    // In libs we have:
    // - ZooZ 1.02 : From https://github.com/Zooz/Zooz-Android/releases/tag/1.02
    // - AppsFlyer : AF-Android-SDK 2.3.1.13 jar
    // - Volley
    compile fileTree(dir: '../libs', include: '*.jar')

    compile('com.crashlytics.sdk.android:crashlytics:2.7.1@aar') {
        transitive = true
    }

Note: AppsFlyer has been configured as:

        AppsFlyerLib.setCollectIMEI(false); // https://play.google.com/about/monetization-ads/ads/ad-id/
        AppsFlyerLib.setCollectMACAddress(false);
        AppsFlyerLib.setCollectAndroidID(false);
Emissivity answered 10/5, 2018 at 7:36 Comment(3)
Can you please post your gradle dependenciesAffable
Do you have android.permission.READ_PHONE_STATE permission in your manifest? Do you need it ? You cannot get IMEI without it (for API >4).See also Attribution & Analytics SDKsFor reference Best practices for unique identifiers. Could be crashlytics ?Rubio
Yes, I have the android.permission.READ_PHONE_STATE permission. I'm not sure what I will break removing this permission. I'm going to check the resources you provided, thanks. Why do you suspect crashlytics?Emissivity
A
3

You are using Appsflyer below sdk 4.3. This is the problem. This is the email they sent all developers.

Hi there,

The AppsFlyer and Google Play teams are collaborating to ensure that all advertisers using the AppsFlyer SDK are compliant with the Google Play privacy policy. To avoid any disruption to your business, we strongly encourage that all advertisers take the following steps.

If you are running the AppsFlyer SDK version 4.3 or earlier: Please update to the latest AppsFlyer SDK as soon as possible to maintain full compliance. If you have enabled IMEI collection in a newer SDK version: Disable IMEI collection via the AppsFlyer SDK by removing the following code AppsFlyerLib.getInstance().setImeiData("IMEI_DATA_HERE") If your apps are not yet compliant with the Google Play privacy policy, we recommend that you correct your data collection in a timely manner. For more information about the AppsFlyer SDK, please visit the Help Center or contact your success manager.

Thank you, The AppsFlyer Team

Alleenallegation answered 10/5, 2018 at 23:35 Comment(3)
Thanks for your answer @Alleenallegation I appreciate it. However I would like to know if exists a procedure/application/whatever to detect who is accessing to IMEI instead of checking each dependency individually (depending of the project could be really hard work). Fortunately my app has been approved so I'm just curious in case it happens to me again.Emissivity
@ilopezluna Hi. I have the same problem in my app. Was it the appsflyer that caused the rejection? How do you initialize the appsflyer in the latest version to make sure it doesn't collection the IMEI then? Thanks!Ronen
We have added the following lines: AppsFlyerLib.setCollectIMEI(false); // https://play.google.com/about/monetization-ads/ads/ad-id/ AppsFlyerLib.setCollectMACAddress(false); AppsFlyerLib.setCollectAndroidID(false); Note: we are not using the latest version.Emissivity
A
20

My application is also removed by Google. I have done the following method to republish it.

  1. Create a privacy policy of application using Free Privacy Policy URL

  2. Publish the privacy policy at URL

  3. Copy the published privacy policy link and add it in Developer Play Console.
  4. Add the privacy policy link in Application also (Optional)

Hope this will help you also.

Amerce answered 29/9, 2018 at 5:52 Comment(1)
Perfect ! Note that now on the first website is hosting your privacy policy so you don't even have to use the second link.Isaiasisak
A
14

Crashlytics uses a variety of identifiers to provide their services including the Android ID, and the Android Advertising ID.

So crashlytics lib can be an issue. This lib is dealing with advertising ID. Many of developer getting this warning who are using crashlytics lib and not using AppsFlyerLib. So I think you should also be concern about crashlytics library.

For more clarification you can visit crashlytics security page

Actual answered 18/9, 2018 at 11:23 Comment(2)
Can you send an evidence? For example a link.Knossos
If you go through this link you will get clarification about the info try.crashlytics.com/securityActual
C
5

You have to add privacy policy on your application.

First, you have to create a privacy policy URL and then add this URL in GOOGLE PUBLISHER CONSOLE based on application. You can easily create privacy policy using this website.

Privacy Policies

If you have a server/host try to upload privacy policy page on your own server otherwise you can use this website for storing.

Mentioned: you have to add this policy page on your application. Create a menu as privacy police and show all your policy content on a dialog. Easiest way

Champagne answered 19/9, 2018 at 16:56 Comment(1)
Only adding the privacy policy to the google play store listing does not work.Bullshit
A
3

You are using Appsflyer below sdk 4.3. This is the problem. This is the email they sent all developers.

Hi there,

The AppsFlyer and Google Play teams are collaborating to ensure that all advertisers using the AppsFlyer SDK are compliant with the Google Play privacy policy. To avoid any disruption to your business, we strongly encourage that all advertisers take the following steps.

If you are running the AppsFlyer SDK version 4.3 or earlier: Please update to the latest AppsFlyer SDK as soon as possible to maintain full compliance. If you have enabled IMEI collection in a newer SDK version: Disable IMEI collection via the AppsFlyer SDK by removing the following code AppsFlyerLib.getInstance().setImeiData("IMEI_DATA_HERE") If your apps are not yet compliant with the Google Play privacy policy, we recommend that you correct your data collection in a timely manner. For more information about the AppsFlyer SDK, please visit the Help Center or contact your success manager.

Thank you, The AppsFlyer Team

Alleenallegation answered 10/5, 2018 at 23:35 Comment(3)
Thanks for your answer @Alleenallegation I appreciate it. However I would like to know if exists a procedure/application/whatever to detect who is accessing to IMEI instead of checking each dependency individually (depending of the project could be really hard work). Fortunately my app has been approved so I'm just curious in case it happens to me again.Emissivity
@ilopezluna Hi. I have the same problem in my app. Was it the appsflyer that caused the rejection? How do you initialize the appsflyer in the latest version to make sure it doesn't collection the IMEI then? Thanks!Ronen
We have added the following lines: AppsFlyerLib.setCollectIMEI(false); // https://play.google.com/about/monetization-ads/ads/ad-id/ AppsFlyerLib.setCollectMACAddress(false); AppsFlyerLib.setCollectAndroidID(false); Note: we are not using the latest version.Emissivity
C
1

In my case it was due privacy policy URL was not set in Google Play Console. I also use Crashlytic. But when I added Privacy Policy, it took some time to process and then it got resolved. I didnt event had to re-publish it again.

Crick answered 28/9, 2018 at 18:9 Comment(1)
How is your answer different from other answers that proceeded yours?Hecate

© 2022 - 2024 — McMap. All rights reserved.