Warning of Google Play Developer policy violation: Action Required

Asked 7/2, 2017 at 21:32 Answered 25/1, 2019 at 5:48

android google-play policy privacy-policy

I recently received many mails from google for many of my apps.

The email content is:

Hello Google Play Developer,

Our records show that your app, XXXX, with package name com.XXXX.XXXXXXXXXX, currently violates our User Data policy regarding Personal and Sensitive Information.

Policy issue: Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. Your app requests sensitive permissions (e.g. camera, microphone, accounts, contacts, or phone) or user data, but does not include a valid privacy policy.

Action required: Include a link to a valid privacy policy on your app's Store Listing page and within your app. You can find more information in our help center.

Alternatively, you may opt-out of this requirement by removing any requests for sensitive permissions or user data.

If you have additional apps in your catalog, please make sure they are compliant with our Prominent Disclosure requirements.

Please resolve this issue by March 15, 2017, or administrative action will be taken to limit the visibility of your app, up to and including removal from the Play Store. Thanks for helping us provide a clear and transparent experience for Google Play users.

Regards,

The Google Play Team

The manifest permissions of the apps are listed below:

1-)

<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="android.permission.SEND_SMS" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />

2-)

<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />


<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />

<!--
  IMPORTANT: Change "com.parse.starter.permission.C2D_MESSAGE" in the lines below
  to match your app's package name + ".permission.C2D_MESSAGE".
-->
<permission android:protectionLevel="signature"
    android:name="com.XXXX.XXXXX.permission.C2D_MESSAGE" />
<uses-permission android:name="com.XXXX.XXXXXX.permission.C2D_MESSAGE" />

3-)

<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.GET_TASKS" />
<uses-permission android:name="android.permission.CHANGE_CONFIGURATION" />
<uses-permission android:name="android.permission.WRITE_SETTINGS" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />

<uses-feature android:name="android.hardware.camera" />

4-)

<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.VIBRATE" />

<uses-permission android:name="com.xxxx.xxxxx.permission.C2D_MESSAGE"
    android:protectionLevel="signature" />

5-)

<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />

<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="com.android.vending.BILLING" />

<permission
    android:name="com.xxx.xxxx.permission.C2D_MESSAGE"
    android:protectionLevel="signature" />

<uses-permission android:name="com.xxxx.xxxx.permission.C2D_MESSAGE" />

These are the libraries which Im using

compile 'com.google.android.gms:play-services-ads:10.0.1'
compile 'com.android.support:support-v4:25.1.1'
compile 'com.readystatesoftware.sqliteasset:sqliteassethelper:2.0.1'
compile 'com.melnykov:floatingactionbutton:1.3.0'
compile 'com.android.support:appcompat-v7:25.1.1'
compile 'com.baoyz.swipemenulistview:library:1.2.1'
compile 'com.google.android.gms:play-services-analytics:10.0.1'
compile 'com.flaviofaria:kenburnsview:1.0.7'
compile 'com.commit451:PhotoView:1.2.4'
compile 'com.squareup.picasso:picasso:2.5.2'
compile 'com.astuetz:pagerslidingtabstrip:1.0.1'
compile 'com.code-troopers.betterpickers:library:2.2.2'
compile 'com.android.support:cardview-v7:25.1.1'
compile 'com.onesignal:OneSignal:3.3.1@aar'
compile 'com.google.android.gms:play-services-gcm:10.0.1'
compile 'com.google.android.gms:play-services-location:10.0.1'
compile 'com.android.support:design:25.1.1'
compile 'me.leolin:ShortcutBadger:1.1.10@aar'
// retrofit
compile('com.squareup.retrofit2:retrofit:2.1.0') {
    exclude module: 'okhttp'
}
compile 'com.squareup.okhttp3:okhttp:3.0.0'
compile 'com.squareup.okhttp3:logging-interceptor:3.0.1'
compile 'com.squareup.retrofit2:adapter-rxjava:2.1.0'
compile 'com.squareup.retrofit2:converter-gson:2.1.0'
compile 'io.reactivex:rxandroid:1.1.0'
// UI binding
compile 'com.jakewharton:butterknife:8.2.1'
apt 'com.jakewharton:butterknife-compiler:8.2.1'
// DB
compile 'org.greenrobot:greendao:3.0.1'
compile 'com.github.paolorotolo:appintro:4.1.0'
compile 'com.readystatesoftware.sqliteasset:sqliteassethelper:+'

Which of those permissions are violating Google User Data? Is there a list of permissions which are violating Google User Data? How to fix it? Should I remove those or is there another solution for it? Also if I have to prepare a privacy policy are there some example ones?

Thanks in regards.

Reactionary answered 7/2, 2017 at 21:32 Comment(6)

meta.#272665 – Kahlil 7/2, 2017 at 21:34

If the Google Play Store requires a Privacy Policy, the Developer Console will typically let you know what permissions are causing the requirement. (That's been my experience.) – Autosuggestion 7/2, 2017 at 21:36

I got the same email for 4 of my apps, and i dont actually require the mentioned permission @CharlesCaldwell – Status 8/2, 2017 at 6:30

You should also keep in mind that third-party dependencies may also have their own permissions they require. Considering how many libraries you are using, I wouldn't be surprised if one of them is the culprit. Try this answer to find the library that may be causing it. (I haven't tested the answer so I make no promises.) – Autosuggestion 8/2, 2017 at 14:10

Check this : https://mcmap.net/q/169100/-warning-of-google-play-developer-policy-violation-action-required – Marcela 12/3, 2017 at 19:33

check this : #62159757 – Corey 17/8, 2021 at 14:4

There is some way to overcome this policy violation. First of all you need to make policy violation file. To do this here is some way:

Go to this link: https://app-privacy-policy-generator.firebaseapp.com/

and then provide your app name, developer account name etc then generate your policy file.

or you may use this template: https://gist.github.com/alphamu/c42f6c3fce530ca5e804e672fed70d78

and then just replace app name, developer account etc with yours.

Now how you link up your privacy file:

If you have a own server then you can host the file in your server and use that link. If not then there are some other way to make your work done.

You may put your file in git then use that link
You also go for a better way, such as just create a docs file in your google drive and then paste your policy text on that and then select File->Publish for the web you will get a link to share just use that link in your policy url.

Hope these will help you.

Marcela answered 12/3, 2017 at 19:22 Comment(2)

Another free privacy policy source: docracy.com/mobileprivacy – Danika 14/5, 2020 at 0:44

check. :#62159757 – Corey 17/8, 2021 at 14:3

You need to add a privacy policy. To add a privacy policy to your store listing:

Go to your Google Play Developer Console.
Select an app.
Select Store Listing.
Under "Privacy Policy," enter the URL where you have the privacy policy hosted online.
Select Save draft (new apps) or Submit update (existing apps).

Mathematics answered 8/2, 2017 at 0:58 Comment(0)

READ_CONTACTS is a sensitive permission and Google requires you to have a Privacy Policy.

Other sensitive permissions are camera, audio recording, contacts.

You can fix the violation by either removing those sensitive permissions that ask for personal data or by adding a Privacy Policy URL to your Android app:

Log into your Google Play Developer Console.
Select All Applications
Select the application
Click Store Listing
Enter the public URL of your Privacy Policy at the Privacy Policy field:

Note that you need to host your Privacy Policy on your website and provide the URL on that "Privacy Policy " field. Google won't host the agreement for you.

Other alternatives to host the policy that you can use are GitHub Pages.

Attention answered 13/2, 2017 at 14:27 Comment(2)

So I have to create and host my own website and pay monthly fees just because I want to use the camera in my app? – Nonobservance 15/2, 2017 at 20:13

You can also use free alternatives to host the Privacy Policy -- GitHub Pages, a Medium page, our TermsFeed tool to create + host, etc. – Attention 16/2, 2017 at 15:49

In my case, old app (deployed on BETA track) was creating problem and console was giving alert for the same.

So check all active apps in all tracks(Beta, Alpha, Internal and Production) for restricted permission groups.

Attenuation answered 9/1, 2019 at 12:22 Comment(2)

This is very important, when we are getting issue of 'Declare sensitive permissions'. When we have old apk in 'BETA track' and new apk in release track is clean. Still it will show the issue. We need to first upload APK in Beta track --> rollout Beta track --> Beta Apk 'Release to Production' --> rollout the same from release track. – Whelm 9/12, 2019 at 10:44

I'm trying to upload to Alpha track without success, my app on Production track was removed for "Not adhering to Google Play Developer Program policies". And now I get the same error with this explanation for my release on Alpha track. Could this be because of the old apk in production track? – Finback 8/12, 2021 at 14:6

There is a yellow comment near the field privacy policy URL is which permission cause this in your apk.

However from first review of your Manifest READ_PHONE_STATE and GET_ACCOUNTS are definetly permissions that need a policy URL.

Luca answered 8/2, 2017 at 6:19 Comment(1)

he doesnt have it in his all applications. neither do i, i got same emails without having those neither in the app nor the libraries used. – Status 9/2, 2017 at 13:30

I asked them about what can be the solution and they sent me this email today:

I'm happy to help clarify any questions you have about the privacy policy warning. There are three ways to address this issue:

1- If your app requests user data or makes sensitive permissions requests such as Phone, Accounts, Contacts, Camera, or Microphone, you'll need to add a valid privacy policy in two places: your app's Store Listing page (instructions below) and within your app.

2- As a second option, you can remove any requests for user data or sensitive permissions. For example, you would need to remove the potentially sensitive permissons from the manifest. You will not need to add a privacy policy if you remove these requests.

3- If you cannot complete steps 1 or 2, you'll need to unpublish the app from the Play Store. If your app is already unpublished, you don’t need to take action unless you re-publish the app in the future.

anyway in my application i dont have requests for the mentioned permissions (Camera, Contacts, Microphone ...etc)

I use google Admob in it. And i think it maybe causes the requests for those permissions !!!. I saw also that you are using the google play service ads (admob) in your gradle:

compile 'com.google.android.gms:play-services-ads:10.0.1'

Possible Solution: There is a way to remove the permissions in gradle:

<uses-permission android:name="android.permission.Camera" tools:node="remove" />
<uses-permission android:name="android.permission.READ_CONTACTS" tools:node="remove" />

It is not the best solution, we may wait for another better solution but this is what i got till now...

Status answered 8/2, 2017 at 6:29 Comment(2)

and within your app. ?how i can add Privacy policy to my app ? – Haunted 9/2, 2017 at 15:53

I get it, by adding a link to privacy Policy on storing list, you will be able to see privacy link on application page – Haunted 9/2, 2017 at 16:23

This violation error is arising because of the permission

<uses-permission android:name="android.permission.READ_CONTACTS" />

You should read about the google developer policies for the same. If this permission is not mandatory you can remove it and you won't get this error then. Else you first have to provide policy url to your app in google play developer console and you must also provide the same url in the app.

Fears answered 10/2, 2017 at 6:30 Comment(2)

fyi for me it are the following permissions: Your app has an apk with version code 5 that requests the following permission(s): android.permission.READ_PHONE_STATE,android.permission.GET_ACCOUNTS. Apps using these permissions in an APK are required to have a privacy policy set. you can see them in the Google Play developer dashboard > your app > Store Listing – Allround 11/2, 2017 at 8:5

Yes correct, this violation error comes because of sensitive information and I mentioned the one because of which i faced the issue and also i have seen the same in the above question. – Fears 28/2, 2017 at 7:7

confirm Naitik Soni reply. We have "READ_SMS" permission on production track, so we only able to rollout new version without it permission to production.

Ricardaricardama answered 25/1, 2019 at 5:48 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags