Login/Register
Unauthorised Advertising Clicks - Violation of Device and Network Abuse policy
Asked Answered
androidgoogle-play-protect
H

3

6

Our app (One Ticket) was recently removed from Playstore, Google said it is Violating Device and Network Abuse policy adding to it they said We’ve determined that your app is facilitating unauthorized advertising clicks on user’s device. But our app does not contain any ads. How it can facilitate unauthorized advertising clicks

Also while trying to install the apk it play protect dialog shows : This app tries to use your device to commit advertising frauds

On any existing device, a notification pops downs telling the user that this app is harmful.

Following are the permissions our app needs :

<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE" />
<uses-permission android:name="android.permission.CHANGE_NETWORK_STATE" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.CALL_PHONE" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" tools:node="remove"/>
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" tools:node="remove"/>

Below are the libraries which we are using: ` . 

     dependencies {
    compile fileTree(include: ['*.jar', '*.aar'], dir: 'libs')
    // Library for UI testing
    // Library for WebView testing using Espresso
    // Library for RecyclerView UI testing using Espresso
    androidTestImplementation('com.android.support.test.espresso:espresso-contrib:2.0') {
        exclude group: 'com.android.support', module: 'appcompat'
        exclude group: 'com.android.support', module: 'support-v4'
        exclude group: 'javax.inject'
        exclude module: 'recyclerview-v7'
    }
    // Library to listen to network events: min sdk version = 9
    // Adapter delegates for RecyclerViews
    // Library for validations
    // Library for swipe to dismiss on RecyclerViews
    // Library for the "About us" pages
    implementation('com.mikepenz:aboutlibraries:5.1.1@aar') {
        transitive = true
    }
    // Library for RecyclerViews animations
    // Tabs
    // Parcelable
    implementation('com.crashlytics.sdk.android:crashlytics:2.6.7@aar') {
        transitive = true;
    }
    implementation('com.crashlytics.sdk.android:answers:1.3.6@aar') {
        transitive = true;
    }
    apply from: 'check-release.gradle'
    // These are the necessary Maven dependencies for apps using the HAFAS library
    // The actual HAFAS library together with a HaCon special version of Google GSON.

    // Both libraries are located in the app/libs directory and have to be copied for use in own projects.
    //implementation 'com.google.code.gson:gson:2.8.5'
    //compile fileTree(dir: 'libs', include: ['*.jar'])
    //api project(':capital-metro-41-prod')

    implementation "com.android.support.constraint:constraint-layout:1.1.0"
    implementation 'com.android.support:cardview-v7:28.0.0'
    implementation 'com.android.support:recyclerview-v7:28.0.0'
    implementation 'net.steamcrafted:materialiconlib:1.0.3'
    implementation 'org.mockito:mockito-core:2.8.47'
    implementation 'com.google.dexmaker:dexmaker:1.2'
    implementation 'com.google.dexmaker:dexmaker-mockito:1.2'
    implementation 'com.github.pwittchen:reactivenetwork:0.5.2'
    implementation 'com.hannesdorfmann:adapterdelegates:1.0.2'
    implementation 'com.mobsandgeeks:android-saripaar:2.0.2'
    implementation 'com.hudomju:swipe-to-dismiss-undo:1.0'
    implementation 'jp.wasabeef:recyclerview-animators:2.2.5'
    implementation 'io.karim:materialtabs:2.0.2'
    implementation 'org.parceler:parceler-api:1.0.3'
    annotationProcessor 'org.parceler:parceler:1.0.3'
    implementation 'com.cocosw:bottomsheet:1.3.1@aar'
    implementation 'me.grantland:autofittextview:0.2.1'
    implementation 'com.braintreepayments.api:braintree-api:1.7.1'
    implementation 'com.braintreepayments.api:braintree:1.7.1'
    implementation 'com.braintreepayments.gateway:braintree-java:2.51.0'
    implementation 'com.soundcloud.android:android-crop:1.0.1@aar'
    implementation 'javax.inject:javax.inject:1'
    implementation 'javax.annotation:javax.annotation-api:1.2'
    implementation 'com.google.dagger:dagger:2.16'
    annotationProcessor 'com.google.dagger:dagger-compiler:2.16'
    implementation 'com.yalantis:ucrop:1.1.+'
    implementation 'com.google.android.gms:play-services-base:12.0.1'
    implementation 'com.google.android.gms:play-services-location:12.0.1'
    implementation 'com.google.android.gms:play-services-maps:12.0.1'
    implementation 'com.google.android.gms:play-services-analytics:12.0.1'
    implementation 'com.google.android.gms:play-services-auth:12.0.1'
    implementation 'com.android.support:support-v4:28.0.0'
    implementation 'com.android.support:appcompat-v7:28.0.0'
    implementation 'com.android.support:gridlayout-v7:28.0.0'
    implementation 'com.android.support:design:28.0.0'
    implementation "com.sothree.slidinguppanel:library:3.4.0"
    implementation 'com.squareup.sqlbrite:sqlbrite:0.8.0'
    // To fix the error thrown by support library for @drawable/abc_ic_ab_back_mtrl_am_alpha
    androidTestImplementation 'com.android.support.test:runner:0.5'
    androidTestImplementation 'com.android.support.test:rules:0.5'
    androidTestImplementation 'com.android.support.test.espresso:espresso-core:2.2.2'
    androidTestImplementation 'com.android.support.test.espresso:espresso-web:2.2.2'
    androidTestImplementation 'org.mockito:mockito-core:1.10.19'
    androidTestImplementation 'com.google.dexmaker:dexmaker:1.2'
    androidTestImplementation 'com.google.dexmaker:dexmaker-mockito:1.2'
    implementation 'com.google.android:flexbox:1.1.0'

    //Mosby MVP Framework
    implementation 'com.hannesdorfmann.mosby:mvp:2.0.1'
    implementation 'com.hannesdorfmann.mosby:viewstate:2.0.1'

    implementation 'com.jakewharton:butterknife:8.8.1'
    annotationProcessor 'com.jakewharton:butterknife-compiler:8.8.1'

    implementation 'com.android.support:multidex:1.0.3'

    //androidTestCompile 'com.google.dagger:dagger:2.0'
    //androidTestApt 'com.google.dagger:dagger-compiler:2.0'
    //apt 'org.parceler:parceler:1.0.3'
    //apt 'com.google.dagger:dagger-compiler:2.0'

    implementation 'android.arch.lifecycle:extensions:1.1.1'
}`

I suspect the following libraries along with the fixes.

  1. Fabric Crashlytics: All the versions before 2.9.3 collects Advertising ID. Solution:

Update it to the latest 2.10.3 version

.

  1. Firebase: Collects Advertising ID Solution: Disable it from Manifest
<meta-data android:name="firebase_analytics_collection_enabled"
   android:value="false" />

  1. Facebook: Collects Advertising ID. Can be restricted from the App Manifest File.

  2. Updating our app policy.

Can there be any other reasons apart from these libraries which might be causing this issue? Am I missing something?

enter image description here

enter image description here

Hayes answered 14/8, 2019 at 9:30 Comment(10)
Nope, if you aren't using any ADS SDK then just recheck each of the third party libraries to check if they utilizing the Advertising ID or notHierolatry
What does the app do? Are you using the SYSTEM_ALERT_WINDOW permission or do any of the libraries you use use that permission?Revive
@MorrisonChang We are not using SYSTEM_ALERT_WINDOW permission anywhere. Added the list of libraries and permissions which we are using.Hayes
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE" /> this the problem .Saccharify
@MuntasirAonik can you help me with more explanation of how this can be a problemHayes
According to this recent Android Police article, an app was pulled from the store because "an advertisement SDK provided by AdHub that loaded the malicious module into its product". You might want to focus on whether any of your third-party libraries include AdHub.Cullender
@Cullender thanks that article was indeed helpful, but our app does not support any advertisement so basically we arent using any advertisement SDK.Hayes
I'm not an Android developer, but could one of the modules you include by including AdHub or similar? Perhaps invisibly "clicking" advertising links to generate revenue for someone? Alternatively, does your code contain anything that "auto-clicks" elements of its own UI? It's conceivable (to me at least) that Google's checks might spot such activity and assume it's trying to do some kind of click-fraud.Cullender
The code does use performClick() function which does automatic click on the UI but it is given by google and we are using it carefully. @Cullender i hope that is not the reason. The bad thing is that google not providing a detailed explanation for their action.Hayes
I'm only guessing that might be what's triggering the alert: maybe it will trigger a "eureka" moment for someone else, or you can perhaps ask Google if it is the presence of performClick() that might be triggering the alert.Cullender
C
1

Likely this permission is involved:

android.permission.CALL_PHONE

Either ditch that feature or let the user hit the green button to call... and also these libraries are quite outdated (please just look them up for yourself, because I'm on a phone):

com.google.android.gms

There still is the option, that some library tries to cheat on your or some other AdMob account and/or the advertiser ID and package name do not match the ones on file.

Cleanly answered 14/9, 2019 at 1:1 Comment(0)
J
0

This is may be because of you are using plaintext communication or not using SSL. To enable secure communication,

  1. Create xml resources directory under res dir.
  2. Create network_security_config.xml file under xml dir
  3. Copy<?xml version="1.0" encoding="utf-8"?> <network-security-config> <domain-config cleartextTrafficPermitted="true"> <domain includeSubdomains="true">172.0.0.0.0. </domain>//your ip </domain-config> </network-security-config> in the file.
  4. Add in menifes.xml's application tag android:networkSecurityConfig="@xml/network_security_config"

Finally you can make Play Protect Appeals

Josiahjosias answered 13/9, 2019 at 10:18 Comment(1)
Thanks for your answer, but i can confirm that we are not using cleartextTrafficPermitted= true anywhere and all the network calls use https protocol.Hayes
K
0

Here are the possible reasons,

  1. the permission android.permission.CALL_PHONE

According to the most recent policy changes, Google does not allow us to use the Permissions those who are restricted to use like call log permission. Here is a good Medium post written on this topic. Maybe you or underlying dependency using one of that critical permission. If so, you should remove it quickly.

  1. Layout/View encouraging users to click the ad.

If by mistake you designed a layout/view that loads an ad such a way that user will click the ad accidentally, you are violating the policy. Maybe you are loading the ad in the background and shows up when it's ready. meanwhile if the user is interacting with the app, he/she will click the ad accidentally. It's recommended a way to show up fullscreen ads(like an interstitial ad) when user switching the new activity.

  1. Draw Overlay affecting the ad of another app

If your application uses widget that is being rendered using screen overlay( like Toucher App) make sure your widget does not affect the ad being loaded by another application.

  1. Avoid unnecessary permissions.

If your application does not require feature/permission. please avoid it. unnecessary permission sometimes causes this issue. head over to this

it seems that you are using third-party libraries. Using third-party libraries may harmful when you are not aware of its implementation. Avoid using such libraries if possible.

Karlotta answered 15/9, 2019 at 19:49 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.