Today I received this email from google:

Hi developers at ...,

After review, appName, com.app.package, has been removed from Google Play due to a policy violation. This app won’t be available to users until you submit a compliant update.

Issue: Violation of Usage of Android Advertising ID policy and section 4.8 of the Developer Distribution Agreement

Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. We’ve identified that your app collects and transmits the Android advertising identifier, which is subject to a privacy policy requirement. If your app collects the Android advertising ID, you must provide a valid privacy policy in both the designated field in the Play Console, and from within the app.

Next steps: Submit your app for another review

Read through the Usage of Android Advertising ID and User Data policies, as well as the Developer Distribution Agreement, and make appropriate changes to your app. If you decide to collect sensitive user information, be sure to abide by the above policies, and include a link to a valid privacy policy on your app's store listing page and within your app. Make sure that your app is compliant with all other Developer Program Policies. Additional enforcement could occur if there are further policy violations. Sign in to your Play Console and submit the update to your app. Alternatively, you may opt-out of this requirement by removing any requests for sensitive permissions or user data.

If approved, your app will again be available with all installs, ratings, and reviews intact.

If you’ve reviewed the policy and feel this removal may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.

Thanks for helping us provide a clear and transparent experience for Google Play users.

Regards,

Justin

I don't collect or transmit Android advertising at all even I don't show advertising in my app.
I've added these dependencies to the app level gradle:

// Firebase Core
implementation 'com.google.firebase:firebase-core:16.0.7'

// Crashlytics
implementation 'com.crashlytics.sdk.android:crashlytics:2.9.8'

// Firebase Cloud Messaging
implementation 'com.google.firebase:firebase-messaging:17.3.4'

// Google Play services
implementation 'com.google.android.gms:play-services-auth:16.0.1'

If I have to add a privacy policy to my App, How can I create privacy policy?

Edit: I added a privacy policy and after a few hours, my app published again. For creating a privacy policy I used this template

Because you made use of Google Play service it allows you to access advertiser ID as part of the API: http://www.androiddocs.com/google/play-services/id.html

You can follow this Privacy policy guideline by Google for your project https://developers.google.com/actions/policies/privacy-policy-guide

Design-wise I would put it where it is visible. Tell your client why you use Google Play API and put it in word your client would understand.

As of the specific, this is pretty clear to me:

Read through the Usage of Android Advertising ID and User Data policies, as well as the Developer Distribution Agreement, and make appropriate changes to your app. If you decide to collect sensitive user information, be sure to abide by the above policies, and include a link to a valid privacy policy on your app's store listing page and within your app. Make sure that your app is compliant with all other Developer Program Policies. Additional enforcement could occur if there are further policy violations. Sign in to your Play Console and submit the update to your app. Alternatively, you may opt-out of this requirement by removing any requests for sensitive permissions or user data.

Either you stop using Google Play service or you add a valid privacy policy in your description, in your app and on your app store.

You could also disable Advertising ID and Analytics via Firebase:

• Disable the Advertising ID:

  <meta-data android:name="google_analytics_adid_collection_enabled" android:value="false" />
  

• Disable Analytics:

  <meta-data android:name="firebase_analytics_collection_deactivated" android:value="true" />
  

Or, you can write your Privacy Policy to say that you use these third-party SDKs that might collect data from users:

Because you made use of Google Play service it allows you to access advertiser ID as part of the API: http://www.androiddocs.com/google/play-services/id.html

You can follow this Privacy policy guideline by Google for your project https://developers.google.com/actions/policies/privacy-policy-guide

Design-wise I would put it where it is visible. Tell your client why you use Google Play API and put it in word your client would understand.

As of the specific, this is pretty clear to me:

Read through the Usage of Android Advertising ID and User Data policies, as well as the Developer Distribution Agreement, and make appropriate changes to your app. If you decide to collect sensitive user information, be sure to abide by the above policies, and include a link to a valid privacy policy on your app's store listing page and within your app. Make sure that your app is compliant with all other Developer Program Policies. Additional enforcement could occur if there are further policy violations. Sign in to your Play Console and submit the update to your app. Alternatively, you may opt-out of this requirement by removing any requests for sensitive permissions or user data.

Either you stop using Google Play service or you add a valid privacy policy in your description, in your app and on your app store.