Warning of Google Play Developer policy violation: Action Required

android google-play policy privacy-policy

37,358

Solution 1

There is some way to overcome this policy violation. First of all you need to make policy violation file. To do this here is some way:

Go to this link: https://app-privacy-policy-generator.firebaseapp.com/

and then provide your app name, developer account name etc then generate your policy file.

or you may use this template: https://gist.github.com/alphamu/c42f6c3fce530ca5e804e672fed70d78

and then just replace app name, developer account etc with yours.

Now how you link up your privacy file:

If you have a own server then you can host the file in your server and use that link. If not then there are some other way to make your work done.

You may put your file in git then use that link
You also go for a better way, such as just create a docs file in your google drive and then paste your policy text on that and then select File->Publish for the web you will get a link to share just use that link in your policy url.

Hope these will help you.

Solution 2

You need to add a privacy policy. To add a privacy policy to your store listing:

Go to your Google Play Developer Console.
Select an app.
Select Store Listing.
Under "Privacy Policy," enter the URL where you have the privacy policy hosted online.
Select Save draft (new apps) or Submit update (existing apps).

Solution 3

In my case, old app (deployed on BETA track) was creating problem and console was giving alert for the same.

So check all active apps in all tracks(Beta, Alpha, Internal and Production) for restricted permission groups.

Solution 4

READ_CONTACTS is a sensitive permission and Google requires you to have a Privacy Policy.

Other sensitive permissions are camera, audio recording, contacts.

You can fix the violation by either removing those sensitive permissions that ask for personal data or by adding a Privacy Policy URL to your Android app:

Log into your Google Play Developer Console.
Select All Applications
Select the application
Click Store Listing
Enter the public URL of your Privacy Policy at the Privacy Policy field:

Note that you need to host your Privacy Policy on your website and provide the URL on that "Privacy Policy " field. Google won't host the agreement for you.

Other alternatives to host the policy that you can use are GitHub Pages.

Solution 5

There is a yellow comment near the field privacy policy URL is which permission cause this in your apk.

However from first review of your Manifest READ_PHONE_STATE and GET_ACCOUNTS are definetly permissions that need a policy URL.

View more solutions

37,358

Author by

ysnsyhn

Updated on June 05, 2020

Comments

ysnsyhn about 4 years

I recently received many mails from google for many of my apps.

The email content is:

Hello Google Play Developer,

Our records show that your app, XXXX, with package name com.XXXX.XXXXXXXXXX, currently violates our User Data policy regarding Personal and Sensitive Information.

Policy issue: Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. Your app requests sensitive permissions (e.g. camera, microphone, accounts, contacts, or phone) or user data, but does not include a valid privacy policy.

Action required: Include a link to a valid privacy policy on your app's Store Listing page and within your app. You can find more information in our help center.

Alternatively, you may opt-out of this requirement by removing any requests for sensitive permissions or user data.

If you have additional apps in your catalog, please make sure they are compliant with our Prominent Disclosure requirements.

Please resolve this issue by March 15, 2017, or administrative action will be taken to limit the visibility of your app, up to and including removal from the Play Store. Thanks for helping us provide a clear and transparent experience for Google Play users.

Regards,

The Google Play Team

The manifest permissions of the apps are listed below:

1-)

<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="android.permission.SEND_SMS" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />

2-)

<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />


<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />

<!--
  IMPORTANT: Change "com.parse.starter.permission.C2D_MESSAGE" in the lines below
  to match your app's package name + ".permission.C2D_MESSAGE".
-->
<permission android:protectionLevel="signature"
    android:name="com.XXXX.XXXXX.permission.C2D_MESSAGE" />
<uses-permission android:name="com.XXXX.XXXXXX.permission.C2D_MESSAGE" />

3-)

<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.GET_TASKS" />
<uses-permission android:name="android.permission.CHANGE_CONFIGURATION" />
<uses-permission android:name="android.permission.WRITE_SETTINGS" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />

<uses-feature android:name="android.hardware.camera" />

4-)

<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.VIBRATE" />

<uses-permission android:name="com.xxxx.xxxxx.permission.C2D_MESSAGE"
    android:protectionLevel="signature" />

5-)

<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />

<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="com.android.vending.BILLING" />

<permission
    android:name="com.xxx.xxxx.permission.C2D_MESSAGE"
    android:protectionLevel="signature" />

<uses-permission android:name="com.xxxx.xxxx.permission.C2D_MESSAGE" />

These are the libraries which Im using

compile 'com.google.android.gms:play-services-ads:10.0.1'
compile 'com.android.support:support-v4:25.1.1'
compile 'com.readystatesoftware.sqliteasset:sqliteassethelper:2.0.1'
compile 'com.melnykov:floatingactionbutton:1.3.0'
compile 'com.android.support:appcompat-v7:25.1.1'
compile 'com.baoyz.swipemenulistview:library:1.2.1'
compile 'com.google.android.gms:play-services-analytics:10.0.1'
compile 'com.flaviofaria:kenburnsview:1.0.7'
compile 'com.commit451:PhotoView:1.2.4'
compile 'com.squareup.picasso:picasso:2.5.2'
compile 'com.astuetz:pagerslidingtabstrip:1.0.1'
compile 'com.code-troopers.betterpickers:library:2.2.2'
compile 'com.android.support:cardview-v7:25.1.1'
compile 'com.onesignal:OneSignal:3.3.1@aar'
compile 'com.google.android.gms:play-services-gcm:10.0.1'
compile 'com.google.android.gms:play-services-location:10.0.1'
compile 'com.android.support:design:25.1.1'
compile 'me.leolin:ShortcutBadger:1.1.10@aar'
// retrofit
compile('com.squareup.retrofit2:retrofit:2.1.0') {
    exclude module: 'okhttp'
}
compile 'com.squareup.okhttp3:okhttp:3.0.0'
compile 'com.squareup.okhttp3:logging-interceptor:3.0.1'
compile 'com.squareup.retrofit2:adapter-rxjava:2.1.0'
compile 'com.squareup.retrofit2:converter-gson:2.1.0'
compile 'io.reactivex:rxandroid:1.1.0'
// UI binding
compile 'com.jakewharton:butterknife:8.2.1'
apt 'com.jakewharton:butterknife-compiler:8.2.1'
// DB
compile 'org.greenrobot:greendao:3.0.1'
compile 'com.github.paolorotolo:appintro:4.1.0'
compile 'com.readystatesoftware.sqliteasset:sqliteassethelper:+'

Which of those permissions are violating Google User Data? Is there a list of permissions which are violating Google User Data? How to fix it? Should I remove those or is there another solution for it? Also if I have to prepare a privacy policy are there some example ones?

Thanks in regards.