How to address Google User Data Privacy Policy Issue? - google-play

I keep getting this rejection from Google Store and while I've tried adding many different clauses to the privacy policy, the rejection never was fixed. If someone can help me out please that would be great.

Your app is uploading the list of installed application so that needs to be disclosed in the Privacy Policy. In addition, a prominent disclosure / notice to get consent from users on your data collection is required.
Examples of prominent disclosures / notices:
Credits for screenshots: TermsFeed

Related

Pre-ticked checkboxes on Google Consent Screen

We are having trouble with the Google Consent Screen (oauth2) where the scopes we are requesting aren't ticked automatically.
This is leading to users telling us that they have given permission, but they actually haven't as they weren't aware they needed to tick the boxes in order to give permission.
Is there a way to have these checkboxes pre-ticked? Or perhaps not allow users to tick/untick them? Just give users the option to accept or not?
Thank you!
We are having the same issue here. As a temporary solution we reduced the amount of the scopes (checkboxes) to only one https://www.googleapis.com/auth/drive, which is enough to view/create files in drive (didn't test deletion/update though).

Google Chrome Extension got rejected multiple times for "User Data Privacy"

I submitted a Google Chrome Extension and got rejected
Your item did not comply with the following section of our Program Policies:
"User Data Privacy"
The Privacy Policy & Secure Transmission section requires that:
If your product handles personal or sensitive user data (including
personally identifiable information, financial and payment
information, health information, authentication information, website
content and resources, form data, web browsing activity, user-provided
content and personal communications), then your product must:
Post a privacy policy. Handle the user data securely, including
transmitting it via modern cryptography. To comply with this policy:
Provide a working link to your privacy policy in the appropriate field
in the Chrome Web Store Developer Dashboard. The link must lead to a
privacy policy that is owned by you. The privacy policy must also
accurately and fully disclose all the details pertaining to how your
product collects, uses and shares user data, including the types of
parties with whom the data is shared. For more information on the
policy, please refer to the User Data FAQ.
Once your item complies with Chrome Web Store policies, you may
request re-publication in the Chrome Web Store Developer Dashboard.
Your item will be reviewed for policy compliance prior to
re-publication.
If you have any questions about this email, please respond and the
Chrome Web Store Developer Support team will follow up with you.
Our privacy policy is here
How could I fix it? What should I do?
After few emails with google asking about the exact issue, it turns out the User Data policy is a big section and a lot of thing might go wrong there, however, in my case I had a snapshot that is actually created by a designer to look pretty, not a snapshot from the actual extension and I had a permission that did not have a justification description. After I replaced the snapshot with an actual one and I removed the permission that didn't have a description because I actually didn't use it. The extension was approved and published.

OAuth Consent Screen

I've been waiting for Google to verify my OAuth consent screen for several months. This means that my functionality is restricted. The message that I am getting on the admin panel is...
Your consent screen is being verified. This may take up to several
days. Your last approved consent screen is still in use.
Is there some way of following this up or checking for any issues with my application?
I would recommend to contact G Suite Support with the G Suite APIs team, they can help you to speed up the verification process. You can check this article https://support.google.com/cloud/answer/9110914?hl=en for more information.
There has been some changes and categorized new scopes as restricted or sensitive, also if you add, remove or update any scope within your consent screen you will be asked for a new verification process.
The verification process should not take months. The G Suite API team will help you to find the best solution since they have the chance to contact the Trust and safety team who will review your verification.
For a faster verification, ensure that your app complies with our policy. For more information, see https://support.google.com/cloud/answer/9110914?hl=en#verification-requirements. And provide with all possible information like videos using your application, things like that.

Error: invalid_scope google read contact

What is the reason for this error?
How can I fix this?
Error: invalid_scope
This app hasn't been verified to access: {invalid = [https://www.google.com/m8/feeds/]} Please contact the developer for assistance. Are you the developer? If this project needs these scopes, sign in to an account with access to edit your project and try again. If not, contact the developer for help.
We have enhanced our risk assessment for new web applications that
request user data. Based on this risk assessment, some web
applications will require a manual review before users can approve
data permissions. Until the review is complete, unverified apps will
display an error message instead of the permissions consent page.
See our earlier blog post on accessing user data, which outlines your
responsibility when requesting access to user data from your
application. Our teams will continue our constant efforts to support a
powerful, useful developer ecosystem that keeps users and their data
safe.
Sources:
https://support.google.com/googleapi/answer/7394288
https://support.google.com/code/contact/oauth_app_verification

Email from Google: Using a Google product name as the project in OAuth consent screen

I received this message for the second time and i still dont understand why. Can someone help me?
Action required: Critical problem with your Google Cloud/API project
Youtube API (id: tonal-topic-123301)
Dear Developer, We have recently
detected that your Google Cloud/API project Youtube API (id:
tonal-topic-123301) is using a Google product name as the project name
shown to users on the OAuth consent screen, which violates the Google
API Services: User Data Policy. You can fix the problem by revising
the project name and other relevant content so that the OAuth consent
screen shown to users accurately reflects the identity of your
application. To revise the project name visible to users, please take
the following steps:
Please review the Google API Services: User Data Policy, specifically
the following section- "Do not make false or misleading statements
about any entities that have allegedly authorized or managed your
application. You must accurately represent the company, organization,
or other authority that manages your application. Making false
representations about client credentials to Google or Google users is
grounds for suspension."
Sign in to the Google Cloud Platform Console.
Select your project.
On the Home Page Dashboard, select Go to APIs overview under APIs.
In API manager, select Credentials on the left bar, then select OAuth
consent screen. Change the name in the field under Product name shown
to users and then click on Save. We will suspend your Cloud project in
3 days unless you correct the problem. Please submit an appeal if you
have any questions. Please note that you should be logged in as the
project owner to access the appeals page. For more help on submitting
an appeal or to learn more about the process check the Policy
Violation FAQ. Please take a moment to review the Google API Services:
User Data Policy, the Google API Terms of Service, the Google Cloud
Terms of Service and the applicable Terms of Service for the specific
Google API you are using so that you do not violate our terms and
policies in the future.
This is obviously a naming issue regarding something in the google product range.
You Should be able to re-name your project to solve this.
If not, try a Google forum or help pages.
The problem you are having is that Google does not allow you to use a Google product name as the name of your in your application. Users can become confused and assume your third party application was created by them.
How to fix it:
Go to Google Developer console find the credentials screen. Click on the Oauth consent screen tab at the top rename your application.
Note: If you don't do this google is going to shut down your application they are very picky about this.

Resources