We have received a notice from Google Play that our app will be removed if we do not provide them with login credentials in our app. The problem is that our app is a second-screen game, where the primary screen is a desktop game which provides a four digit code for people to enter in our app and log on to the game. Our app has been in the Play Store for years and is quite popular.
Google Play has given us until Oct 4th to provide them with a code, otherwise our app "may be removed from the Play Store". We have set up a desktop computer running games in loop 24-7 until they have reviewed our app, and we have provided them with a link to a twitch stream where the game runs in loop.
It's now been seven days and we have not heard anything from Google Play. It's very frustrating that there is no personal contact, we only receive auto-generated bot/AI mails about policy violation.
Does anyone know what further action we can take to make sure our app is not removed? We have "contacted support", although contacting support in Google Play means just writing your app name and email address in a form and selecting a radio button of what the problem seems to be (none of them apply exactly). No response for days.
This is the original warning mail from Google Play:
Hi Developers at xxx, After a recent review, we’ve identified that we
need additional information about your app xxx in accordance with our
policies. Please resolve the issue described below by October 04, 2022
to avoid further action against your app. Reasons of violation Issue:
Need login credentials for app review In order for us to review your
app for compliance with Developer Program Policies, we will need you
to provide valid login credentials for your app. If users need
credentials to access your app, please provide all appropriate
credentials via Play Console. If you previously supplied credentials,
please ensure that they have not expired. If your app normally uses
2-Step Verification (e.g. SMS verification), biometrics (e.g. a
fingerprint or face scan) or a location-dependent password (e.g.
geo-gate), please provide valid demo credentials that we can use
instead.
in Google Play Console in app content > app access > Add new instructions
in password field write down the 4-digit code.
in Any other instructions Write a detailed step-by-step guide on how to walk through game until the 4-digit code entered, and provide them with a valid digit code (that always works) and write that this is a "Demo Digit code".
Also, provide them with a video just to the point of entering the code and logging in (the shorter the video the better)
And you will have to wait, it takes a lot of time do not worry.
Related
My app is designed to exclusively use Sign In With Google. That is, if user can't sign in with their Google Credentials, they can't use the app.
The app has been live for a few months with numerous users using it.
Now publishing an internal track update today I received a rejection.
When inspecting supplied screenshot, I saw that Google reviewer (tester?) got an ApiException with statusCode 16 aka Cannot find a matching credential..
This error only happens if the signing keys are invalid (which is not the case as all my testers and live users are using the app just fine) or if you do not have GMS installed/running on the device (for example Huawei phone or Samsung Remote Test Lab).
When I have previously provided instructions for the testers, I have supplied the words Use Sign In with Google in both username and password assuming they can find an account (in fact the same strategy is working with Apple for the iOS version of the App for the past 1.5 years.). I have now registered a gmail account for them and updated username and password and submitted an appeal.
However, in all Google's materials the use case of exclusively using Sign In With Google is not covered. They talk about MFA, providing persistent non-expiring credentials, etc, but nothing about what to do if user can't use the app without their own sign in.
What is the best way to talk to someone at Google for it?
I built a Chrome Extension using the Google Slides API ~8 months ago, with users having to sign in with the OAuth consent screen as to be able to use the extension. The extension has over a thousand users, and for the past weeks I've had reports of people seeing an error that says "Sign in with Google temporarily disabled for this app".
I checked and indeed the OAuth page was still "being verified", although it still said it would only take a few days / several weeks. I'm not using any sensitive scopes either, so it all seems very odd. If the app didn't meet the criteria I would have been rejected, but that doesn't seem to be the case.
So my question is, how can I get it verified, or if anything rejected so that I can make a new submission? I looked all over the place and I haven't found a way to get it unstuck. I'm pretty sure 8 months for verification isn't normal whatsoever.
Google seems to manually validate each OAuth screen. That's a long (and costly process), but to my experience, it generally takes 24 hours if you don't use any sensitive/restrictive scopes. As it's your case apparently, I presume your submission has probably being lost somewhere.
My recommendations:
Check in the Google Cloud Console the status of your OAuth Screen. After logged in Google Cloud console, click on the hamburger icon and select "APIs & Services" > "OAuth consent screen". At the top of the page you will see the status. If it's something like "pending verification", go to step 2. Otherwise, make sure the form is completed and submit it to verification again.
Search in your emails if you have been contacted by "api-oauth-dev-verification-reply [at] google [dot] com" (the address might slightly change as they use a ticketing solution). Maybe they tried to contact you but the email went to spam?
Get in touch with the OAuth team by emailing "api-oauth-dev-verification-reply [at] google [dot] com". Make sure to add your
Google Project number in your email, so they will be able to check
what's wrong.
Disclaimer: I don't work at Google. But I'm bit familiar with that process now :)
Working on an application and developing chat integration bot. Note that contrary to some news bots or other tools, there is no central website or server that the bot gets its data from. The software installation comes with a repository, and that is where the bot connects to. Thus, every user, upon installing the software, will basically get their own copy of the bot, alongside with their own repository, etc.
Now, having done that for Telegram: You open the telegram client, initiate a chat with the botfather, get the token for your new bot with one or two commands, and then add that token to my application. Done. Easy for the user to follow, takes a few minutes at most and they have a working bot.
Trying to do the same with Skype, the users must:
Sign up for an Azure account
Provide credit card and phone number verification (that's probably where some users will stop right away)
Log on to the Azure Portal
Create a bot channel, through a myriad of different screens I have to guide the user through.
Have the user obtain the bot's password, again through a variety of different screens he needs to be guided through. (if the user hasn't given up yet, at this point he'll definitely get grumpy)
Enable the Skype channel, and enable the bot to be added to group chats.
Attempt to locate the bot via Skype and eventually add it in.
Now, if I wanted to document this properly, this will be a 10-15 page document with tons of screenshots and all. To do what Telegram does in two minutes or even less. There's so many opportunities in all of this for something to go wrong, that I can't even consider forcing my users to go through this.
Surely, I must be missing something? It can't be that you have to go through this horrible mess of an over-engineering spectacle that is second to none, just to get the most basic bot to function?
All I need is a means to say "this is the bots name, give me its token and API URL so that it can send messages using the REST API". But I can't seem to find this for Skype.
Recently, I have received a message from Google Play Developer saying that one app was removed:
This app has been removed from Google Play for a violation of the
Google Play Developer Program Policy regarding Ad Walls and
Interstitial Ads. For additional information, please review the
interstitial ads help article, then correct your app's ads and
resubmit. Additional details have been sent to your account owner's
email address.
So I've heard that if I get 3 strikes like this one, my account will be terminated. Is that true?
Also, I am only using Admob ads.
Google's policy here states that
Removals
Don’t impact the standing of your Google Play Developer account.
Once your app is removed, the published version of your app won’t be available on Google Play until a compliant updated is submitted.
The message you quoted says that your app was removed, so you don't have much to worry. You just have to be more careful about following the Ads guidelines. They don't want you to keep publishing many apps that don't follow the rules.
Also, they don't define exactly how many Suspensions you can have:
Suspensions
Count as strikes against the good standing of your Google Play Developer account.
Egregious or multiple policy violations can result in suspension, as can repeated app rejections or removals.
But 3, as you mentioned, seems a fair number in a short period. Remeber: your apps won't be suspended for nothing, so take care to follow correctly the instructions.
It says right there that "Additional details have been sent to your account owner's email address". So that would be the place to look to get the specifics.
There are a variety of reasons that your app may have been reported. For instance, you should probably let people know that there are ads at all. Is your app rated as "kid friendly" but the ads are not?
I'm going to guess that it has something to do with placement. For instance, if people are clicking your ad accidentally because it's too close to another actionable item, that will get you in trouble.
It could also be because someone is clicking the ad repeatedly, during testing, or to be a joker. And it's raising a flag.
You really need to do your own research to find out what the problem is.
Once you've done with that, correct the problem and try again.
I'm trying yo update a game on google play to support leaderboards and achievements. (https://play.google.com/store/apps/details?id=com.rightpedalstudios.dragonseason)
However, when I go to link the app I get the message "This client ID is globally unique and is already in use."
I've searched online for people who have had the same problem and the advice they are given is to delete the client ID in the developer console, and if the app has been deleted there then undelete it first. However, there is nothing in the console using the ID, nor is there any deleted apps. As far as I can tell there is no app using the client id.
I did find another person asking a similar question here that was never answered.
Failing to create client ID, due to duplication of signing fingerprint by another Android OAuth2 client
I also get the message "The signing fingerprint you specified is already used by another Android OAuth2 client." When I try to set up a client ID from the developer console. (I know I'm not meant to do that if I'm using google play games, I just wanted to check if it failed from there too.)
I've tried contacting google support, I was directed to the google API support, and then directed here.
Two other developers that have worked on this project could have somehow created a client ID. Although I have contacted them and neither of them recall creating one.
Is there anyway to find out where this client ID is being used?
You have to delete the client id in the Google API console (now confusingly renamed the Google Developers Console !). Then you can link the app to the game straight away. I have just done this, and it worked fine for me. I wanted to link an existing app to a different game, so I deleted both the debug and prod(release) definitions and was able to immediately link the app to the new game.
Note that for many of us, doing work on Google Play Game Services in the Google API console is a last resort - many of us have encountered Google related bugs in the past by doing this !
This image may help: