Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed last year.
The community reviewed whether to reopen this question 7 months ago and left it closed:
Original close reason(s) were not resolved
Improve this question
I have to create and add a privacy policy to my Android app. My app accesses background geolocation data, so whatever policy I add has to include info about how location data is used. Two questions:
Is there a standard approach to creating a privacy policy? For example, is there a template that people usually use, that I would be able to add an extra geolocation clause to?
Where in the Google Play console do you add the privacy policy? I went to Store Presence -> Main Store Listing and didn't see any place to add a privacy policy.
As far as I know, there is no specific standard for the privacy policy. You can have a look at the policies of other reputed apps to get an idea on how to write it. There is no hard and fast rule of the writing style either (remember, this is neither legislature nor a court of law). I think the policy should be written in simple and clear English that everybody can understand. Many of the free privacy policy generators use legal wording, which I want to avoid unless absolutely necessary. It is good to mention the following clearly in the privacy policy:
The data your app stores, and which of these is "personally identifiable information".
The data your app transmits to your servers.
How the above data is used.
Whether it is possible to request deletion of this data.
The permissions that your app use, especially if you use any sensitive permissions like READ_EXTERNAL_STORAGE.
Why the app requires those permissions.
How you want to be contacted in case someone wishes to ask for clarification/deletion of data/report security vulnerability.
In the Play Console, first click on the app. There is a left pane with many options like Dashboard, Inbox, Releases, etc. Scroll down on that pane to the bottom, and there you will find "App content". Click on that, and you will find a place to add a link to your privacy policy.
Note that the privacy policy has to be uploaded somewhere else, and you can only put the link to it in Google Play. My apps, for example, are all open-source, so I have uploaded the privacy policy to GitHub and linked to it. Another good option, if your app is closed-source, and you don't have a website, is to create a single GitHub repo for all the privacy policies of your apps, and then individually link those files in Google Play and in the app.
i use the following website for my apps privacy policies
https://www.freeprivacypolicy.com/
very simple you don't need to write the entire thing you just fill in some questions and they offer to host the policy on their site and provide you with a url to set in your store listing
Update after the announcement of Launching of Data safety in Play Console
Link to October 2021's announcement
The Google Play's support page now mentions that:
All developers that have an app published on Google Play must complete
the Data safety form, including apps on internal, closed, open, or
production testing tracks.
Even developers with apps that do not
collect any user data are required to complete this form and provide a
link to their privacy policy. In this case, the completed form and
privacy policy can indicate that no user data is collected or shared.
I did not find any official Google standard/template for the privacy policy either.
Even if my application was not collecting/sharing any information, I decided to follow the steps below in order not to be penalized at a later stage.
To write my application's Privacy Notice
I reviewed some policies of reputed applications (as suggested by
Wrichik Basu);
I used and customized the template provided by docracy for Mobile Privacy Policy (free, no registration needed). The website mentioned by Bilal Rammal is interesting if your app requests specific permissions (which was not my case).
I consulted the GDPR-compliant privacy notice.
To host my application's Privacy Notice
I uploaded this privacy policy on my personnal website and I checked that it was publicly accessible.
You may want to double check the file permissions and .htaccess rules if you self-host/manage your website.
To update my app information in the Google Play Console
I opened Play Console and went to the App content page (Policy > App content).
Under "Privacy Policy," I selected Start.
I entered the URL hosting the privacy policy online.
I saved my changes.
Note: If you’ve previously added a privacy policy and want to make changes, you’ll see and select Manage instead of start.
In my application
I reviewed the permissions that I was requesting;
I included a link (in the "Settings" section) to my Privacy Policy so that users of my application can easily review it.
I submitted a Google Chrome Extension and got rejected
Your item did not comply with the following section of our Program Policies:
"User Data Privacy"
The Privacy Policy & Secure Transmission section requires that:
If your product handles personal or sensitive user data (including
personally identifiable information, financial and payment
information, health information, authentication information, website
content and resources, form data, web browsing activity, user-provided
content and personal communications), then your product must:
Post a privacy policy. Handle the user data securely, including
transmitting it via modern cryptography. To comply with this policy:
Provide a working link to your privacy policy in the appropriate field
in the Chrome Web Store Developer Dashboard. The link must lead to a
privacy policy that is owned by you. The privacy policy must also
accurately and fully disclose all the details pertaining to how your
product collects, uses and shares user data, including the types of
parties with whom the data is shared. For more information on the
policy, please refer to the User Data FAQ.
Once your item complies with Chrome Web Store policies, you may
request re-publication in the Chrome Web Store Developer Dashboard.
Your item will be reviewed for policy compliance prior to
re-publication.
If you have any questions about this email, please respond and the
Chrome Web Store Developer Support team will follow up with you.
Our privacy policy is here
How could I fix it? What should I do?
After few emails with google asking about the exact issue, it turns out the User Data policy is a big section and a lot of thing might go wrong there, however, in my case I had a snapshot that is actually created by a designer to look pretty, not a snapshot from the actual extension and I had a permission that did not have a justification description. After I replaced the snapshot with an actual one and I removed the permission that didn't have a description because I actually didn't use it. The extension was approved and published.
I am developing an app that will stand on its own without a Website (at the moment).
According to Google Play, I must provide a Privacy Policy URL because my app requires the android.permission.CAMERA permission.
I know that I can place a Privacy Policy on a static hosted Website and give that URL to Google Play, but I would like to know what Google Play will use that URL for.
Does it just give the users the link and if clicked will take the user to the static page where the privacy policy is hosted?
Does it crawl the page and extracts information from it to display the info within the Play Store?
Thanks
There are 2 types of permissions : Normal and Dangerous as listed here
The purpose of a permission is to protect the privacy of an Android
user.
Android apps must request permission to access sensitive user data (such as contacts and SMS), as well as certain system features (such as camera and internet). Depending on the feature, the system might grant the permission automatically or might prompt the user to approve the request.
read more here : https://developer.android.com/guide/topics/permissions/overview
So if you using some of Dangerous level permissions in your app , google will definitely ask you to provide Privacy Policy before uploding apk to playstore .
so if you not provide link , they will not approve your apk build to publish in playstore.
Yes , they also display Privacy Policy Link to all users in ADDITIONAL INFORMATION section in Playstore .
For Example See Below Picture :
I've just received this message from Google Play but I'm not collecting the Advertising ID.
Reason for warning: Violation of Usage of Android Advertising ID
policy and section 4.8 of the Developer Distribution Agreement
Google Play requires developers to provide a valid privacy policy when
the app requests or handles sensitive user or device information.
We’ve identified that your app collects and transmits the Android
advertising ID, which is subject to a privacy policy requirement.
Is it possible any of my dependencies uses it? Here's the list of dependencies:
implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
implementation "org.jetbrains.anko:anko-common:$anko_version"
implementation ("com.android.support:appcompat-v7:$android_support_version") {
exclude group: 'com.android.support', module: 'animated-vector-drawable'
exclude group: 'com.android.support', module: 'design'
}
implementation ("com.android.support:design:$android_support_version") {
exclude group: 'com.android.support', module: 'animated-vector-drawable'
}
implementation ("com.android.support:cardview-v7:$android_support_version") {
exclude group: 'com.android.support', module: 'animated-vector-drawable'
exclude group: 'com.android.support', module: 'design'
}
implementation 'com.github.PhilJay:MPAndroidChart:v3.0.2'
implementation 'com.github.apl-devs:appintro:v4.2.3'
implementation('com.crashlytics.sdk.android:crashlytics:2.6.8#aar') {
transitive = true
}
implementation 'com.firebase:firebase-jobdispatcher:0.7.0'
implementation ("com.google.firebase:firebase-firestore:$firestore_version") {
exclude group: 'com.google.firebase', module: 'firebase-auth'
}
implementation ("com.google.firebase:firebase-auth:$firebase_version") {
exclude group: 'com.google.firebase', module: 'firebase-firestore'
}
implementation ("com.google.firebase:firebase-storage:$firebase_version") {
exclude group: 'com.google.firebase', module: 'firebase-firestore'
}
implementation ('com.google.android.gms:play-services-auth:16.0.0') {
exclude group: 'com.google.firebase', module: 'firebase-firestore'
}
implementation 'com.android.support.constraint:constraint-layout:1.1.3'
implementation 'com.android.support:multidex:1.0.3'
implementation ("com.android.support:exifinterface:$android_support_version") {
exclude group: 'com.android.support', module: 'animated-vector-drawable'
exclude group: 'com.android.support', module: 'design'
}
implementation 'com.soundcloud.android:android-crop:1.0.1#aar'
implementation 'com.github.bumptech.glide:glide:4.7.1'
Disable advertising id collection
According to the Firebase docs you can disable advertising id collection by setting:
<meta-data android:name="google_analytics_adid_collection_enabled" android:value="false" />
in your AndroidManifest.xml under the <Application> tag.
EDIT: It seems like people are having mixed success with this approach. Try adding
configurations { all*.exclude group: 'com.google.firebase', module: 'firebase-core' all*.exclude group: 'com.google.firebase', module: 'firebase-iid' } to the Gradle app dependencies area as per comment below.
Today many developers are getting this same issue.
I also got this issue. I didn't collect any sensitive data, I am not even showing ads to my users. In your case the Crashlytics lib could be an issue. It deals with advertising IDs.
In the mail they mention the required action:
Action required: Add a privacy policy to your store listing and app
So I think all of us should add a privacy policy on the store listing as well as on the app. Before taking the action we should go through the related privacy policy.
Here are some links from where you can get help:
Privacy policy to upload an app
Usage of Android Advertising ID
Developer Distribution Agreement
Developer Program Policies
You are using crashlytics below 2.9.3. Apparently it's collecting and sending the google advertising id as a key in their header. That might be the or one of the issues.
You can check if it's sending the advertising id through a proxy like Charles.
Edit ***
It seems that version 2.9.3 and above are still getting the advertisingID from by calling AdvertisingIdClient.getAdvertisingIdInfo() from the com.google.android.gms.ads.identifier package. I checked it by setting a break point on the method. I am assuming it is somehow still being send to fabric. Which would mean updating to higher version will not solve it..
For Unity users, the problem is in Unity Analytics.
To resolve this problem, we need to do 2 tasks:
In Google Play Console, add the link: https://unity3d.com/legal/privacy-policy into Privacy Policy field in Store presence / Store listing
In your app, add a Privacy Policy button by using the Unity's own plugin Unity Data Privacy Plug-in: https://assetstore.unity.com/packages/add-ons/services/unity-data-privacy-plug-in-118922
After resubmitted about some minutes, Google Play approved my app.
I am not using Crashlytics or any other thing. Just a simple offline app with Facebook Ads. Still my app was removed from the Play Store.
Issue: Violation of Usage of Android Advertising ID policy and section 4.8 of the Developer Distribution Agreement
Issue Description: Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. We’ve identified that your app collects and transmits the Android advertising identifier, which is subject to a privacy policy requirement. If your app collects the Android advertising ID, you must provide a valid privacy policy in both the designated field in the Play Console, and from within the app.
Solution:
I created a Privacy Policy for my app using this link and edited it according to my app.
I created a url for my privacy policy using this link.
Log in to Google Play Console and Go to the Store presence and then store listing and paste your url in Privacy Policy section.
Submit your update.
Note - In my case I did not have to submit any new build with privacy policy as mentioned in mail and my app was visible in play store within hours I did the steps I mentioned above. If in case your app is not visible in play store after following the above points then you should put one privacy policy section in your app too and submit a new build.
I also recieved the same message and got some of my apps suspended today.
So i just deleted those three firebase dependencies:
compile 'com.google.firebase:firebase-core:10.0.1'
compile 'com.google.firebase:firebase-ads:10.0.1'
compile 'com.google.firebase:firebase-appindexing:10.0.1'
Then, i re-submitted the apps, and they was accepted after review :)
If your app uses Firebase SDKs like analytics and all, you can disable Advertising ID collection on SDK level by putting the following line in your AndroidManifest.xml file under the Application tag.
<meta-data android:name="google_analytics_adid_collection_enabled" android:value="false" />
You can read more about it here.
My app was not even an ad supported application but still it got hit by this section 4.8 clause. By employing the above technique I was able to get it back on Google Play without submitting any privacy policy.
this is the cause
Google Play Services version 4.0 introduced new APIs and an ID for use by advertising and analytics providers.
We need to provide a privacy statement and make it available on the web.
For a sample go
https://digital.com/blog/best-privacy-policy-generators/
To change settings on your android app. Developer Console, Store Listing, scroll down to Privacy Policy. Add the url here.
copied from google mail
Please contact policy support team.
If your app requests user data or makes sensitive permissions requests such as Phone, Accounts, Contacts, Camera, Microphone, or if your app uses the Android advertising identifier, you'll need to add a valid privacy policy in two places: your app's Store Listing page (instructions below) and within your app.
As a second option, you can remove any requests for user data or sensitive permissions. For example, you would need to remove {copy and paste permissions here} from the manifest. You will not need to add a privacy policy if you remove these requests.
If you cannot complete steps 1 or 2, you'll need to unpublish the app from the Play Store.
If your app is already unpublished, you don’t need to take action unless you re-publish the app in the future.
You can follow these steps to add a privacy policy to your Store Listing:
Sign in to your Play Console.
Select your app.
On the left side, select Store presence > Store listing.
Under "Privacy Policy," enter the URL where you have the privacy policy hosted online.
Save your changes to submit the update to your app.
Please visit our help center for more information about Google Play privacy policy requirements.
Disabling Advertising ID collection:
https://firebase.google.com/support/guides/disable-analytics#disable_advertising_id_collection
via those two lines in Manifest file:
<meta-data android:name="firebase_analytics_collection_deactivated" android:value="true" />
<meta-data android:name="google_analytics_adid_collection_enabled" android:value="false" />
my app deleted from store today .. same issue
all i do that i add privacy policy to the app from(App console - Store presence - Store listing)
Like the image
you can create it from App Privacy Policy Generator
and uplaod it and write the link in Store listing and resubmit the app
That is work for me
and sorry for my bad language
I am using Crashlytics and OneSignal. Relying on #RikvanVelzen tests with Crashlytics 2.9.3, it is not the reason for my getting the messasge from Google, but OneSignal.
Google requirement is "you must provide a valid privacy policy in both the designated field in the Play Console, and from within the app."
Therefore, I believe that I need to do only two things which are not too complicated:
Add a privacy policy link from Google Play's console, to a webpage with the info
Add privacy policy info in the app
The following seems to provide instructions on how to do it (just one of many):
https://www.iubenda.com/blog/warning-google-play-developer-policy-violation-action-required-policy-issue/
Privacy policy webpage creation:
First, create a page with the privacy policy of the blocked
application.
Write what information you process. If you do not process private data, write it clearly.
Add information (link) about app privacy policy in Google Play Console
App update with consent:
Follow the instruction from Google website: https://developers.google.com/admob/android/eu-consent
Add link to your privacy policy:
privacyUrl = new URL("https://www.your.com/privacyurl");
ConsentForm form = new ConsentForm.Builder(context, privacyUrl)
Add the privacy policy webpage by opening it in browser or in webview in your application
Update app with consent and upload on Google Play Console
step 1 : add privacy and policy url to play store console
step 2 : create a button example in side bar when button clicked just call this below method and add your url here
private void callThisMethodWhenPrivacyButtonClicked() {
AlertDialog.Builder alert = new AlertDialog.Builder(this);
alert.setTitle("Title here");
WebView wv = new WebView(this);
wv.loadUrl("{your privacy and policy uurl }");
wv.setWebViewClient(new WebViewClient() {
#Override
public boolean shouldOverrideUrlLoading(WebView view, String url) {
view.loadUrl(url);
return true;
}
});
alert.setView(wv);
alert.setNegativeButton("Close", new DialogInterface.OnClickListener() {
#Override
public void onClick(DialogInterface dialog, int id) {
dialog.dismiss();
}
});
alert.show();
}
First, you have to create a privacy policy URL and then add this URL in GOOGLE PUBLISHER CONSOLE based on application.
You can easily create privacy policy using this website.
Privacy Policies
If you have a server/host try to upload privacy policy page on your own server otherwise you can use this website for storing.
Mentioned: you have to add this policy page on your application. Create a menu as privacy police and show all your policy content on a dialog. Easiest way.
I had one of my app removed and another got warning for reason given as
Issue: Violation of Usage of Android Advertising ID policy and section 4.8 of the Developer Distribution Agreement
I created the privacy policies for both the apps, updated the link in play console store listing, included privacy policy link in main menu of both apps and resubmitted apps.
Both the apps are now live and running .
If you need you can copy the policy, make sure to do edits according to your app permissions and name.
Privacy policy
I don't know if these play console removal and warning count as strike, or somebody can enlighten me.
I received a warning from Google recently mentioning that I have violated the Usage of Android Advertising ID policy and section 4.8 of the Developer Distribution Agreement.
I dont use ads on my app , but I am tracking users events / analytics using Amplitude and Fabric , which might be the cause of this warning.
Action required to solve the problem:
Generate privacy policy using Firebase app privacy policy generator
Include your generated privacy policy into your app , and make it accessible to users.
Update the app, and add privacy policy link (via Web page, or Google doc) to your store listing.
The issue states the violation is due to using user's Android Advertising ID. I had the same problem. I created a privacy policy and added the url to that in my app and to the Google Play page. Submitted an update and the App is live again. Make sure to mention that you are collecting a personally identifiable information, Android Advertising ID, in your app. I've given a link to my app's privacy policy, refer to that if you need to know how exactly it is mentioned.
This is my privacy policy:
https://nwsty.com/privacy-policy-and-terms-of-use-android/
You can easily create a privacy policy here:
https://app-privacy-policy-generator.firebaseapp.com/
Just for reference, this is the app in question:
https://play.google.com/store/apps/details?id=com.instancea.nwsty&hl=en_US
I got 3 apps suspended today.
I had a busy day but managed to start working on the apps after lunch. I worked on and submitted 2 updates out of 3. Now I'm working on the third one.
A few minutes ago, one just got approved.
Most of my apps already have privacy policies. The ones that got suspended did not.
The suspect libraries in my case are Admob and Firebase Analytics.
What I did:
1. I created a privacy policy web-page and added a link in the Google Play Store listing.
2. I added the privacy policy as a string in the app and it pops up via a dialog the user can accept or decline one time.
After the updates, I held my breath for 2 hours and voila!
I have created an app in the Google Apps Marketplace SDK and now I have the "Test Install Flow" button, which is fine,. however, when I click it, a popup for business account signup appears and asks me to set up a real Google business account. How can I simply test it with the same developer account I have?
Had the same issue. It occurs when you first log in to Google with a non-Google Apps account (like a free Gmail account), after which Google Apps accounts are added (i.e. are logged in).
As Ben Clifford suggests in comments, one needs to be signed in first with a Google Apps account (after logging out completely). As a best practice, use Google Apps accounts in one web browser, and free Gmail account(s) in a different browser - to avoid further issues.
You have to test it with a Google Apps account. Apparently yours is not one of those, so they're asking you to sign up. If you have a different Google account that has Google Apps already, you can add that account to the project in Permissions -> Add Member, and then use "Test Install Flow" while logged in as that other account.