What is the "context of content" in Google's Location Permissions policy? - google-play

Our Android app was rejected by Google with the following feedback:
Please make sure privacy policy is clearly labeled as a privacy policy
in the context of the content and specifies handling of location data.
I do not understand what the context of the content is in this case. Does it refer to the in-app link to the privacy policy, or the content of the privacy policy?
Our privacy policy is clearly titled as such in the document itself. The link to it within the app also reads "Privacy Policy" and is placed in the "About" section of the app, similar to how apps like Tesla and Instagram have implemented it.
Upon asking Google for advice, the response was:
Unfortunately, I’m not able to provide any more detail or a better
answer to your question. As I mentioned in our previous email, the
"Privacy Policy" is clearly labeled in not only the title but also
context of content, even translated in English.
Which I can only assume should mean is clearly labeled only in the title but not in the context of content, as otherwise the app would confirm to their policy.

Apparently, the context is wherever your feature is implemented in the app. In our case, we had to include a link to the privacy policy directly underneath the switch that enables location services.

Related

APK REQUIRES VALID PRIVACY POLICY​ Your app is uploading users' Primary Account information

At first the sata application was accepted by google play until several releases. However, at the time of doing the 12th release, my app was removed from google play.
APK REQUIRES VALID PRIVACY POLICY​
Your app is uploading users' Primary Account information to https:.......... without posting a privacy policy in both the designated field in the Play Developer Console and from within the Play distributed app itself.
how to solve it?, i need help immediately. thank you.
The solution is clear:
You need a Privacy Policy
You need to add the Privacy Policy:
In the app itself
On the Play Developer Console
You have multiple options how to link to your Privacy Policy from within your app: About or Settings screen, Sign-up or Login screens, separate item in the menu etc.
When you add the Privacy Policy on Play Developer Console it would be made available on your app listing page:
You can read Google's requirements for having a Privacy Policy on this help page here:
https://support.google.com/googleplay/android-developer/answer/113469#privacy

How to generate and add privacy policy on Google Play? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed last year.
The community reviewed whether to reopen this question 7 months ago and left it closed:
Original close reason(s) were not resolved
Improve this question
I have to create and add a privacy policy to my Android app. My app accesses background geolocation data, so whatever policy I add has to include info about how location data is used. Two questions:
Is there a standard approach to creating a privacy policy? For example, is there a template that people usually use, that I would be able to add an extra geolocation clause to?
Where in the Google Play console do you add the privacy policy? I went to Store Presence -> Main Store Listing and didn't see any place to add a privacy policy.
As far as I know, there is no specific standard for the privacy policy. You can have a look at the policies of other reputed apps to get an idea on how to write it. There is no hard and fast rule of the writing style either (remember, this is neither legislature nor a court of law). I think the policy should be written in simple and clear English that everybody can understand. Many of the free privacy policy generators use legal wording, which I want to avoid unless absolutely necessary. It is good to mention the following clearly in the privacy policy:
The data your app stores, and which of these is "personally identifiable information".
The data your app transmits to your servers.
How the above data is used.
Whether it is possible to request deletion of this data.
The permissions that your app use, especially if you use any sensitive permissions like READ_EXTERNAL_STORAGE.
Why the app requires those permissions.
How you want to be contacted in case someone wishes to ask for clarification/deletion of data/report security vulnerability.
In the Play Console, first click on the app. There is a left pane with many options like Dashboard, Inbox, Releases, etc. Scroll down on that pane to the bottom, and there you will find "App content". Click on that, and you will find a place to add a link to your privacy policy.
Note that the privacy policy has to be uploaded somewhere else, and you can only put the link to it in Google Play. My apps, for example, are all open-source, so I have uploaded the privacy policy to GitHub and linked to it. Another good option, if your app is closed-source, and you don't have a website, is to create a single GitHub repo for all the privacy policies of your apps, and then individually link those files in Google Play and in the app.
i use the following website for my apps privacy policies
https://www.freeprivacypolicy.com/
very simple you don't need to write the entire thing you just fill in some questions and they offer to host the policy on their site and provide you with a url to set in your store listing
Update after the announcement of Launching of Data safety in Play Console
Link to October 2021's announcement
The Google Play's support page now mentions that:
All developers that have an app published on Google Play must complete
the Data safety form, including apps on internal, closed, open, or
production testing tracks.
Even developers with apps that do not
collect any user data are required to complete this form and provide a
link to their privacy policy. In this case, the completed form and
privacy policy can indicate that no user data is collected or shared.
I did not find any official Google standard/template for the privacy policy either.
Even if my application was not collecting/sharing any information, I decided to follow the steps below in order not to be penalized at a later stage.
To write my application's Privacy Notice
I reviewed some policies of reputed applications (as suggested by
Wrichik Basu);
I used and customized the template provided by docracy for Mobile Privacy Policy (free, no registration needed). The website mentioned by Bilal Rammal is interesting if your app requests specific permissions (which was not my case).
I consulted the GDPR-compliant privacy notice.
To host my application's Privacy Notice
I uploaded this privacy policy on my personnal website and I checked that it was publicly accessible.
You may want to double check the file permissions and .htaccess rules if you self-host/manage your website.
To update my app information in the Google Play Console
I opened Play Console and went to the App content page (Policy > App content).
Under "Privacy Policy," I selected Start.
I entered the URL hosting the privacy policy online.
I saved my changes.
Note: If you’ve previously added a privacy policy and want to make changes, you’ll see and select Manage instead of start.
In my application
I reviewed the permissions that I was requesting;
I included a link (in the "Settings" section) to my Privacy Policy so that users of my application can easily review it.

Google Chrome Extension got rejected multiple times for "User Data Privacy"

I submitted a Google Chrome Extension and got rejected
Your item did not comply with the following section of our Program Policies:
"User Data Privacy"
The Privacy Policy & Secure Transmission section requires that:
If your product handles personal or sensitive user data (including
personally identifiable information, financial and payment
information, health information, authentication information, website
content and resources, form data, web browsing activity, user-provided
content and personal communications), then your product must:
Post a privacy policy. Handle the user data securely, including
transmitting it via modern cryptography. To comply with this policy:
Provide a working link to your privacy policy in the appropriate field
in the Chrome Web Store Developer Dashboard. The link must lead to a
privacy policy that is owned by you. The privacy policy must also
accurately and fully disclose all the details pertaining to how your
product collects, uses and shares user data, including the types of
parties with whom the data is shared. For more information on the
policy, please refer to the User Data FAQ.
Once your item complies with Chrome Web Store policies, you may
request re-publication in the Chrome Web Store Developer Dashboard.
Your item will be reviewed for policy compliance prior to
re-publication.
If you have any questions about this email, please respond and the
Chrome Web Store Developer Support team will follow up with you.
Our privacy policy is here
How could I fix it? What should I do?
After few emails with google asking about the exact issue, it turns out the User Data policy is a big section and a lot of thing might go wrong there, however, in my case I had a snapshot that is actually created by a designer to look pretty, not a snapshot from the actual extension and I had a permission that did not have a justification description. After I replaced the snapshot with an actual one and I removed the permission that didn't have a description because I actually didn't use it. The extension was approved and published.

What does Google Play do with the Privacy Policy Link I provide it with?

I am developing an app that will stand on its own without a Website (at the moment).
According to Google Play, I must provide a Privacy Policy URL because my app requires the android.permission.CAMERA permission.
I know that I can place a Privacy Policy on a static hosted Website and give that URL to Google Play, but I would like to know what Google Play will use that URL for.
Does it just give the users the link and if clicked will take the user to the static page where the privacy policy is hosted?
Does it crawl the page and extracts information from it to display the info within the Play Store?
Thanks
There are 2 types of permissions : Normal and Dangerous as listed here
The purpose of a permission is to protect the privacy of an Android
user.
Android apps must request permission to access sensitive user data (such as contacts and SMS), as well as certain system features (such as camera and internet). Depending on the feature, the system might grant the permission automatically or might prompt the user to approve the request.
read more here : https://developer.android.com/guide/topics/permissions/overview
So if you using some of Dangerous level permissions in your app , google will definitely ask you to provide Privacy Policy before uploding apk to playstore .
so if you not provide link , they will not approve your apk build to publish in playstore.
Yes , they also display Privacy Policy Link to all users in ADDITIONAL INFORMATION section in Playstore .
For Example See Below Picture :

Email from Google: Using a Google product name as the project in OAuth consent screen

I received this message for the second time and i still dont understand why. Can someone help me?
Action required: Critical problem with your Google Cloud/API project
Youtube API (id: tonal-topic-123301)
Dear Developer, We have recently
detected that your Google Cloud/API project Youtube API (id:
tonal-topic-123301) is using a Google product name as the project name
shown to users on the OAuth consent screen, which violates the Google
API Services: User Data Policy. You can fix the problem by revising
the project name and other relevant content so that the OAuth consent
screen shown to users accurately reflects the identity of your
application. To revise the project name visible to users, please take
the following steps:
Please review the Google API Services: User Data Policy, specifically
the following section- "Do not make false or misleading statements
about any entities that have allegedly authorized or managed your
application. You must accurately represent the company, organization,
or other authority that manages your application. Making false
representations about client credentials to Google or Google users is
grounds for suspension."
Sign in to the Google Cloud Platform Console.
Select your project.
On the Home Page Dashboard, select Go to APIs overview under APIs.
In API manager, select Credentials on the left bar, then select OAuth
consent screen. Change the name in the field under Product name shown
to users and then click on Save. We will suspend your Cloud project in
3 days unless you correct the problem. Please submit an appeal if you
have any questions. Please note that you should be logged in as the
project owner to access the appeals page. For more help on submitting
an appeal or to learn more about the process check the Policy
Violation FAQ. Please take a moment to review the Google API Services:
User Data Policy, the Google API Terms of Service, the Google Cloud
Terms of Service and the applicable Terms of Service for the specific
Google API you are using so that you do not violate our terms and
policies in the future.
This is obviously a naming issue regarding something in the google product range.
You Should be able to re-name your project to solve this.
If not, try a Google forum or help pages.
The problem you are having is that Google does not allow you to use a Google product name as the name of your in your application. Users can become confused and assume your third party application was created by them.
How to fix it:
Go to Google Developer console find the credentials screen. Click on the Oauth consent screen tab at the top rename your application.
Note: If you don't do this google is going to shut down your application they are very picky about this.

Resources