Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 2 years ago.
Improve this question
We have been trying to publish the new version of the extension which is already in Chrome Web Store, but Google rejected it sending the following email:
**Your item did not comply with the following section of our Program Policies:
"User Data Privacy"
The Privacy Policy & Secure Transmission section requires that:
If your product handles personal or sensitive user data (including personally identifiable information, financial and payment information, health information, authentication information, website content and resources, form data, web browsing activity, user-provided content and personal communications), then your product must:
- Post a privacy policy.
- Handle the user data securely, including transmitting it via modern cryptography.
To comply with this policy:
Provide a working link to your privacy policy in the appropriate field in the Chrome Web Store Developer Dashboard.
The link must lead to a privacy policy that is owned by you.
The privacy policy must also accurately and fully disclose all the details pertaining to how your product collects, uses and shares user data, including the types of parties with whom the data is shared.**
There is the working Privacy Policy link in Chrome Web Store Developer Dashboard that contains detailed information about which data we collect, how we do that and use this information; how this data transmitted and secured. We have also described the usage of permissions in Chrome Web Store Developer Dashboard, but Google still declines our submission. We have been trying to directly contact Chrome Web Store team for more details, but ,unfortunately, there is no response from them and they are continuously sending the email above without additional clarifications... Did anyone experience the same problem? How were you manage to resolve it?
Have the same issue. My guess is that they're trying to have everyone comply with GDPR &/or CCPA to be safe.
I will take a look at Grammarly's terms to see what a company that constantly updates their Chrome Extension does.
Chrome's User Data FAQ's are also a great resource.
In my case, my extension is a free (not for profit) extension that does not really handle or store user information, nor does it track data. So I may try doing what others have done and just spell that out in the description.
Hope this helps!
Related
Apologies if this violates any Stack overflow terms.
I've been searching for examples to allow users to enable/disable features.
For example, the website is sending database, push and email notifications to users. I want to add checkboxes in their profile to enable/disable if they don't want to receive notifications.
The search results I found are mentioning "Laravel feature Flags" which is not what I'm looking for. Any resource I can read to understand the logic/operation behind this subject?
Thank you
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 3 years ago.
Improve this question
My clients are receiving emails like this (I quote the text, but it is an html email):
From: Google Accounts
Date: [OMITTED]
Subject: Limiting access to data in your Google Account
To: <[OMITTED my client's email address]>
Hi,
Although you don’t need to do anything, we wanted to let you
know that the following apps may no longer be able to access
some data in your Google Account, including your Gmail content.
If these apps are unable to meet the deadline to comply with our
updated data policy requirements, they'll lose access to your
Account starting July 15th, 2019.
[OMITTED my company's name]
We are making this change as part of ongoing efforts to make
sure your data is protected and private.
You can always view, manage and remove apps you’ve given
access to your account by visiting your Google Account.
Thanks,
The Google Accounts team
I operate a webapp that uses the following gmail API methods:
gmail.users.getProfile
gmail.users.messages.send
gmail.users.threads.get
As far as I know I am following all of the rules. I have searched through the Google APIs Console, but I cannot see what data policy I am violating.
How can I determine the data policy I am violating? Why hasn't Google reached out to me about this?
Is this a convincing phishing scam? These emails are being sent to my clients, so I don't have access to see if they are signed properly, but from what I can tell from the forwarded emails they appear to be authentic.
You are not violating any security policy. This is a standard mail that comes when ever a user connects their account to a new application containing high risk scopes (note as far as I know not all scopes will result in this mail but I haven't actually tested all scopes). This most often comes with the Gmail scopes in applications.
I would double check that your application has been verified it may help to remove some of the notifications your users are getting. Users should be informed by Google when they are accessing third party applications and warned about what that could mean.
The following scope is one of the most critical as far as Google is concerned this is most likely the one that will mean your users will always get this email when they authenticate your application. I wouldn't be surprised if all the Gmail scopes would result in that mail but I haven't tested it.
https://www.googleapis.com/auth/gmail.send
verification
This email is most likely related to the fact that this application has not been verified to use the gmail scopes. Gmail scopes are one of the most sensitive scopes as far as Google is concerned as the chance that they could be abused by malicious developers is even greater.
You should apply for verification as soon as you can google may contact you and ask for a video of your application running.
Unverified apps
In most cases it does NOT cost anything to be verified. In some cases, for particularly sensitive APIs, Google may require an outside audit of your code to make sure it does not put users of your program at risk.
After several hours of piecing together information across multiple sites along with a friend while waiting for further clarification from Google the following information was found which I hope will help developers in the future.
additional reading piecing together information available:
Elevating user trust in our API ecosystem while this page does mention "All fees are paid directly to the assessor and not to Google." it does not state an amount. Again i have never heard
of anyone having to pay for this. However I have contacted Google and requested that the page be updated with more accurate information as to what the fee entails.
Additional Requirements for Specific API Scopes
Why fee clearly states why a fee is charged. These assessments are done by a third party company that must be paid. It would be unrealistic IMO for a company wishing to develop an application using Googles API to expect Google to pay for this: IMO it makes perfect sense that the cost would be transferred to the company developing the application. they will after all be making money on the application.
Please forgive me, I am fairly new to the Dialogflow Api (v2.)
I am starting off with testing these API calls using the Google API Explorer utility on the right side of the page.
My question is specifically about the "access_token" field:
Is this supposed to be the JSON authentication file that I downloaded from the Google Cloud Console when I created a new service account?
If not, then where do I find the specific resource I am actually supposed to pass into this field?
Side note: I read in the support section: "Google engineers monitor and answer questions about the Google API Explorer on Stack Overflow using the tag google-apis-explorer." Thank you all in advance for your service/help in this topic!
The access_token field is a higher-level field used across the API by some tooling. In some manual client libraries, you might need to use it, but for the API Explorer utility and for most use-cases, you can ignore it. This is true of most (maybe all) fields under the "Show standard parameters" zippy.
The documentation on the left side should explain the relevant fields you need to fill in to successfully complete a request. Keep in mind that even some of these fields are optional; you can leave them blank if they are not relevant to your goal.
We are upgrading our SagePay protocol from v2.23 to 3.0 to support surcharge fees. In v3.0 transaction registration post there are CreateToken and StoreToken which was not in the earlier version. What is the reason for create and store tokens? I went through the document but couldn't find a clue.
The link provided in the above post links to advice by one of our Sage Pay Partners so take a look at it.
Token allows shoppers the option of storing their card details (as a token) to their account on the payment page during their first purchase instead of having to set it up manually afterwards. Single click purchases for repeat customers will become much simpler and quicker to set up.
To view the Token Guide go to here, scroll to the bottom of the screen and select the Download the Documents option within your preferred method of integration (server, server inframe, direct). Within the guide it explains creating and storing a token.
If this is a service you would like enabled on your Sage Pay account our New Business team are available 0900-1800 on 0845 111 4466. Prices for Token are available via here. If you have any other questions, our 24/7 Support team can assist to on 0845 111 4455.
Sage Pay Support.
I believe this is related to their token system, allowing you to store and send card details as a token.
If you don't use their token system you don't need to worry about it.
Sage Pay have destroyed their content recently so it's hard to find anything, here's a quick article on their token system - http://www.metakinetic.com/blog/2013/09/sage-pays-token-system-and-advancements-in-payment-gateways/
Is there a work-around to get the details of a contact in the Phone's contacts?
With the api you can only access the email and phonenumber but that is definitely not enough.
Currently, access to additional contact information is not available.
This was a deliberate design decision to protect the security of a persons contacct information and to prevent applications getting access to this data without the users knowledge.
It has, however, been hinted that additional contact details will be available in future versions of the platform.
If you really need more details about a contact you will have to wait until the API is extended in this area.
To be honest, if it doesn't improve - all the way to full (at least readonly) access to all contact details it is discouraging and stifling a great deal of good apps that should be made...
Many app developers would reject it for this reason alone...