I submitted a Google Chrome Extension and got rejected
Your item did not comply with the following section of our Program Policies:
"User Data Privacy"
The Privacy Policy & Secure Transmission section requires that:
If your product handles personal or sensitive user data (including
personally identifiable information, financial and payment
information, health information, authentication information, website
content and resources, form data, web browsing activity, user-provided
content and personal communications), then your product must:
Post a privacy policy. Handle the user data securely, including
transmitting it via modern cryptography. To comply with this policy:
Provide a working link to your privacy policy in the appropriate field
in the Chrome Web Store Developer Dashboard. The link must lead to a
privacy policy that is owned by you. The privacy policy must also
accurately and fully disclose all the details pertaining to how your
product collects, uses and shares user data, including the types of
parties with whom the data is shared. For more information on the
policy, please refer to the User Data FAQ.
Once your item complies with Chrome Web Store policies, you may
request re-publication in the Chrome Web Store Developer Dashboard.
Your item will be reviewed for policy compliance prior to
re-publication.
If you have any questions about this email, please respond and the
Chrome Web Store Developer Support team will follow up with you.
Our privacy policy is here
How could I fix it? What should I do?
After few emails with google asking about the exact issue, it turns out the User Data policy is a big section and a lot of thing might go wrong there, however, in my case I had a snapshot that is actually created by a designer to look pretty, not a snapshot from the actual extension and I had a permission that did not have a justification description. After I replaced the snapshot with an actual one and I removed the permission that didn't have a description because I actually didn't use it. The extension was approved and published.
Related
I keep getting this rejection from Google Store and while I've tried adding many different clauses to the privacy policy, the rejection never was fixed. If someone can help me out please that would be great.
Your app is uploading the list of installed application so that needs to be disclosed in the Privacy Policy. In addition, a prominent disclosure / notice to get consent from users on your data collection is required.
Examples of prominent disclosures / notices:
Credits for screenshots: TermsFeed
At first the sata application was accepted by google play until several releases. However, at the time of doing the 12th release, my app was removed from google play.
APK REQUIRES VALID PRIVACY POLICY
Your app is uploading users' Primary Account information to https:.......... without posting a privacy policy in both the designated field in the Play Developer Console and from within the Play distributed app itself.
how to solve it?, i need help immediately. thank you.
The solution is clear:
You need a Privacy Policy
You need to add the Privacy Policy:
In the app itself
On the Play Developer Console
You have multiple options how to link to your Privacy Policy from within your app: About or Settings screen, Sign-up or Login screens, separate item in the menu etc.
When you add the Privacy Policy on Play Developer Console it would be made available on your app listing page:
You can read Google's requirements for having a Privacy Policy on this help page here:
https://support.google.com/googleplay/android-developer/answer/113469#privacy
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed last year.
The community reviewed whether to reopen this question 7 months ago and left it closed:
Original close reason(s) were not resolved
Improve this question
I have to create and add a privacy policy to my Android app. My app accesses background geolocation data, so whatever policy I add has to include info about how location data is used. Two questions:
Is there a standard approach to creating a privacy policy? For example, is there a template that people usually use, that I would be able to add an extra geolocation clause to?
Where in the Google Play console do you add the privacy policy? I went to Store Presence -> Main Store Listing and didn't see any place to add a privacy policy.
As far as I know, there is no specific standard for the privacy policy. You can have a look at the policies of other reputed apps to get an idea on how to write it. There is no hard and fast rule of the writing style either (remember, this is neither legislature nor a court of law). I think the policy should be written in simple and clear English that everybody can understand. Many of the free privacy policy generators use legal wording, which I want to avoid unless absolutely necessary. It is good to mention the following clearly in the privacy policy:
The data your app stores, and which of these is "personally identifiable information".
The data your app transmits to your servers.
How the above data is used.
Whether it is possible to request deletion of this data.
The permissions that your app use, especially if you use any sensitive permissions like READ_EXTERNAL_STORAGE.
Why the app requires those permissions.
How you want to be contacted in case someone wishes to ask for clarification/deletion of data/report security vulnerability.
In the Play Console, first click on the app. There is a left pane with many options like Dashboard, Inbox, Releases, etc. Scroll down on that pane to the bottom, and there you will find "App content". Click on that, and you will find a place to add a link to your privacy policy.
Note that the privacy policy has to be uploaded somewhere else, and you can only put the link to it in Google Play. My apps, for example, are all open-source, so I have uploaded the privacy policy to GitHub and linked to it. Another good option, if your app is closed-source, and you don't have a website, is to create a single GitHub repo for all the privacy policies of your apps, and then individually link those files in Google Play and in the app.
i use the following website for my apps privacy policies
https://www.freeprivacypolicy.com/
very simple you don't need to write the entire thing you just fill in some questions and they offer to host the policy on their site and provide you with a url to set in your store listing
Update after the announcement of Launching of Data safety in Play Console
Link to October 2021's announcement
The Google Play's support page now mentions that:
All developers that have an app published on Google Play must complete
the Data safety form, including apps on internal, closed, open, or
production testing tracks.
Even developers with apps that do not
collect any user data are required to complete this form and provide a
link to their privacy policy. In this case, the completed form and
privacy policy can indicate that no user data is collected or shared.
I did not find any official Google standard/template for the privacy policy either.
Even if my application was not collecting/sharing any information, I decided to follow the steps below in order not to be penalized at a later stage.
To write my application's Privacy Notice
I reviewed some policies of reputed applications (as suggested by
Wrichik Basu);
I used and customized the template provided by docracy for Mobile Privacy Policy (free, no registration needed). The website mentioned by Bilal Rammal is interesting if your app requests specific permissions (which was not my case).
I consulted the GDPR-compliant privacy notice.
To host my application's Privacy Notice
I uploaded this privacy policy on my personnal website and I checked that it was publicly accessible.
You may want to double check the file permissions and .htaccess rules if you self-host/manage your website.
To update my app information in the Google Play Console
I opened Play Console and went to the App content page (Policy > App content).
Under "Privacy Policy," I selected Start.
I entered the URL hosting the privacy policy online.
I saved my changes.
Note: If you’ve previously added a privacy policy and want to make changes, you’ll see and select Manage instead of start.
In my application
I reviewed the permissions that I was requesting;
I included a link (in the "Settings" section) to my Privacy Policy so that users of my application can easily review it.
What is the reason for this error?
How can I fix this?
Error: invalid_scope
This app hasn't been verified to access: {invalid = [https://www.google.com/m8/feeds/]} Please contact the developer for assistance. Are you the developer? If this project needs these scopes, sign in to an account with access to edit your project and try again. If not, contact the developer for help.
We have enhanced our risk assessment for new web applications that
request user data. Based on this risk assessment, some web
applications will require a manual review before users can approve
data permissions. Until the review is complete, unverified apps will
display an error message instead of the permissions consent page.
See our earlier blog post on accessing user data, which outlines your
responsibility when requesting access to user data from your
application. Our teams will continue our constant efforts to support a
powerful, useful developer ecosystem that keeps users and their data
safe.
Sources:
https://support.google.com/googleapi/answer/7394288
https://support.google.com/code/contact/oauth_app_verification
I received this message for the second time and i still dont understand why. Can someone help me?
Action required: Critical problem with your Google Cloud/API project
Youtube API (id: tonal-topic-123301)
Dear Developer, We have recently
detected that your Google Cloud/API project Youtube API (id:
tonal-topic-123301) is using a Google product name as the project name
shown to users on the OAuth consent screen, which violates the Google
API Services: User Data Policy. You can fix the problem by revising
the project name and other relevant content so that the OAuth consent
screen shown to users accurately reflects the identity of your
application. To revise the project name visible to users, please take
the following steps:
Please review the Google API Services: User Data Policy, specifically
the following section- "Do not make false or misleading statements
about any entities that have allegedly authorized or managed your
application. You must accurately represent the company, organization,
or other authority that manages your application. Making false
representations about client credentials to Google or Google users is
grounds for suspension."
Sign in to the Google Cloud Platform Console.
Select your project.
On the Home Page Dashboard, select Go to APIs overview under APIs.
In API manager, select Credentials on the left bar, then select OAuth
consent screen. Change the name in the field under Product name shown
to users and then click on Save. We will suspend your Cloud project in
3 days unless you correct the problem. Please submit an appeal if you
have any questions. Please note that you should be logged in as the
project owner to access the appeals page. For more help on submitting
an appeal or to learn more about the process check the Policy
Violation FAQ. Please take a moment to review the Google API Services:
User Data Policy, the Google API Terms of Service, the Google Cloud
Terms of Service and the applicable Terms of Service for the specific
Google API you are using so that you do not violate our terms and
policies in the future.
This is obviously a naming issue regarding something in the google product range.
You Should be able to re-name your project to solve this.
If not, try a Google forum or help pages.
The problem you are having is that Google does not allow you to use a Google product name as the name of your in your application. Users can become confused and assume your third party application was created by them.
How to fix it:
Go to Google Developer console find the credentials screen. Click on the Oauth consent screen tab at the top rename your application.
Note: If you don't do this google is going to shut down your application they are very picky about this.