Privacy Policy discussion

Hello Google Play Developer,

Our records show that your app, [app name], with package name com.andromo.[***].[***], currently violates our User Data policy regarding Personal and Sensitive Information.

Policy issue: Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. Your app requests sensitive permissions (e.g. camera, microphone, accounts, contacts, or phone) or user data, but does not include a valid privacy policy.

Action required: Include a link to a valid privacy policy on your app's Store Listing page and within your app. You can find more information in our help center.

Alternatively, you may opt-out of this requirement by removing any requests for sensitive permissions or user data.

If you have additional apps in your catalog, please make sure they are compliant with our Prominent Disclosure requirements.

Please resolve this issue by March 15, 2017, or administrative action will be taken to limit the visibility of your app, up to and including removal from the Play Store. Thanks for helping us provide a clear and transparent experience for Google Play users.

Regards,

The Google Play Team


This app uses the podcast activity, the e-mail activity, and the YouTube activity. But I'm wondering if these permissions have to do with the AdMob advertising?

Comments

  • Nope I got it too.  No AdMob stuff in my app.
  • Use the "Launch Notice", that should help. I have it since Google started scaring us with Google Cookie Choices (http://www.cookiechoices.org/) - Andromo reacted and built it the Launch Notice.

    Alternatively, there's "License Agreement".

    You can use hyperlinks to your privacy policy in both.

    Let us know how it pans out.

    And btw, good to see you @tholyoak, you've been absent for a while. :)
  • Google is simple saying you need to give them a privacy policy URL in your google play listing. Andromo doesn't request any permission not needed by your app, activities and selected ad networks in order to run on Android. Simple stuff, but it looks like Google is enforcing that policy link in the app store a bit more lately. Frankly, I'm surprised it has not always been a required field.

    Don't know how to write one? Google it. Lots of templates, generators, boilerplate out there. Or look at just about any website, down in the footer for a link.

    Per the discussion the other day, lots of ways to host it even if you don't have a website - https://forums.andromo.com/discussion/1884/hosting-a-privacy-policy

    Personally, I would never put up a website or app without a posted privacy policy. It's mostly boilerplate/standard language, but not having one posted is something you should rectify. It's required by law by most countries...
  • Thanks, @hendrixs, it's nice to know I've been missed. :)

    I've never bothered with a privacy policy because it's not required in the USA, where I live and most of my users live, and I don't collect any information. But I guess I'm going to have to take the time to do it now.
  • edited February 2017
    Hey, why not use Google Drive to host the privacy policy? In fact, Google even advises that:
    https://developers.google.com/actions/distribute/privacy-policy-guide#where_to_host_your_privacy_policy
  • edited February 2017
    Google drive needs a Google account. If you have many GP accounts, you simply add just another worry in your mind when trying to remember to keep them separate from each other.

    Just my two cents.
  • I've got a place to host the privacy policy, I just need to find a good one to use that basically just says I don't collect any information.
  • edited February 2017
    @tholyoak ;;, but do you not, really? You don't use analytics, ads, apis? They all make your app actually collect information AND share it with third parties, even if you don't save or store any yourself. On top of that, your apps probably ask for permissions that might make users wonder why they are required, and Google might also wonder. According to Google, a privacy policy should explain that.

    It is better to secure yourself with a privacy policy and add more rather than less. Here is a sample one I found several people on Google Play use, that you can freely modify (at least it claims you can "do whatever you want with it") but keep in mind it is not made by lawyers and surely misses some law compliances: http://myappterms.com/
  • @szymon247: Awesome find! Thanks.
  • I already have Google's required disclaimer about Analytics, but hadn't really thought about the other third party stuff. It would be nice if Andromo would supply a generic one, since they're much more familiar with what's actually in the apps and what they do, permissions requested, etc.
  • The example provided by szymon247 is more than enough. I've dived into this when the EU Cookie Law was a hot topic and I have a very similar disclaimer myself.
  • Exactly - it's *more* than enough. :) I'd prefer to have one that only says what's needed, and doesn't make anyone think the app is doing more than it is.
  • I wouldn't worry too much. I have a disclaimer on app launch ("we collect data" type of text) and a link to the full-blown disclaimer, and no one ever said anything about it.
  • OK, so I discovered in the Store Listing where you put the URL for the privacy policy that it actually says why the app was flagged: "Your app has an apk with version code 17 that requests the following permission(s): android.permission.GET_ACCOUNTS. Apps using these permissions in an APK are required to have a privacy policy set." This is my only app that has been flagged, as far as I can tell, which is strange since I have several similar apps.

    But I went ahead and did up a privacy policy, and I guess I'll go through and add the URL to all my apps. I modified the "Mobile Privacy Policy (Ad-sponsored Apps)" document freely available at www.docracy.com , in case that helps anyone else.
  • @tholyoak

    You likely have AirBop enabled in that project where GCM requires that permission and therefore is requesting the privacy policy.
  • Ah, yes, that explains it. I had completely forgotten that was in there. :) I guess it's a good thing to have the fine print in place, anyway.
Sign In or Register to comment.