Violation of the Personal and Sensitive Information and Usage of Android Advertising ID Policies

Issue: Violation of the Personal and Sensitive Information and Usage of Android Advertising ID Policies

We have determined that your app uses a permanent device identifier and does not prominently disclose this practice. If your app collects and transmits personal or sensitive user data unrelated to functionality described prominently in the app’s listing on Google Play or in the app interface, then prior to the collection and transmission, it must prominently highlight how the user data will be used and have the user provide affirmative consent for such use.

Any advertising identifier must not be connected to personally-identifiable information or associated with any persistent device identifier (for example: SSAID, MAC address, IMEI, etc.) without explicit consent of the user.

Google Explains how to correct but not sure i understand. 

«1

Comments

  • edited September 2018
    Andromo apps do not “collect and transmit personal or sensitive user data”, but perhaps you have a website activity or similar that does? In that case, my guess is you need to have a privacy policy link in your app and/or a google play listing. That’s just good practice for everyone, no matter what. Although, without knowing anything about what you are doing specifically in your app (give us the link), and you didn’t include the full message, who can say except google?
  • I just got a ton of my apps removed for the same thing. I'm guessing you'll be seeing a lot more posts about this shortly.

    The rest of the email reads:

    Next steps: Submit your app for another review

    1. Read through the Personal and Sensitive Information and Android Advertising ID  policy pages.
    2. Make changes to your app to bring it into compliance:
      • If you wish to continue to enable the collection of persistent device identifiers from devices which have an Android Advertising ID, please modify your app to meet privacy policy and prominent disclosure requirements for handling of personal or sensitive user data. Refer to the Android Developers site for more information on working with advertising IDs.
        - or-
      • Cease collection of persistent device identifiers from devices which have an Android Advertising ID. You may need to contact your SDK provider for an updated version to include in your app.
    3. Make sure that your app is compliant with all other Developer Program Policies. Additional enforcement could occur if there are further policy violations.
    4. Sign in to your Play Console and upload the modified, policy compliant APK. Be sure to increment the version number of the APK.
    5. Submit your app.

    If approved, your app will again be available with all installs, ratings, and reviews intact.

    If you’ve reviewed the policy and feel this removal may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.





  • edited September 2018
    Can we set the privacy policy to use affirmative consent?
    Edit: I'll try the launch notice feature for this
  • edited September 2018
    Andromo apps do not “collect and transmit personal or sensitive user data”, but perhaps you have a website activity or similar that does?

    Without knowing more about your specific app, what version of Andromo you built it with etc. the most prominent thing is that it sounds like you do not have a privacy policy link in your google play listing and/or you haven't used the License Agreement feature to get consent (http://support.andromo.com/kb/application-settings/settings#license-agreement) for showing ads. ALL ad networks use the Android Advertising ID (including AdMob), so it sounds like Google may be wanting you to disclose that now in these ways.

    The Google Play privacy policy seems to be more or less required now for adding new apps, so I can see them looking at existing apps too... Any ads in your app, like Admob etc, they all use the Android Advertising ID. Either way, a privacy policy is essential for apps. There has been much discussion on these forums about that. Not having one, may not be an option anymore.

    Website activities could be an issue of you require logins, signups etc.

    I'd recommend that you use the License Agreement feature to require people to accept your terms and disclose that ads, analytics etc are being used that make use of the Android Advertising ID.

    More details:
    So, add a Privacy Policy to your Google Play listing. And also enable the License Agreement and make sure that it says somewhere says "This app shows ads that use the Android Advertising ID to deliver their ads to you" among your other terms and privacy policy. Then rebuild and resubmit as they said.

    Don't know where to start with a Privacy Policy? This article seems pretty appropriate:



  • edited September 2018
    Thanks @colinadams. Based on what I've read, they're expecting an in-app request for consent, which is pretty ridiculous since 99% of the apps in the app store don't do that right now.

    I don't have any website activities in my app. I think it's just the advertising ID for Admob they're concerned about.

    I'm going to use the Launch Notice with the worldwide setting and see if that does the trick. I'm guessing I'll take a hit on my earnings because last time I implemented that I got a bunch of negative reviews about how my apps were tracking them...

  • Yeah, it’s really hard to say what Google is asking for there exactly, but they change their polices all the time. They’ve been really big on adding in Privacy Policy notices and other disclosures, because of GDPR in part, but there is a lot of scrutiny on Google (and other big names like Facebook etc) about such issues recently.

    Better to be on the safe side and just do everything they ask. Privacy Policy link in Google Play, plus in your app to mention the things listed above. The License Agreement requires the user to click “Accept” (affirmative consent) which is the most strict. The “Launch Notice” does not (implied consent).

    I agree that it’s ridiculous as every app out there has ads, analytics, crash reporting, web cookies, etc. It’s not possible for apps to exist without these things and everyone knows it, but I guess Google is taking some heat and passing it around...

    in in the end, it’s their sandbox, for better or for worse. Only option is to roll with it and do what they say.

    Let us know how it goes.
  • edited September 2018
    Hey @wallpaper and @vwmto Quick question: when was the last time you built those apps? We’re they updated for GDPR compliance (after May 28 - https://blog.andromo.com/2018/creating-gdpr-compliant-apps-with-andromo/ ?

    We’ve only had 2 reports of this in support today, and for certain we know one person last updated their apps in January 2018... those would certainly be offside no matter what. That’s why we actually emailed all subscribers to give them a heads up about GDPR, but things can get ignored when you’re busy for sure.

    Also, are you using any ad networks other than AdMob?

    Still good advice to follow the steps above as well.
  • Good morning, so one of the apps removed was updated on sept 9th (the day before it was removed) and it was updated for the gdpr compliance. the other three are apps that i have not updated as of yet. 
  • edited September 2018
    @vwmto OK, so definitely follow the Privacy Policy & License Agreement as suggested for all your flagged apps, plus be aware of the GDPR protocol for the other apps you have not updated yet. Then you should be good to go when you build and resubmit.

    also, just curious, but are you running any ad networks other than AdMob?
  • only running admob in my apps. 
  • @colinadams I only use Admob and none of my apps had been updated since before May 2018, so none had the GDPR update (adding it now!). Strangely enough, only 2/3 of my apps were removed, even though they're all basically the same. Maybe they all would have been removed eventually.

    I added a privacy policy and resubmitted them and they're back on Google Play. Fingers crossed that they stay there.
  • @wallpaper, what method did you use to add your privacy policy and have you heard back from Google ? Also, would you mind sharing or giving an example of your privacy policy ?

  • edited September 2018
    @wallpaper Great to hear that that did the trick and your apps are back on Google Play. Yeah, hard to say ever how Google picks apps for review like that, but it's good to have them updated for GDPR reasons too anyways.

    @vwmto I posted a link to a site up above that has some examples of privacy policies, plus the GDPR blog post. Check those out for sure...
  • @colinadams
    @wallpaper
    thanks for the input guys, i really appreciate it. 
  • @vwmto Always here for you bud! Good luck with those apps!
  • I had the same thing with some of my apps (using only admob in all apps).
    They are all very different: some had youtube activity, some had a website activity, some had audio or radio activities etc.). The only thing they all had in common was that none of them had a Privacy Policy URL listed in "Store Listings" inside the google play account.

    Similar apps with a privacy policy URL in place have not been effected.
    Maybe you want to check into this.



  • @sylviathewitch thanks. That’s really good info. I was helping a fellow in support on Sunday who was trying to add his new app to Google Play, and it would not let him even continue without definining a privacy policy url, so perhaps they will now require it of existing apps too. Good practice in any case.
  • I have Launch notice at all my apps but I dont have privacy policy link at store listing. Should I add that link?
  • Guys I plan to add privacy policy url in some affected apps for now and then to all apps. But what do we do with the in app privacy policy if we already have a gdpr launch notice? Can we combine them in the privacy policy option or we will really end up with 2 different pop ups when the apps start?
    Also is it Ok if instead of putting the whole privacy policy, we link to the same url that we got in the listing?
  • Since google play requires developers to provide a valid privacy policy how should I get or create a privacy policy in order to comply the google play requirement? Please advise. Currently I have 2 apps had been removed from google play and I believe there will be increase soon.
  • One more thing, in license agreement column what should I write down in license text?? Can I have some example on that? 


     
  • edited September 2018
    I got two of these as well. Unfortunately, they are apps that use the Gallery activity that I had not wanted to rebuild because the dashboard style I was using is no longer available. Oh well. :(

    Edit: It appears that those 2 apps just didn't have the link to my privacy policy in the Store Listing. Hopefully that is really all that is required.
  • Please someone, how to create privacy policy in GP account..And example text for license agreement in andromo,..
    Please someone
  • @bent9715We cannot tell you what to have in your privacy policy. There are many andromo activities and each of them requires particular stuff.
    Try edit this one http://myappterms.com/reader.php?id=1

  • ton of my apps also removed by GP... I want to add privacy policy but also i want to add EU user consent privacy policy in my apps can anyone give me a example what to write in launch notice for EU user consent privacy policy. None of my apps collecting any data from any users and using only admob for advertisement @colinadams @anteos  
  • that s it means i will create for each app a privacy policy link in google sites ?
    If you have a lot of apps  what i need to do ?


  • Same Privacy Policy URL for all apps. Just include the word "application" instead of the app title.
    At least that's what I do.
  • Thanks Dear
    then it will be like that :  ?

    Privacy Policy

    ....... built the [ application ] app as a Free app. This SERVICE is provided by ....... at no cost and is intended for use as is.

    This page is used to inform visitors regarding my policies with the collection, use, and disclosure of Personal Information if anyone decided to use my Service.

    If you choose to use my Service, then you agree to the collection and use of information in relation to this policy. The Personal Information that I collect is used for providing and improving the Service. I will not use or share your information with anyone except as described in this Privacy Policy.

    The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which is accessible at [application ] unless otherwise defined in this Privacy Policy.

    Information Collection and Use

    For a better experience, while using our Service, I may require you to provide us with certain personally identifiable information. The information that I request will be retained on your device and is not collected by me in any way.

    The app does use third party services that may collect information used to identify you.

    Link to privacy policy of third party service providers used by the app

    Log Data

    I want to inform you that whenever you use my Service, in a case of an error in the app I collect data and information (through third party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing my Service, the time and date of your use of the Service, and other statistics.

    This app shows ads that use the Android Advertising ID to deliver their ads to you .

    Cookies

    Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.

    This Service does not use these “cookies” explicitly. However, the app may use third party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.

    Service Providers

    I may employ third-party companies and individuals due to the following reasons:

    • To facilitate our Service;
    • To provide the Service on our behalf;
    • To perform Service-related services; or
    • To assist us in analyzing how our Service is used.

    I want to inform users of this Service that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

    Security

    I value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and I cannot guarantee its absolute security.

    Links to Other Sites

    This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by me. Therefore, I strongly advise you to review the Privacy Policy of these websites. I have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

    Children’s Privacy

    These Services do not address anyone under the age of 13. I do not knowingly collect personally identifiable information from children under 13. In the case I discover that a child under 13 has provided me with personal information, I immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact me so that I will be able to do necessary actions.

    Changes to This Privacy Policy

    I may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. I will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.

    Contact Us

    If you have any questions or suggestions about my Privacy Policy, do not hesitate to contact me.



  • Good morning everyone, 
    Just to give you all an update, i was able to very easily get my removed apps back on GP with no hick-ups. It was as simple as adding a privacy policy. i used the custom about field (professional subscription required). I also submitted an update on one of my apps not using the about field, instead i added an activity to the dashboard with my privacy policy and that seemed to satisfy gp as well. Also i added a privacy policy to my store listing, using google sites to host my privacy policy. i have now updated ten more apps using the same format and gp seems to be satisfied. no rejections so far. 
  • If you update store listing without adding activity in app then google will approve it, but you can maybe can be in trouble later. For first update and restore removed apps just update store listing with privacy policy link and later in next app updated you can add privacy policy activity in app.
Sign In or Register to comment.