HELP! "APK REMOVED FROM PLAYSTORE BECAUSE OF POLICY AND PROMINENT DISCLOSURE"

[Chinedu Emeka]

Hello,

My APK was removed from the playstore for the reason provided below:

APK REQUIRES VALID PRIVACY POLICY AND PROMINENT DISCLOSURE
Your app is uploading users' Installed Application information without a prominent disclosure. Make sure to also post a privacy policy in both the designated field in the Play Developer Console and from within the Play distributed app itself.

I am baffled because I have had different versions of this app in the playstore and never encountered this problem before. Furthermore to the best of my knowledge, I am NOT uploading  any user information other than user email address (and device ID) for the purpose of signing in the user.

I took a look at the installation process of my app, the following 4 permissions are required:

1. allow "myapp" to take pictures and record video

2. allow "myapp" to access photos, media, and files on your device

3. allow "myapp" to access your contacts

4. allow "myapp" to record audio

I am thinking that the breach (if any) lies in no. 3. Incidentally, my developer machine does NOT have a sim card (or any phone connection) attached so I am sure that I am NOT actively trying to access any user contact information. 

Other than trial & error, Is there any way to reverse engineer the process so that I can find out what functionality that makes my app require a specific permission (for example, why does myapp require permission to access contacts when I am not doing anything with contacts).  This will enable me to determine if that functionality can be removed (or worked around).

Thank you

[Alan Hendry]

Hi ,

Have you tried using a build.json to reduce your required permissions?

https://groups.google.com/g/androidscript/c/znTcLsg4u9M

Regards, ah

[Chinedu Emeka]

Hello,

From the link, I have seen that below can be used to remove permissions.

"removePermissions" : "WRITE_EXTERNAL_STORAGE, ACCESS_WIFI_STATE",

Is it possible to obtain a list of permissions requested by Droidscript for a particular App which will then facilitate usage of  "removePermissions" to test if those permissions can be removed without compromising the functionality of the app?

Thank you for the information provided. 

[Steve Garman]

If your app uses any of   

   app.CreateContacts()

   app.GetUser()

   app.GetAccounts()

It will require Contacts permission

If you are only using GetUser from the above you might ask yourself whether you really need it

If you are unable to remove it, you will need to follow the new rules about notifying the user of why your app needs it

Much more information about the new requirements is at:

https://support.google.com/googleplay/android-developer/answer/10808976

[Chinedu Emeka]

Hello,

Thank you for providing this explanation. 

I have read the document and now understand that my use of app.GetUser() is one of the reasons why my app was removed. How about taking photos & making videos with the camera, my app allows users to do both - does that also fall under the new rules? 

Much obliged for your help.