Google Play Ban - Privacy Policy Violation

Hi everyone!

After having our SAB 4.5/4.6 app out since early July on Google Play, the support team has temp-banned our app due to privacy policy violations. I believe this is because of the analytics we are collecting from Amplitude and Firebase. In the short term, the easiest solution would be to remove the analytics, however we would love to keep them for the long term. Now, we don’t have a published privacy policy on our Google Play store - which I will remedy. However, the google play team also said we would need to incorporate the privacy policy within the app itself and get clear consent from the users BEFORE we collect data (see email and “User Data” section below).

Is there any plans to ask for consent before enabling the checkbox? (E.g. this option will collect user data from you, are you sure you want to do this?)

Google Play Support Email (Removed all links from the email)

Hi developers at ********,

After review, **********************, has been removed from Google Play due to a policy violation. This app won’t be available to users until you submit a compliant update.

Issue: Violation of Usage of Android Advertising ID policy and section 4.8 of the Developer Distribution Agreement

Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. We’ve identified that your app collects and transmits the Android advertising identifier, which is subject to a privacy policy requirement. If your app collects the Android advertising ID, you must provide a valid privacy policy in both the designated field in the Play Console, and from within the app.

Next steps: Submit your app for another review

  1. Read through the Usage of Android Advertising ID and User Data policies, as well as the Developer Distribution Agreement, and make appropriate changes to your app. If you decide to collect sensitive user information, be sure to abide by the above policies, and include a link to a valid privacy policy on your app’s store listing page and within your app.
  2. Make sure that your app is compliant with all other Developer Program Policies. Additional enforcement could occur if there are further policy violations.
  3. Sign in to your Play Console and submit the update to your app.

Alternatively, you may opt-out of this requirement by removing any requests for sensitive permissions or user data.

If approved, your app will again be available with all installs, ratings, and reviews intact.

If you’ve reviewed the policy and feel this removal may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.

Thanks for helping us provide a clear and transparent experience for Google Play users.

Regards,

The Google Play Team

User Policy

Prominent Disclosure Requirement

If your app collects and transmits personal or sensitive user data unrelated to functionality described prominently in the app’s listing on Google Play or in the app interface, then prior to the collection and transmission, it must prominently highlight how the user data will be used and have the user provide affirmative consent for such use.

Your in-app disclosure:

  • Must be within the app itself, not only in the Play listing or a website;
  • Must be displayed in the normal usage of the app and not require the user to navigate into a menu or settings;
  • Must describe the type of data being collected;
  • Must explain how the data will be used;
  • Cannot only be placed in a privacy policy or terms of service; and
  • Cannot be included with other disclosures unrelated to personal or sensitive data collection.

Your app’s request for consent:

  • Must present the consent dialog in a clear and unambiguous way;
  • Must require affirmative user action (e.g. tap to accept, tick a check-box, a verbal command, etc.) in order to accept;
  • Must not begin personal or sensitive data collection prior to obtaining affirmative consent;
  • Must not consider navigation away from the disclosure (including tapping away or pressing the back or home button) as consent; and
  • Must not utilize auto-dismissing or expiring messages.

To help with writing your Privacy Policy, here is an example:

https://www.wycliffe.org/scripture-app-privacy

The important thing is to be clear to the user about what you are collecting (app usage info) and what you are not collecting (sensitive, personally identifiable information).

Thank you Richard! But to be clear, will we have the ability to ask for clear consent in the app’s request? I’m specifically referencing the requirement from Google of " * Must present the consent dialog in a clear and unambiguous way; Must require affirmative user action (e.g. tap to accept, tick a check-box, a verbal command, etc.) in order to accept;". It also seems that we begin to collect analytics without affirming consent too. Thoughts?

Tim, as far as I am aware, apps built with SAB do not collect and transmit “personal or sensitive user data unrelated to functionality described prominently in the app’s listing on Google Play or in the app interface”.

As far as I understand it, what you are talking about is transmitting usage analytics. I believe that most apps we use on our phones collect usage analytics data, and we don’t have to explicitly consent to them doing so - but they do need a privacy policy to explain what kind of analytics they are collecting and for what purpose.

Thanks Richard. We went ahead and added the privacy policy and google support has reinstated our app. I’m still confused as to why google support highlighted initially “personal or sensitive user data unrelated to functionality…” but I am very grateful they reinstated it and for the help you provided. Thank you!

Tim

Would the Privacy Policy linked above be suitable for an individual app made with SAB?
I would change the wording from ‘scripture apps’ to the specific app’s name.