android - Warning of Google Play Developer policy violation: Action Required

Question

I recently received many mails from google for many of my apps.

The email content is:

Hello Google Play Developer,

Our records show that your app, XXXX, with package name com.XXXX.XXXXXXXXXX, currently violates our User Data policy regarding Personal and Sensitive Information.

Policy issue: Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. Your app requests sensitive permissions (e.g. camera, microphone, accounts, contacts, or phone) or user data, but does not include a valid privacy policy.

Action required: Include a link to a valid privacy policy on your app's Store Listing page and within your app. You can find more information in our help center.

Alternatively, you may opt-out of this requirement by removing any requests for sensitive permissions or user data.

If you have additional apps in your catalog, please make sure they are compliant with our Prominent Disclosure requirements.

Please resolve this issue by March 15, 2017, or administrative action will be taken to limit the visibility of your app, up to and including removal from the Play Store. Thanks for helping us provide a clear and transparent experience for Google Play users.

Regards,

The Google Play Team

The manifest permissions of the apps are listed below:

1-)

<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="android.permission.SEND_SMS" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />

2-)

<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />


<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />

<!--
  IMPORTANT: Change "com.parse.starter.permission.C2D_MESSAGE" in the lines below
  to match your app's package name + ".permission.C2D_MESSAGE".
-->
<permission android:protectionLevel="signature"
    android:name="com.XXXX.XXXXX.permission.C2D_MESSAGE" />
<uses-permission android:name="com.XXXX.XXXXXX.permission.C2D_MESSAGE" />

3-)

<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.GET_TASKS" />
<uses-permission android:name="android.permission.CHANGE_CONFIGURATION" />
<uses-permission android:name="android.permission.WRITE_SETTINGS" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />

<uses-feature android:name="android.hardware.camera" />

4-)

<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.VIBRATE" />

<uses-permission android:name="com.xxxx.xxxxx.permission.C2D_MESSAGE"
    android:protectionLevel="signature" />

5-)

<uses-permission android:name="android.permission.WAKE_LOCK" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />

<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="com.android.vending.BILLING" />

<permission
    android:name="com.xxx.xxxx.permission.C2D_MESSAGE"
    android:protectionLevel="signature" />

<uses-permission android:name="com.xxxx.xxxx.permission.C2D_MESSAGE" />

These are the libraries which Im using

compile 'com.google.android.gms:play-services-ads:10.0.1'
compile 'com.android.support:support-v4:25.1.1'
compile 'com.readystatesoftware.sqliteasset:sqliteassethelper:2.0.1'
compile 'com.melnykov:floatingactionbutton:1.3.0'
compile 'com.android.support:appcompat-v7:25.1.1'
compile 'com.baoyz.swipemenulistview:library:1.2.1'
compile 'com.google.android.gms:play-services-analytics:10.0.1'
compile 'com.flaviofaria:kenburnsview:1.0.7'
compile 'com.commit451:PhotoView:1.2.4'
compile 'com.squareup.picasso:picasso:2.5.2'
compile 'com.astuetz:pagerslidingtabstrip:1.0.1'
compile 'com.code-troopers.betterpickers:library:2.2.2'
compile 'com.android.support:cardview-v7:25.1.1'
compile 'com.onesignal:OneSignal:3.3.1@aar'
compile 'com.google.android.gms:play-services-gcm:10.0.1'
compile 'com.google.android.gms:play-services-location:10.0.1'
compile 'com.android.support:design:25.1.1'
compile 'me.leolin:ShortcutBadger:1.1.10@aar'
// retrofit
compile('com.squareup.retrofit2:retrofit:2.1.0') {
    exclude module: 'okhttp'
}
compile 'com.squareup.okhttp3:okhttp:3.0.0'
compile 'com.squareup.okhttp3:logging-interceptor:3.0.1'
compile 'com.squareup.retrofit2:adapter-rxjava:2.1.0'
compile 'com.squareup.retrofit2:converter-gson:2.1.0'
compile 'io.reactivex:rxandroid:1.1.0'
// UI binding
compile 'com.jakewharton:butterknife:8.2.1'
apt 'com.jakewharton:butterknife-compiler:8.2.1'
// DB
compile 'org.greenrobot:greendao:3.0.1'
compile 'com.github.paolorotolo:appintro:4.1.0'
compile 'com.readystatesoftware.sqliteasset:sqliteassethelper:+'

Which of those permissions are violating Google User Data? Is there a list of permissions which are violating Google User Data? How to fix it? Should I remove those or is there another solution for it? Also if I have to prepare a privacy policy are there some example ones?

Thanks in regards.

Answer 1

There is some way to overcome this policy violation. First of all you need to make policy violation file. To do this here is some way:

1. Go to this link: https://app-privacy-policy-generator.firebaseapp.com/

and then provide your app name, developer account name etc then generate your policy file.

2. or you may use this template: https://gist.github.com/alphamu/c42f6c3fce530ca5e804e672fed70d78

   and then just replace app name, developer account etc with yours.

Now how you link up your privacy file:

If you have a own server then you can host the file in your server and use that link. If not then there are some other way to make your work done.

1. You may put your file in git then use that link
2. You also go for a better way, such as just create a docs file in your google drive and then paste your policy text on that and then select File->Publish for the web you will get a link to share just use that link in your policy url.

Hope these will help you.