2

I have been sent the following email from Google Play store. My app has ads provided by Admob which i am sure is what is causing this issue. For iOS i added the privacy information in the info.plist which was ok for Apple however Google wants me to add a privacy policy and link it in the store listing.

Has anyone had this issue before? My app is just a game that doesn't access any information from the user it could only be the ads causing it.

"Policy issue: Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. Your app requests sensitive permissions (e.g. camera, microphone, accounts, contacts, or phone) or user data, but does not include a valid privacy policy.

Action required: Include a link to a valid privacy policy on your app's Store Listing page and within your app. You can find more information in our help centre."

Petter Hesselberg
  • 5,062
  • 2
  • 24
  • 42
uz7
  • 159
  • 2
  • 15
  • No it can never be because of ads, this might be because possibly you are using an plugin which requires these additional permissions – Yogesh Dec 21 '16 at 12:32
  • When i uploaded to iOS App Store, i had to add fields that said Admob can access Bluetooth peripheral, Photo Library and Calendars. However, i haven't done this for Android as there is no info.plist file. There are no other plugins used. – uz7 Dec 21 '16 at 13:03
  • Please list of all permissions used in your app – Amod Gokhale Dec 21 '16 at 14:19
  • @AmodGokhale Privacy - Photo Library Usage, Privacy - Bluetooth Peripheral Usage, Privacy - Calendars Usage. – uz7 Dec 21 '16 at 15:55
  • 1
    there you go ( Calendars ) you need to make sure appropriate privacy policy is linked on google play store console https://play.google.com/about/privacy-security/user-data// ( You need to link it in play store admin console - > Store listing > last settings. For a privacy policy language refer to your legal department – Amod Gokhale Dec 21 '16 at 16:35

1 Answers1

6

I think I'm qualified to give you a more detailed answer. I also have apps on the App Store (iOS) and recently researched the whole Google Play privacy policy issue at length - the reason being that I've worked on a (mobile) privacy policy generator for years.

Your issue doesn't seem to be one and Google's email is vague - it says it could be a permissions issue, OR a user data issue.

Ads are among the more intrusive things one can do and certainly warrant a privacy policy by itself, accessing "dangerous" permissions is another one.

Additionally, the fact that Apple let your app through and Google didn't, isn't a hint at everything being ok on the side of the App Store, btw.

What you must do to fix:

1) Add statements about using Admob into your privacy policy

Your use of Admob is subject to the Admob programme policies, which says:

Privacy You must disclose clearly any data collection, sharing and usage that takes place on any site, app or other property as a consequence of your use of any Google advertising service. To comply with this disclosure obligation with respect to Google’s use of data, you have the option to display a prominent link to How Google uses data when you use our partners’ sites or apps.

2) Add statements about your use of any dangerous permissions like the following

CALENDAR READ_CALENDAR WRITE_CALENDAR CAMERA
CAMERA CONTACTS
READ_CONTACTS WRITE_CONTACTS GET_ACCOUNTS LOCATION
ACCESS_FINE_LOCATION ACCESS_COARSE_LOCATION MICROPHONE
RECORD_AUDIO PHONE
READ_PHONE_STATE CALL_PHONE READ_CALL_LOG WRITE_CALL_LOG ADD_VOICEMAIL USE_SIP PROCESS_OUTGOING_CALLS SENSORS BODY_SENSORS SMS SEND_SMS RECEIVE_SMS READ_SMS RECEIVE_WAP_PUSH RECEIVE_MMS STORAGE READ_EXTERNAL_STORAGE WRITE_EXTERNAL_STORAGE

3) What else belongs in your privacy policy (very superficial overview)

Here's some more information that might help you in getting this done well:

  • Outline which dangerous/sensitive permissions you request
  • Outline any other user data you collect, for instance advertisement services!
  • Describe what purpose they serve and use them only for that purpose
  • Information about the site/app owner.
  • The kind of data being collected and how it is collected.
  • The purpose of the data collection (i.e. analytics, email marketing).
  • Any third parties that have access to the information and through which means (widgets and integrations).
  • The rights of users regarding their data (i.e. the ability to request to see the data, to rectify, erase, or block).
  • The process for notifying users and visitors regarding material changes to the privacy policy.
  • Effective date of the privacy policy.

To conclude. This isn't an easy job for anyone that isn't a privacy professional. Even for lawyers this takes a lot of reading usually. For this reason I'll link to two posts that go into the nitty gritty details:

I hope this helps :)

Simon
  • 2,263
  • 2
  • 19
  • 26