[Android] Violation of Usage of Android Advertising ID
TL;TR
Disable tracking of advertising ID on your third party dependencies.
Firebase
Fabric
Upgrade Fabric (Crashlytics) to version 2.9.3
.
Branch.io
——–
First email - No privacy policy
Problem
Since end of 2017 Google validate very strict the usage of user data and privacy requirements.
Few month ago (28.09.2018) our app Battery Wallpaper are removed from store. We received following email:
Hi developers at LiveYourProject,
After review, Battery Wallpaper, com.liveyourproject.batterywallpaper, has been removed from Google Play due to a policy violation. This app won’t be available to users until you submit a compliant update.
Issue: Violation of Usage of Android Advertising ID policy and section 4.8 of the Developer Distribution Agreement
Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. We’ve identified that your app collects and transmits the Android advertising identifier, which is subject to a privacy policy requirement. If your app collects the Android advertising ID, you must provide a valid privacy policy in both the designated field in the Play Console, and from within the app.
Next steps: Submit your app for another review
Read through the Usage of Android Advertising ID and User Data policies, as well as the Developer Distribution Agreement, and make appropriate changes to your app. If you decide to collect sensitive user information, be sure to abide by the above policies, and include a link to a valid privacy policy on your app’s store listing page and within your app. Make sure that your app is compliant with all other Developer Program Policies. Additional enforcement could occur if there are further policy violations. Sign in to your Play Console and submit the update to your app. Alternatively, you may opt-out of this requirement by removing any requests for sensitive permissions or user data.
If approved, your app will again be available with all installs, ratings, and reviews intact.
If you’ve reviewed the policy and feel this removal may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.
Thanks for helping us provide a clear and transparent experience for Google Play users.
Regards,
Jared
The Google Play Team
Solution
Okay, that’s right! At this time we haven’t any terms of use or privacy policy. Google’s privacy policy requirements say that the user must accept the term & privacy directly. It’s not allowed to hide the links to terms & privacy in settings menu.
- So we create terms & privacy policy documents on our website.
- Create links in settings
- Add privacy link in store entry
- Show a dialog at first startup to accept our terms & privacy
and resubmit our app.
Terms & privacy dialog on startup
Our app was republished and anything war good.
Second email - Advertising ID
Problem
A few months ago (09.03.2019) the same app was removed again with same message.
We find out that Firebase Anaytics use this advertising identifier. After reasearch and careful reading of Google’s requirements we found the main problem. If you use personal user data (example: Advertising Identitfier) you need to explain the usage of this data to your clients. It’s not enough to do that in your privacy policy. You must do that directly in your app.
Solution
To solve this there are multiple solutions:
- Remove usage of advertising ID
- Deactivate usage
- Remove tools using that
- Add dialog/message with short directly summary of personal data usage
1. Remove usage of advertising ID
Our our app(s) use multiple tools like Firebase, Fabric (Crashlytics), Facebook & Branch.io. that all uses this advertising ID … yes, wow!
To keep usage of this tools we disable tracking of problematic ID.
Firebase
To disable advertising ID tracking on firebase it’s only need a meta data entry on your AndroidManifest.xml
.
Fabric
Fabric (Crashlytics) has removed advertising ID tracking since version 2.9.3
.
Facebook track this identifier too and give some options to disable this since version 4.39
.
The SDK give us two ways to deactivate ad tracking. At first you can use a meta data entry on your AndroidManifest.xml
again.
or do this in your code with
Branch.io
Branch.io has no option to deactivate this tracking. Only a function to full disabling analytics is available.
Note: Branch.io track advertising ID only on disabled test mode!
You can deactivate the tracking programmatically with
That’s it! Resubmit your app and all things are fine. If not done before add your policy to your Play Store entry.
2. Add dialog with summary of personal data usage
If you wish to use the advertising ID you need to show your users the personal data usage directly in your app (not in privacy policy document) at startup.
We not found a cool and fancy library for this 😢.
We recommend to build a fancy user friendly variant to show this but for a quick and dirty solution you can use in example a simple terms dialog that listing your personal data usage.
Simple detailed privacy dialog on startup
References
- Disable firebase advertising ID collection
- Fabric removed advertising ID I
- Fabric removed advertising ID II
- Disable facebook advertising ID collection
- Disable branch.io tracking
- Github khirr/Android-Privacy-Policy
Contact
If you have addational third party tools that I should add here or corrections contact me at info@liveyourproject.com.
Author: Fabian Keunecke