Hi everyone, Alex from the Branch team here 
.
I’d like to apologize for this confusion and clarify the situation with a bit of background.
Branch is a mobile measurement and deep linking platform. We exist to do two things: 1) help developers offer awesome, seamless user experiences (e.g., deferred deep linking and referral programs), and 2) provide accurate measurement so developers are able to see how their user acquisition campaigns (ads, email, social media, smart banners, etc.) are performing.
Early in 2015, Branch introduced an analytics functionality that would read the package names of other apps installed on the device, intending to provide metrics around this to developers. Gathering this data was common practice for many apps and not a violation of Play Store policies. We sunset this product in early 2016 and updated our API to silently drop this data whenever it was sent by the SDK. However, the code itself remained in the Android SDK.
Google informed us in 2017 that, even though Branch is not storing or using the data, this API endpoint should be removed and that apps using older versions of the Branch SDK should be updated to the current version to remain in compliance. We removed the API endpoint and worked with app developers to encourage SDK updates. Google recently reached out and wants to take more aggressive action on apps that still contain non-compliant SDK versions in older APKs.
Basically, there are two situations that cause Google to flag an app in the way you’ve been observing in this thread:
- Your app is still using an old version of the Branch SDK in the current release (< v2.11.0 of the native Branch Android SDK, which was < v2.0.0 of the Branch React Native wrapper, which appears to be < v28.0.0 of the Expo SDK)
- The version of the Branch SDK in your current release is safe, but older APK versions still exist in the Play Store Console that contain a non-compliant SDK version.
For developers using Expo, this appears to be more complicated for two reasons:
- It appears the Expo SDK contained a non-compliant version of the Branch SDK until mid-2018.
- Due to Expo’s automatic module handling (which as noted above, has now been temporarily updated to exclude the Branch module), you might not have even realized that the Branch SDK is in older APK versions on the Play Store.
Fortunately, resolving this is pretty straight-forward: once 1) the current release of your app is updated and 2) older APKs are removed (in this case, I believe that would mean removing any app build created with a version of Expo SDK older than v28.0.0), you should have no further issue from Google.
I’ve been in touch with the Expo team to make sure we have a path forward for getting the Branch module back in ExpoKit. In the meantime, please feel free to reach out to support@branch.io with any specific questions or concerns.