App removed from Google Play due to policy violation with Branch

For those who still seem to be affected, can you please:

  • Ensure you have put an updated (Branch-less) apk in every release track for your app, not just the production track

  • Check to make sure you don’t have any old builds containing branch in your alpha, beta and internal tracks

Hi everyone, Alex from the Branch team here :wave: .

I’d like to apologize for this confusion and clarify the situation with a bit of background.

Branch is a mobile measurement and deep linking platform. We exist to do two things: 1) help developers offer awesome, seamless user experiences (e.g., deferred deep linking and referral programs), and 2) provide accurate measurement so developers are able to see how their user acquisition campaigns (ads, email, social media, smart banners, etc.) are performing.

Early in 2015, Branch introduced an analytics functionality that would read the package names of other apps installed on the device, intending to provide metrics around this to developers. Gathering this data was common practice for many apps and not a violation of Play Store policies. We sunset this product in early 2016 and updated our API to silently drop this data whenever it was sent by the SDK. However, the code itself remained in the Android SDK.

Google informed us in 2017 that, even though Branch is not storing or using the data, this API endpoint should be removed and that apps using older versions of the Branch SDK should be updated to the current version to remain in compliance. We removed the API endpoint and worked with app developers to encourage SDK updates. Google recently reached out and wants to take more aggressive action on apps that still contain non-compliant SDK versions in older APKs.

Basically, there are two situations that cause Google to flag an app in the way you’ve been observing in this thread:

  1. Your app is still using an old version of the Branch SDK in the current release (< v2.11.0 of the native Branch Android SDK, which was < v2.0.0 of the Branch React Native wrapper, which appears to be < v28.0.0 of the Expo SDK)
  2. The version of the Branch SDK in your current release is safe, but older APK versions still exist in the Play Store Console that contain a non-compliant SDK version.

For developers using Expo, this appears to be more complicated for two reasons:

  1. It appears the Expo SDK contained a non-compliant version of the Branch SDK until mid-2018.
  2. Due to Expo’s automatic module handling (which as noted above, has now been temporarily updated to exclude the Branch module), you might not have even realized that the Branch SDK is in older APK versions on the Play Store.

Fortunately, resolving this is pretty straight-forward: once 1) the current release of your app is updated and 2) older APKs are removed (in this case, I believe that would mean removing any app build created with a version of Expo SDK older than v28.0.0), you should have no further issue from Google.

I’ve been in touch with the Expo team to make sure we have a path forward for getting the Branch module back in ExpoKit. In the meantime, please feel free to reach out to support@branch.io with any specific questions or concerns.

Thank you for your support. I have updated the branch sdk for android to the latest (3.1.0) and I am in the process to redeploy the app, is there any need to update my privacy policy to mention branch ?

Is there anyone who has his app removed, then reinstated it successfully ?

@andolad After my app was removed, I received an email from google play support stating that "We’ve identified that your app is using an SDK or library that facilitates the collection and transmission of installed packages information without meeting the prominent disclosure guidelines. "

Google then reinstated it successfully after I updated Branch sdk on it, and republished it on all release track where apps with older versions of Branch existed

1 Like

I’m using import { Linking } from 'react-native'. Looks like it shouldn’t count. But my app were removed twice :slight_smile:
May be Link is using Branch?

I was able to reinstate my app. I was on a very old version (v24.0.0) of Expo and had a lot of trouble trying to upgrade the project to the newest version. Eventually I decided to rebuild the whole app on top of a fresh v32.0.0 and eject after that. My app has now been back online for a couple of weeks so looks like that did the trick.

Thanks to everybody sharing their experiences and tips in this thread, and especially to the Expo and Branch crew for the support!

1 Like

No, it definitely does not use Branch.

1 Like

Hi team,
Our app also got removed from play store. To fix this we removed compile 'io.branch.sdk.android:library:2.6.1' from build.gradle after following this article. We republished our app on April 29 and it got removed again because we didn’t remove older versions. On May 3 we republished after removing older versions and just yesterday we received another removal email from play store.

We are not able to rectify the issue and need help.

Thanks,

Hey @nishantn41,

Did Google specifically say in the rejection that it was due to Branch? I would try and get clarification from them. Some users have had their apps rejected, only to resubmit and have them accepted without any changes made.

Also- jsut want to make sure you followed the rest of the Expokit instructions in that article? As in updating your expokit version and reinstalling?

Thanks!

Hi @charliecruzan,
In the last email that we received they have not specifically said that it is due to Branch but in previous email they have said that.
This is what we have received this time.

Issue: Violation of Personal and Sensitive Information policy
We’ve identified that your app is using an SDK or library that facilitates the collection and transmission of installed packages information without meeting the prominent disclosure guidelines.

Also, our app was using SDK 26 previously. Just after we received last email on May 16 we have updated to SDK 30. will that make any difference?
Is there any way to identify which SDK has caused violation if they have not directly stated?

Thanks,

That seems to be the same email that most developers in this situation are receiving. And that shouldn’t be the difference (SDK versions).
However I strongly recommend upgrading to SDK 31 or (preferably) 32, as we will soon be deprecating support for any version =< 31. This still keeps ~6 months of backward compatibility, but that no longer equates to 6 SDK versions. You can read more about that decision here.

You can follow the upgrade instructions here. Please be aware of the breaking change made to import statements as described in the blog post!

Yes +1 thank you!!!

will expo include Branch sdk in ver 33? We use turtle for build .apk with Branch support, everything ok in store presense(we have 2 applications).

It will not be included (at least not during the initial release) of SDK33.

Just ran into this issue with our app as well. Removed from the Play store, received an email mentioned Branch IO which I’d never heard of or use so was pretty confused. Found out we still had an old build published in the Alpha test track that was the culprit. After I removed that and published a new build (no changes, currently on SDK 32), it was published successfully to the store.

1 Like

hi all, my app is also removed from Google Play due to policy violation, can it be because of sentry ?, i have already upgrade the app to 32 SDK, it doesn’t help…

This shouldn’t be due to Sentry (if you suspect that though, you could always ask Google for clarification)

Thank you, i’ll try to ask them what is wrong in my APK.

it’s not because of sentry, the app was published (just must wait a little bit longer), but do not forget to remove your old .apk (with SDK < 32) from the published list