App Removed from Playstore- Violation of Personal and Sensitive Information policy

#37

@pstahleybg- hope this means you were able to get your app through? :pray:

Thanks for reaching out to them for clarification!

#38

I too am facing this issue. I received a notification from the play store notifying me that my app was removed from the app store. Google explained:

“Your app is using the Branch IO SDK, which is uploading users Installed Packages information to https://api.branch.io/v1/applist without a prominent disclosure. Prior to the collection and transmission, it must prominently highlight how the user data will be used, describe the type of data being collected and have the user provide affirmative consent for such use.”

I read the forums and followed the instructions. I use expo 32.0.6 so the fix was as simple as building and re-deploying. The beta and alpha track have nothing on them:

After submitting the updated app without Branch IO my application was accepted, only to be removed again a few days later. The play store was more vague this time:

“We’ve identified that your app is using an SDK or library that facilitates the collection and transmission of installed packages information without meeting the prominent disclosure guidelines.”

I did not find any usage of branch functionality within my own app, and to be absolutely sure I downloaded the apk from the play store and could not find any mention of branch in the file. I appealed to the Google Play Store and received this response:

"During review, we found that your app is using an SDK(BranchIO SDK) or library that facilitates the collection and transmission of installed packages information without meeting the prominent disclosure guidelines.

If necessary, you can consult your SDK provider(s) for further information."

I am not sure how to proceed. Please let me know if there is any step that I have missed or any additional step I should take to resolve the issue.

#39

Hey @charliecruzan

I don’t have any channels other than the production channel with APK files in them. I did have an app which used the branch API but I updated Expo to a more recent version (hence the issue with the Expo SDK version - I tried to do it all in a rush).

I’ll try reaching out to Google and see if they can manually approve it.

#40

@jacksonkontny-i11,

Best route to proceed is asking Google for clarification, seems from comments such as this one that at least sometimes after submitting an appeal, apps that were rejected are then approved. But I would search through APKs for any usage of Branch before asking for an appeal (as done above).

It’s tough to say anything for sure since the rejection message gives so few details :confused:

#41

@charliecruzan
Thanks for the response. To be clear, I did search through the APK for any usage of Branch before asking for an appeal. Here are the build artifacts on the play store:
image

I downloaded the latest build artifact (version 31) and an grepped (case insensitive) for branch:

$ ls -la
total 65M
drwxr-xr-x   6 jacksonkontny staff 192 May 17 11:03 .
drwx------+ 15 jacksonkontny staff 480 May 17 11:03 ..
-rw-r--r--   1 jacksonkontny staff 16M May 17 11:00 30-1.apk
-rw-r--r--   1 jacksonkontny staff 16M May 17 11:00 30.apk
-rw-r--r--   1 jacksonkontny staff 16M May 17 11:00 31-1.apk
-rw-r--r--   1 jacksonkontny staff 16M May 17 11:00 31.apk

$ grep -ri branch ./*
Binary file ./30-1.apk matches
Binary file ./30.apk matches

You can see above that branch exists in the old version, but not the new version. Specifically the old version has a reference to:
fabric/io.branch.sdk.android.library.properties

Let me know if there is anything else I should look into, or anything else I am missing.

#42

@jacksonkontny-i11, as our blogpost regarding branch states:

If adding a new build to all release tracks doesn’t resolve this, you may need to delete your prior releases altogether.

That’s the only other step that seems likely to help, aside from reaching out to Google for clarification

#43

@charliecruzan Thanks again for working with me. Would you mind elaborating on how we should go about deleting our prior releases altogether? We only have the production release. Are you suggesting we release an ‘empty’ apk, and then re-release the apk with “branch” removed?

The responses from Google Play Store have been vague and delayed, but I will continue to solicit more information from them.

#44

No, sorry if I’m not being clear, I don’t have much experience with the Google Play store.

I wasn’t sure if it was possible that the archived artifact (v 30) which you confirmed does have Branch was causing the rejection. Would be odd, but it was just an idea :thinking:

#45

Thank you sir. I’ll reach out to google, and in the meantime will see if I can get some clarification on what is meant in the blog post.

#46

Hi @jacksonkontny-i11 - our most updated understanding is that it’s important to

(1) explain that the Branch module was bundled in with your apk as part of the Expo build process but (critically) unused, and you have since re-built your release to exclude the Branch module since you don’t want or need to use it, and deleted all other intsances

(2) make sure the above is true.

We’ve seen a case or two similar to yours where the old inactive apks (which I believe you’re not able to touch) had the Branch module, but explaining the situation and that they’d fixed it going forward resolved the issue.

Cheers,
Jess

1 Like
#47

Thank you all so much for the suggestions. Updating the alpha and beta tracks of my app to the latest apk and ensuring that no other old apk was still active in the “Release Management -> Artifact library” section fixed the issue and the app was back in the the Play Store in under an hour.

2 Likes
#48

Glad to hear that, @seekshiva! Hopefully others will follow suit and we can finally get back to some semblance of order and peace.

#49

Hi all,

We are also facing the same issue. Which version of Branch SDK are you all using?

Thanks,
Meghana

#50

@jess @charliecruzan

Thank you for your help. We have been approved to resubmit by the google play store! It took several appeal attempts, so for those of you that get rejected on your first appeal, do not lose hope. Here is the specific appeal thread that worked for me, so you all can follow it and hopefully find success in your appeal on the first try…

Unfortunately I don’t have access to the very first appeal I sent through the play store. Suffice to say I let the Play Store know about the issue with expo and that I resolved it, and that my app no longer uses the Branch IO SDK. They responded with a typical rejection template, including this message to help identify the issue:

"During review, we found that your app is using an SDK(BranchIO SDK) or library that facilitates the collection and transmission of installed packages information without meeting the prominent disclosure guidelines. "

I responded to their team, using specific wording recommended by @jess:

BEGIN EMAIL

The Branch module was bundled in with my apk as part of the Expo build process but unused, and I have since re-built my release to exclude the Branch module since I don’t want or need to use it. Can you confirm that it is specifically the latest version of the application that is causing the rejection? If a previous version is causing the rejection, can you help me remove all references to the previous version, as I no longer want to expose that version to our users.

To elaborate on why I believe that Branch IO do not exist on version , I downloaded the apk for the latest version of our app as well as a previous version and looked for the BranchIO SDK. I also grepped (case insensitive) for branch within those files:

$ ls -la

total 65M

drwxr-xr-x   6 jacksonkontny staff 192 May 17 11:03 .

drwx *------+ 15 jacksonkontny staff 480 May 17 11:03 ..*

-rw-r *--r--   1 jacksonkontny staff 16M May 17 11:00 30-1.apk*

-rw-r *--r--   1 jacksonkontny staff 16M May 17 11:00 30.apk*

-rw-r *--r--   1 jacksonkontny staff 16M May 17 11:00 31-1.apk*

-rw-r *--r--   1 jacksonkontny staff 16M May 17 11:00 31.apk*

 

$ grep -ri branch . */**

*Binary file ./30-1.apk matches*

*Binary file ./30.apk matches*

You can see above that branch exists in the old version, but not the new version. Specifically the old version has a reference to:

fabric/io.branch.sdk.android.library.properties"

END EMAIL

Whether or not I just got lucky or this email has the magic combination of key words to get past the play store gate keepers is hard to say, but if you’re getting rejected by the Play Store, responding to their rejection with a message like this is worth a shot.

1 Like
Google Play Store App Removals due to Branch Guide
#51

@jacksonkontny-i11 Do you know which version of Branch was in your Expo version? I am a Branch user but I do not use Expo. Our app has also been removed from Play store. I would like to know if its a problem with a specific version of Branch and whether it can solved by updating the Branch SDK

#52

@meghana.s if you are using Branch then I’m not sure this thread will have the information you need to resolve your issue. This thread specifically applies to Expo users that do not use Branch. The old Expo build process was bundling Branch in with the release artifact even if your app did not use Branch. It seems the Play Store only recently started checking for Branch usage. If you are using Branch, it is likely Branch is obtaining information from users that you need to make your users aware of through your privacy policy.

#53

@jacksonkontny-i11 can’t thank you enough for sharing this with everyone!

Providing these details will definitely help so many of the other devs having the same trouble :blush: And congrats on the approval, of course!

#54

We did an appeal and received a reply that we are in violation of the Device and Network Abuse policy (I published a new version with changes found here):


We have determined that your app is conducting app install attribution abuse via one or more of the following SDKs:

  • AltaMob
  • BatMobi
  • YeahMobi

You can read through the Device and Network Abuse policy page for more details and examples of common violations.

Please note that suspensions count as strikes against the good standing of your Google Play Developer account. Egregious or multiple policy violations can result in suspension, as can repeated app rejections or removals.

Not sure what to make of this. Are these SDKs included in the Branch SDK? They are telling us that we need to publish under a new package and new app name…

#55

Thanks for your reply.

FYI for any users who are facing this issue (even though this thread is not for them), it seems that an old version of Branch is the problem. We resolved it by removing old apks from our alpha and beta track that were using an old version of Branch.

#56

For those still affected, please see this post.