App Removed from Playstore- Violation of Personal and Sensitive Information policy

Holy cow you are correct. Thanks so much! Put me on the right path.

Had to figure out how to remove the old beta track which is not straight forward. You have to submit an empty release with no code / APK and that removes the previous testing.

Then I resubmitted the app and was approved minutes later!

https://play.google.com/store/apps/details?id=com.sdbeer.mobile

Thanks again!

1 Like

Happy to help!

Why empty apk, just your new apk, not ?

Jumping in, just got an email from Google Play support today with the same message, violation of Personal and Sensitive Information Policy. I’ve asked for more details and hopefully will get something back and share here. Will try above suggestions in the meantime.

I got another removal notice today as well.

I already rebuilt and submitted a Branch-less APK to all release tracks a few weeks ago, so I’m not sure if this is related to Branch or something else.

1 Like

The follow up from the Google policy team indicates that my app is still “using the Branch IO SDK, which is uploading users Installed Packages information without a prominent disclosure”.

This is after building a new APK with Expo ^32.0.0 using expo build:android which should have removed the Branch module.

I have a single active APK that I pushed through all release tracks, so I don’t think an old APK is the cause.

How can I can confirm that my APK does not contain the Branch module?

@pstahleybg- Could you try scanning your unzipped APK file with grep for the string “branch”?

Here’s a search for ‘branch’ in the unzipped APK files:

@pstahleybg thank you! Looks fine, could you also scan your .class files, as well?

I did some deeper digging with ClassyShark, and couldn’t find any ‘branch’ references in the manifest or class files:

image

I asked Google if they could tell me exactly where in my APK Branch IO SDK was included, because I’m at a loss.

This also happened to me.

My app was removed due to Branch.io last week. I upgraded to Expo v32 and resubmitted earlier this week, which Google accepted and restored to the Play Store.

Today:

After review, Vaishnava Calendar, com.mattstone.vcal, has been removed from Google Play due to a policy violation. This app won’t be available to users until you submit a compliant update.

Issue: Violation of Personal and Sensitive Information policy

We’ve identified that your app is using an SDK or library that facilitates the collection and transmission of installed packages information without meeting the prominent disclosure guidelines.

If necessary, you can consult your SDK provider(s) for further information.

Next steps: Submit your app for another review

Read through the Personal and Sensitive Information policy and make the appropriate changes to your app.
Make sure your app is compliant with the User Data policy and all other Developer Program Policies. Additional enforcement could occur if there are further policy violations.
Sign in to your Play Console and upload the modified, policy compliant APK. Make sure to increment the version number of the APK.
Submit your app.
If you’ve reviewed the policy and feel this removal may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.

No mention of the Branch.io SDK in this message. I’ve reached out to Google for further clarification.

Okay, thanks for asking them for more info!

Sorry for this complication, it’s our goal to make building apps easy and smooth, and unfortunately we are equally confused as to why this continues to happen even after removing the Branch module from Expo builds :frowning:

Let me know what Google comes back with :+1:
-Charlie

Same issue for me this morning:

Email from Google:

Hi Developers at Glue Digital Studio,

After review, MyFootballWriter, com.myfootballwriter.gluestudio, has been removed from Google Play due to a policy violation. This app won’t be available to users until you submit a compliant update.

Issue: Violation of Personal and Sensitive Information policy

*We’ve identified that your app is using an SDK or library that facilitates the collection and transmission of installed packages information without meeting the prominent disclosure guidelines. *

If necessary, you can consult your SDK provider(s) for further information.

Next steps: Submit your app for another review

1. Read through the Personal and Sensitive Information policy and make the appropriate changes to your app.
2. Make sure your app is compliant with the User Data policy and all other Developer Program Policies. Additional enforcement could occur if there are further policy violations.
3. Sign in to your Play Console and upload the modified, policy compliant APK. Make sure to increment the version number of the APK.
4. Submit your app.

If you’ve reviewed the policy and feel this removal may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.

And my package.json file:

{
  "name": "my-football-writer",
  "version": "2.0.0",
  "description": "Hello Expo!",
  "author": null,
  "private": true,
  "main": "node_modules/expo/AppEntry.js",
  "dependencies": {
    "axios": "^0.16.2",
    "expo": "31.0.0",
    "lodash": "^4.17.4",
    "prop-types": "^15.5.10",
    "qs": "^6.5.0",
    "react": "16.5.0",
    "react-native": "https://github.com/expo/react-native/archive/sdk-32.0.0.tar.gz",
    "react-native-elements": "^0.16.0",
    "react-native-htmlview": "^0.13.0",
    "react-native-keyboard-aware-scroll-view": "^0.3.0",
    "react-native-router-flux": "^3.40.1",
    "react-navigation": "^1.0.0-beta.11",
    "react-redux": "^5.0.5",
    "redux": "^3.6.0",
    "redux-persist": "^4.9.1",
    "redux-promise": "^0.5.3",
    "redux-thunk": "^2.2.0"
  }
}

Hey @gluedigistu, sorry about this :frowning:

Have you already followed the steps lined out here? Especially-

You’ll want to put an updated (Branch-less) apk in every release track you have in the Play Store (not just the production track!). This includes alpha or beta versions of your app. If adding a new build to all release tracks doesn’t resolve this, you may need to delete your prior releases altogether.

Side note- is there any particular reason you’re using the Expo SDK 32 pinned react-native version, but Expo SDK 31?

Google “accepted my appeal” and said previous APK versions are what triggered the violation for Branch IO SDK. The APKs they referenced were not active, or part of any releases in any tracks, so I’m not sure how they could have triggered a violation, but there you have it.

The Play Store console also doesn’t provide any way to remove the old APKs, so hopefully this doesn’t continue to be an issue.

1 Like

@pstahleybg- hope this means you were able to get your app through? :pray:

Thanks for reaching out to them for clarification!

I too am facing this issue. I received a notification from the play store notifying me that my app was removed from the app store. Google explained:

“Your app is using the Branch IO SDK, which is uploading users Installed Packages information to https://api.branch.io/v1/applist without a prominent disclosure. Prior to the collection and transmission, it must prominently highlight how the user data will be used, describe the type of data being collected and have the user provide affirmative consent for such use.”

I read the forums and followed the instructions. I use expo 32.0.6 so the fix was as simple as building and re-deploying. The beta and alpha track have nothing on them:

After submitting the updated app without Branch IO my application was accepted, only to be removed again a few days later. The play store was more vague this time:

“We’ve identified that your app is using an SDK or library that facilitates the collection and transmission of installed packages information without meeting the prominent disclosure guidelines.”

I did not find any usage of branch functionality within my own app, and to be absolutely sure I downloaded the apk from the play store and could not find any mention of branch in the file. I appealed to the Google Play Store and received this response:

"During review, we found that your app is using an SDK(BranchIO SDK) or library that facilitates the collection and transmission of installed packages information without meeting the prominent disclosure guidelines.

If necessary, you can consult your SDK provider(s) for further information."

I am not sure how to proceed. Please let me know if there is any step that I have missed or any additional step I should take to resolve the issue.

Hey @charliecruzan

I don’t have any channels other than the production channel with APK files in them. I did have an app which used the branch API but I updated Expo to a more recent version (hence the issue with the Expo SDK version - I tried to do it all in a rush).

I’ll try reaching out to Google and see if they can manually approve it.

@jacksonkontny-i11,

Best route to proceed is asking Google for clarification, seems from comments such as this one that at least sometimes after submitting an appeal, apps that were rejected are then approved. But I would search through APKs for any usage of Branch before asking for an appeal (as done above).

It’s tough to say anything for sure since the rejection message gives so few details :confused:

@charliecruzan
Thanks for the response. To be clear, I did search through the APK for any usage of Branch before asking for an appeal. Here are the build artifacts on the play store:
image

I downloaded the latest build artifact (version 31) and an grepped (case insensitive) for branch:

$ ls -la
total 65M
drwxr-xr-x   6 jacksonkontny staff 192 May 17 11:03 .
drwx------+ 15 jacksonkontny staff 480 May 17 11:03 ..
-rw-r--r--   1 jacksonkontny staff 16M May 17 11:00 30-1.apk
-rw-r--r--   1 jacksonkontny staff 16M May 17 11:00 30.apk
-rw-r--r--   1 jacksonkontny staff 16M May 17 11:00 31-1.apk
-rw-r--r--   1 jacksonkontny staff 16M May 17 11:00 31.apk

$ grep -ri branch ./*
Binary file ./30-1.apk matches
Binary file ./30.apk matches

You can see above that branch exists in the old version, but not the new version. Specifically the old version has a reference to:
fabric/io.branch.sdk.android.library.properties

Let me know if there is anything else I should look into, or anything else I am missing.