Google Play Store App Removals due to Branch Guide

The Problem:

Google has begun removing apps from the Play Store with the message, “ Violation of Personal and Sensitive Information policy”. This is a result of one (or more) of your .apks containing the Branch module which is using a version of Branch that contained an endpoint that Google identified to be in violation of their policies.

As has been the case with Expo projects, the Branch module was bundled into your binary regardless of whether or not you were making use of it. We’ve always done this to give developers the ability to simply push an OTA update to make use of modules within the SDK instead of having to build a new binary and go through the app store processes.

Our Response:

We have since removed the Branch module from being bundled into .apk files when built with the Expo build service. To ensure your build does not have Branch bundled, please make sure you are using the latest version of Expo CLI.

For ExpoKit users, if you’re on SDK 32, 31, or 30 , you can remove Branch from your Android app by updating your expokit version in package.json to 32.1.1 , 31.1.0 , or 1.8.0 respectively and reinstalling. You’ll also need to remove this line from android/app/build.gradle:
‘implementation 'io.branch.sdk.android:library:2.17.1'

For turtle-cli users, you’ll need to update to version 0.6.0 or later. If you still need Branch support, you’ll want to build your binary with version 0.5.15 — you will not be able to build SDK33 binaries with this version when 33 is released however. Also, if you already a different version of turtle-cli installed, you may have to delete the .turtle directory to have 0.5.15 install properly and successfully have Branch bundled in your binary.

You can read more about our response and actions taken in our blog post.

What You Need to Do:

In addition to building a new binary and submitting it to the Play Store, you’ll want to ensure you have no affected .apks in any of your tracks (this includes alpha, beta and release tracks) in the Play Store as well as write into the Play Store Review laying out the situation and explaining the steps you have taken to remedy the situation to ensure your app is no longer violating their policies. We suggest that you:

  • Explain that the Branch module was bundled in with your apk as part of the Expo build process but (critically) unused, and you have since re-built your release to exclude the Branch module since you don’t want or need to use it, and deleted all other instances
  • Double check and ensure the previous point is true.

You can refer to this post from another user who has been successful in getting their app back into the Play Store.

Moving Forward:

We understand that some of you were using Branch in your applications and realize that this event has resulted in some added complexity and frustration. After the release of SDK33, we’re going to internally discuss and try to figure out the best path forward as we would like to see Branch be able to be used in Expo Android projects and the Branch team has reached out and expressed the same.

We have to do what is in the best interests of our users and while what that may be isn’t clear just yet, we’ll try our hardest to find the best course of action and act on it. Be sure to stay tuned for updates by following our Twitter and blog.

1 Like

All our apps are ejected to Expokit so for us it is a bit easier to removed unwanted SDKs. Though it is very convenient to be able to just do OTA updates because the native build contains all the SDKs supported by Expo, I always believe less is more. Yes, we got comfortable with this (maybe we need this or that!) and we’ve learned our lesson. Our app got removed and it took us quite some time to sort out the issue. Maybe it is better to just use what you need and if you need something additional, just rebuild and go through the review process. It is not that much of a hassle and at least it is better than having your app pulled for something you didn’t even know was causing some policy violation.

So, if users would be able to control what is being included in their native builds when using the Expo automated builds, this should give them more control (ie via app.json). They don’t have to use it, but they can. I don’t know if this is feasible or if it fits the development schedule, but I’m always happy to help.

Expo is a great tool for (new) developers to get their apps out fast and it’s a shame that something like this happened.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.