The Problem:
Google has begun removing apps from the Play Store with the message, “ Violation of Personal and Sensitive Information policy”. This is a result of one (or more) of your .apks containing the Branch module which is using a version of Branch that contained an endpoint that Google identified to be in violation of their policies.
As has been the case with Expo projects, the Branch module was bundled into your binary regardless of whether or not you were making use of it. We’ve always done this to give developers the ability to simply push an OTA update to make use of modules within the SDK instead of having to build a new binary and go through the app store processes.
Our Response:
We have since removed the Branch module from being bundled into .apk files when built with the Expo build service. To ensure your build does not have Branch bundled, please make sure you are using the latest version of Expo CLI.
For ExpoKit users, if you’re on SDK 32, 31, or 30 , you can remove Branch from your Android app by updating your expokit version in package.json to 32.1.1 , 31.1.0 , or 1.8.0 respectively and reinstalling. You’ll also need to remove this line from android/app/build.gradle
:
‘implementation 'io.branch.sdk.android:library:2.17.1'
For turtle-cli users, you’ll need to update to version 0.6.0 or later. If you still need Branch support, you’ll want to build your binary with version 0.5.15 — you will not be able to build SDK33 binaries with this version when 33 is released however. Also, if you already a different version of turtle-cli installed, you may have to delete the .turtle
directory to have 0.5.15
install properly and successfully have Branch bundled in your binary.
You can read more about our response and actions taken in our blog post.
What You Need to Do:
In addition to building a new binary and submitting it to the Play Store, you’ll want to ensure you have no affected .apks in any of your tracks (this includes alpha, beta and release tracks) in the Play Store as well as write into the Play Store Review laying out the situation and explaining the steps you have taken to remedy the situation to ensure your app is no longer violating their policies. We suggest that you:
- Explain that the Branch module was bundled in with your apk as part of the Expo build process but (critically) unused, and you have since re-built your release to exclude the Branch module since you don’t want or need to use it, and deleted all other instances
- Double check and ensure the previous point is true.
You can refer to this post from another user who has been successful in getting their app back into the Play Store.
Moving Forward:
We understand that some of you were using Branch in your applications and realize that this event has resulted in some added complexity and frustration. After the release of SDK33, we’re going to internally discuss and try to figure out the best path forward as we would like to see Branch be able to be used in Expo Android projects and the Branch team has reached out and expressed the same.
We have to do what is in the best interests of our users and while what that may be isn’t clear just yet, we’ll try our hardest to find the best course of action and act on it. Be sure to stay tuned for updates by following our Twitter and blog.