Hi everyone –
Thanks for letting us know about this, and we’re sorry for any inconvenience it’s causing. It seems that Google has decided to start flagging all apps that contain code to request the Android advertising ID, to ensure they have a valid privacy policy – even if this code is never actually executed.
As of now, all Expo apps contain the entire Expo SDK, which is how we offer all of our APIs without requiring to you modify native code. This includes modules like Segment, Amplitude, and FacebookAds which all contain native code to request the advertising ID. Note that none of this code is ever executed if you do not use these modules. However, it appears that simply including this code is enough to trigger this new flag from Google.
We are actively working on a way to customize your standalone app builds by excluding modules you are not using. However, as this is still in development, the best solution for now is to just include a privacy policy with your app. Here’s a privacy policy generator tool from Firebase (thanks @michael-molina !) and here’s the template one that Brent recommended on twitter. We’ll update our docs to reflect this.
Finally, and somewhat relatedly, note that Apple will require all apps to have a privacy policy in the next few weeks: Latest News - Apple Developer
Hope this helps. Let us know if we can provide any further information or clarification.