8

Today i received an email from google about policy violation regarding my Onesignal notification service used in my app. It is about collecting personally identifiable information (PII) without disclosure

Following email

"Hello Google Play Developer,

We detected that the app(s) listed at the end of this email contain a version of OneSignal, a messaging SDK, that collects personally identifiable information (PII) without disclosure. Apps like this may be considered in violation of our User Data policy.

Action required: Your app(s) may be removed from Google Play if the issue is not resolved within 10 days of receiving this message. If the affected version is inactive, future submissions will be rejected if you attempt to publish without first resolving the issue.

You can resolve this issue by:

adding a privacy policy URL to your app listing and within the app, notifying the user that their PII is collected; or removing any such functionality from your app. You may need to contact your SDK provider for an updated, policy compliant version to include in your app. After resolving the issue, you’ll need to sign in to your Developer Console and submit the updated version of your app.

We’re here to help

If you feel we have sent this warning in error, you can contact our developer support team.

Regards,

The Google Play Team

Affected app(s) and version(s):

com.app.name 9; 10

Any idea about resolving the issue :) Any help will be appreciated

Sarun1001
  • 141
  • 1
  • 12
  • 3
    I'm voting to close this question as off-topic because this is about legal requirements of a third party service, not programming. – Gabe Sechan Jul 07 '16 at 18:06
  • so where can i ask this question pls reply – Sarun1001 Jul 07 '16 at 18:09
  • 1
    "Any idea about resolving the issue" -- they gave you instructions in the email. Please read the email, particularly the portion starting with "You can resolve this issue by:". – CommonsWare Jul 07 '16 at 18:11
  • Do u have any template for using onesignal service – Sarun1001 Jul 07 '16 at 18:19
  • I feel this is a good question because I have also benefited from the answers below. What is the point writing your program, publish it and cannot be used because of issues like this which to be honest we face as programmers because we are too focus on the programming side of our work. The sample privacy document template here : http://www.docracy.com/mobileprivacy was really helpful. – S bruce Dec 20 '16 at 02:30

3 Answers3

6

We receive the following answer from their development team, hope this helps:

Hi thanks for getting in touch and sorry to hear you encountered this problem. We recently became aware that several developers have received this notice and we have prepared a solution.

We recommend following the below three steps to resolve this. Any one of these steps may be sufficient, but we recommend following all 3 if possible just in case. We apologize for the inconvenience.

1- Update your application such that it does not use the "Identity" (android.permission.GET_ACCOUNTS) Android permission unless this permission is required by your application.

2- Update or add a privacy policy to your application. You must add this Privacy Policy to your app store page in the "Privacy Policy" section of your "Store Listing" page on the Google Developer Center. You must also add a link to this privacy policy in your application itself and re-submit your application to the Google Play store.

If you do not have a Privacy Policy, there are several websites to generate them including this one: http://www.docracy.com/mobileprivacy Finally, you must also add the following text from this link or https://gist.github.com/gdeglin/c22bed4b9f7f8838339faed2d7cea604 (or its substantial equivilant) to your privacy policy.

3- Use a new, updated version of the OneSignal SDK that is compliant

Slow Squirrel
  • 61
  • 1
5

You should contact OneSignal support for guidance on how to resolve this.

Gdeglin
  • 12,025
  • 5
  • 47
  • 65
  • yes may be a new problem.i just contacted onesignal they reply me " Hey there! Thanks for reaching out! We are investigating the issue at this time. Thank you!".I think it is most likely a problem with their new SDK,it may be violating google's terms and conditions – Sarun1001 Jul 07 '16 at 19:35
  • You need to contact OneSignal support. I just did and was given 3 other steps detailing how to fix this issue. They also have a new SDK version released today. – user814712 Jul 07 '16 at 21:41
  • 2
    Hey @user814712 can you provide more information about the solution provided by OneSignal? Thanks! – Pablo Postigo Jul 11 '16 at 10:22
  • 1
    yes @user814712, if you can post that info here it would be a great help...Thanks – Mun0n Jul 11 '16 at 10:47
  • This is the copy of Instruction Onesignal team send to me (( Sorry can't post in single comment due to character limitation)) "Update your application such that it does not use the "Identity" Android permission unless this permission is required by your application." – Sarun1001 Jul 12 '16 at 17:27
  • Update or add a privacy policy to your application. You must add this Privacy Policy to your app store page in the "Privacy Policy" section of your "Store Listing" page on the Google Developer Center. You must also add a link to this privacy policy in your application itself and re-submit your application to the Google Play store.If you do not have a – Sarun1001 Jul 12 '16 at 17:28
  • Privacy Policy, there are several websites to generate them including this one:http://www.docracy.com/mobileprivacyFinally, you must also add the following text from this linkhttps://gist.github.com/gdeglin/c22bed4b9f7f8838339faed2d7cea604 (or its substantial equivilant) to your privacy policy. – Sarun1001 Jul 12 '16 at 17:28
  • Use a new, updated version of the OneSignal SDK that should be compliant:You can download the Android Studio version of our updated SDK here:https://www.dropbox.com/s/l4p2fgdpzas47eo/onesignal-release.aar?dl=0 Or the Eclipse version here: https://www.dropbox.com/s/sxorhf235gj9a5z/OneSignal-release.jar?dl=0 Finally follow the instructions here to update the OneSignal SDK in your app: https://gist.github.com/jkasten2/4683711807373dabaf5d5833b9574bb1" HOPE IT HELPS – Sarun1001 Jul 12 '16 at 17:28
4

As the mail stated :

adding a privacy policy URL to your app listing and within the app, notifying the user that their PII is collected; or removing any such functionality from your app.

If you don't have a privacy policy URL, you need to make one. Either create your own .com-domain or get a web-page from a host like Wix.com, then you write your privacy policy there where you inform the user that you collect personal information in your app. Also you create a "about" or "information" section in your app where you state more or less the same, and you should be good to go.

Andreas Evjenth
  • 416
  • 2
  • 7
  • Thank u for the answer.But i dont collect any PII. Its onesignal push notifiaction service.Do u know anything about it or anyone using them.What are the things that comes under PII – Sarun1001 Jul 07 '16 at 19:19
  • Then you could say that you're using the Onesignal notification service, but no PII is collected, nor given to others. – Andreas Evjenth Jul 07 '16 at 19:21
  • 1
    may be i should contact them.I think its a new issue.i found nothing relate to it on google search.Thank u for helping me – Sarun1001 Jul 07 '16 at 19:25
  • I am also getting the same issue. Any luck? – Usman Afzal Jul 10 '16 at 15:58