AndroidPit App Center unsecure - Android Apps and Games

I do not know if this belongs here but I wanted to look as what data are collected on my app, I'm on the AccountPrefs.xml file in the /data/data /de.androidpit.appcenter/shared_prefs/AccountPrefs.xml (de change to com for United States).
This includes e-mail address and password in plain text.
Code:
<string name="email">[email protected]</string>
<string name="pwd">yourpassword</string>
On other apps you can only see the email address.
An evil app could copy this file and send easily.
This vulnerability should be closed.

Gigadroid said:
I do not know if this belongs here but I wanted to look as what data are collected on my app, I'm on the AccountPrefs.xml file in the / data / data / de.androidpit.appcenter / pushed shared_prefs / (de change to com for United States).
This includes e-mail address and password in plain text.
Code:
<string name="email">[email protected]</string>
<string name="pwd">yourpassword</string>
On other apps you can only see the email address.
An evil app could copy this file and send easily.
This vulnerability should be closed.
Click to expand...
Click to collapse
Errr, contact AndroidPit? Why post on XDA about this? :S

Thanks for the warning.

polobunny said:
Errr, contact AndroidPit? Why post on XDA about this? :S
Click to expand...
Click to collapse
I have contacted AndroidPit already.
But as long as the problem is not resolved, there is still a danger.

More issues with AndroidPIT
If an app you purchased from them is ever removed, you will no longer be able to use it and they will keep the money! Not like Google Play Store which offers life-time warranties on purchased app!
I am developing apps which I used to sell on AndroidPIT, but I noticed 2 problems:
1) license issues are very frequent: their API/servers just returns a NO LICENSE far too frequently and
2) they don't let me cancel specific order should a user be unsatisfied with the app or if user wants to migrate to Android Tuner, merging 3 existing apps they have purchased
So I asked AndroidPIT to stop selling my apps. And they not only removed my apps, but they also cancelled all existing orders but kept the money.
Now, they are telling users I'm the one responsible while they applied term 7.4 of their developer agreement, breaking term 4.7 of the same agreement:
4.7 Customers may re-install products for free if these products were initially purchased, but then deleted. In these cases, the developer is not entitled to remuneration and Fonpit does not have the right to a commission.
7.4 ..., Fonpit reserves the right to partially or completely remove the developerʼs products from the Internet and/or block the developerʼs access to the AndroidPIT Market.
Here are the last messages from AndroidPIT (as far as I know they have not refunded a single user to this date contrary to what they mention below):
From: Tuyen Ly [mailto:[email protected]]
Sent: mercredi 27 mars 2013 22:54
To: Cedric Counotte
Subject: Re: FW: Battery Monitor Widget Pro - Customer Complaint
We didn't do anything. The app is not available on AndroidPIT anymore. You told me you wouldn't sell your apps on AndroidPIT anymore, it was not me. Since the app is not in our store anymore we can't take care of this issue. We can only refund in goodwill. Thank you for your understanding.
From: Tuyen Ly [mailto:[email protected]]
Sent: mercredi 24 avril 2013 15:28
To: Cedric Counotte
Subject: Re: battery monitor widget pro
Hi Cedric,
I just like to remind you that YOU deleted your apps on AndroidPIT.
Please read our developer agreement if you missed it:
http://www.androidpit.com/en/android/developer-agreement
Regards,
Tuyen
AndroidPIT developer agreement contains this:
4.7 Customers may re-install products for free if these products were initially purchased, but then deleted. In these cases, the developer is not entitled to remuneration and Fonpit does not have the right to a commission.
7.4 In the case of a violation of the previously-mentioned rules, Fonpit reserves the right to partially or completely remove the developerʼs products from the Internet and/or block the developerʼs access to the AndroidPIT Market. If the developer is responsible for the violation of the previously-mentioned rules, he/she is liable for all compensations to Fonpit for any resulting damages. The developer exempts Fonpit internally from any possible third-party claims resulting from such damages.
9.3 Fonpit is not obligated to immediately delete the developerʼs data at the end of the contract. The developer has the right to request the deletion of this data.

Related

[WARNING] DavinciDevelopers steal apps from this forum !

/!\ BE AWARE OF YOUR APP, DavinciDevelopers try to steal them and sell them on the market !!
Hello guys,
Be careful, if you post an apk of your free app here, somebody will try to take the apk, remove the signature, and upload it as a paid version on the market !
The proofs : (edited to add new stolen softwares)
Llamadroid
- http://forum.xda-developers.com/showthread.php?p=10113570#post10113570
- http://www.androlib.com/android.application.com-kebab-llamadroid-zzjjD.aspx
(removed today, on 5th january)
Typo clock
- http://forum.xda-developers.com/showthread.php?t=814054
- http://www.appbrain.com/app/beautiful-clock-widget-3d/com.semicuda.typoclock
Iron soldiers
- http://forum.xda-developers.com/showthread.php?t=862875
- http://www.appbrain.com/app/iron-soldiers/vuxia.ironSoldiers
(removed from market today, on 5th january, but still referenced)
Championship racing 2010
- http://www.vividgames.com/sub_game.php?id=42
- http://www.androlib.com/android.application.com-vividgames-championship_racing_2010-zzxwq.aspx
(removed today, on 5th january)
Liquid wallpaper
http://forum.xda-developers.com/showthread.php?t=878252
http://www.appbrain.com/app/liquid-physics/livewallpaper.liquid
Bluetooth Scanner
http://forum.xda-developers.com/showthread.php?t=900923
http://www.androidzoom.com/android_games/casual/bluetooth-scanner_pvqg.html
(New !! Now, we have proof that ALL his apps are stolen)
And even Gameloft best sellers (paid games) :
http://www.androlib.com/android.app...ndroid-gand-gloftspaw-heroofsparta-zjCDi.aspx
(removed from market today, on 5th january, but still referenced)
http://www.androlib.com/android.application.com-gameloft-android-gand-gloftavar-avatar-zjCEx.aspx
(removed from market today, on 5th january, but still referenced)
Minigore
http://minigore.blogspot.com/2009/07/what-minigore-is.html
http://www.appbrain.com/app/minigore-hd/com.ambushgames.minigore
http://www.androlib.com/android.application.com-ambushgames-minigore-zzjqD.aspx
Zuma's revenge
Original
http://www.zumasrevengegame.com/
http://store.steampowered.com/app/3620/
Scammers
http://www.appbrain.com/app/zumas-revenge-hd/com.popcap.zumas_revenge
http://www.appbrain.com/app/zumas-revenge/com.fox.game.zumasrevenge
How is it possible ?
Google does not check your apk signature when you upload a software.
Even if you signed yous apk with you key, somebody else can put this on his google account.
The signature can be deleted easily if needed.
He can change the title of your app, so nobody see it, but he can't change the apk name nor the icon.
Why do we post our apk here ?
To have testers, to correct bugs, to have a perfect look and feel before put it on the market.
Because on the market people are rude, we have only one chance, so we need to avoid bugs.
And when we put our app online, we want to choose if it's paid or free (with ads or not).
What is the problem ?
If DavinciDevelopers steal and upload your app, he will lock your pak name.
2 apps can't have the same name on the market.
You may have a name like com.myname.myapp.apk
Where "myname" is the same in every app you do.
If he take that, this is a major issue for you because you will be associated to him on every search (google.com, market...).
So, you will have to change your app name and maybe your company name....
Within 1 or 2 days, the market is parsed from androlib, androidzoom, appbrain... and it's done. Google.com will see those websites, and you are trapped.
You will have your buggy app on the market, some people will pay for that, the thief will have some money, and every users will have a bad opinion of your app.
Why DavinciDevelopers does this ?
To make benefit from your work.
Because he doesn't care you are working from a long time on your app.
Because he doesn't care if your work is ruined, he will find somebody else.
How can we be protected ?
Because 2 apps can't have the same name, you should put your app on the market first.
If your app is in development stage, you can upload it as "draft", so it will not be visible on the market, but the name will be locked.
Who is DavinciDevelopers ?
Somebody that have 83 apps on the market !
Almost all of them are themes.
If you look the package name you can see for example :
com.nd.android.pandatheme.p__3d_android_theme
at :
http://www.androlib.com/android.application.com-nd-android-pandatheme-p__3d_android_theme-qAmiz.aspx
google search : "pandatheme", first link :
http://home.pandaapp.com:888/
So he is not a developer. He makes themes with a free online tool and sell them... nice.
And for the real apps he uploaded (about 5), they all are stolen, coming from poland, germany, and other places.
Almost every of them comes from XDA dev forums.
ps : this message should be marked as sticky in every development section.
Wow, I can't believe this
It gets even better! Check this out:
http://www.androlib.com/android.app...ndroid-gand-gloftspaw-heroofsparta-zjCDi.aspx
http://www.androlib.com/android.application.com-gameloft-android-gand-gloftavar-avatar-zjCEx.aspx
He released the liquid physics live wallpaper I posted on here as well.
http://forum.xda-developers.com/showthread.php?t=878252
http://www.appbrain.com/app/liquid-physics/livewallpaper.liquid
Attacking GameLoft was a bad move for this/these guy(s).
They hit somewhere they shouldn't have I think.
Khoral said:
Attacking GameLoft was a bad move for this/these guy(s).
They hit somewhere they shouldn't have I think.
Click to expand...
Click to collapse
He has ripped off Popcap as well
http://www.appbrain.com/app/zumas-revenge-hd/com.popcap.zumas_revenge
And MiniGore
http://www.appbrain.com/app/minigore-hd/com.ambushgames.minigore
So STICKY!!!
It's really funny the website slogan:
http://davincidevelopers.weebly.com/
Innovation is everything. WTF
What do you thing, does it matter to left a comment like: app is stolen,... Seller steals apps from real developers or something else in market for "his" apks?
I wrote an email to appbrain and told them about this: maybe they can at least exclude this person from appbrain???
Has anyone emailed him to let him know that we all know?
Dirtbags
Sent from your mom's phone
kiltedthrower said:
Has anyone emailed him to let him know that we all know?
Click to expand...
Click to collapse
Like they would care... they just want to make some quick money from other's work.
The only way we can solve this if somehow we contact google to do something about it.
Since yesterday, he deleted some apps from his market.
I'm the developer of iron soldiers, I had been notified yesterday by another xda forum user that he stole my app.
I emailed him and within 3 or 4 hours he removed the app.
He answered me that he is so sorry, that he shares his key with other people and he didn't know... blabla.
Anyway, he has many stolen apps so he is hard to believe.
Now I see that thanaos2042 created a new thread (thanks ) and that google already referenced it :
If you google "davincideveloppers", this post is already in the first page !
Internet has a memory, and his name will not be forgotten.
they sell a lot of apps which is 80++ but they still using free website ....what a cheapskate...
Holy ****. Mods, please sticky this!!
I sincerely hope Google kicks their ass for this. I'm not familiar with the ToS but I hope they get hit with a lawsuit and instant refunds to say the least.
Stealing from Indie Developers is simply ****ed up. Wouldn't it be funny if a massive attack was launched against this asshole's website? (wink wink)
Chalup said:
Stealing from Indie Developers is simply ****ed up. Wouldn't it be funny if a massive attack was launched against this asshole's website? (wink wink)
Click to expand...
Click to collapse
No, it wouldn't. He/they are using a free web host so that would effectively be an attack on a whole lot of innocent sites.
Terrible to steal!
stolen apps are all over the market, ive even seen the r2d2 live wallpaper from the droid, on the market for 99p,
Good to know about these flagrant ripoffs
Looks like someone took their website down. The link now shows a page that isn't published.
Edit: Looks like Google could do something about this since it appears to be a violation of the terms of service (see 11.4, 13.3 and 16)
11. Content licence from you
11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This licence is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.
11.2 You agree that this licence includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services.
11.3 You understand that Google, in performing the required technical steps to provide the Services to our users, may (a) transmit or distribute your Content over various public networks and in various media; and (b) make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media. You agree that this licence shall permit Google to take these actions.
11.4 You confirm and warrant to Google that you have all the rights, power and authority necessary to grant the above licence.
13.3 Google may at any time, terminate its legal agreement with you if:
(A) you have breached any provision of the Terms (or have acted in manner which clearly shows that you do not intend to, or are unable to comply with the provisions of the Terms)
16. Copyright and trade mark policies
16.1 It is Google’s policy to respond to notices of alleged copyright infringement that comply with applicable international intellectual property law (including, in the United States, the Digital Millennium Copyright Act) and to terminating the accounts of repeat infringers. Details of Google’s policy can be found at http://www.google.com/dmca.html.
16.2 Google operates a trade mark complaints procedure in respect of Google’s advertising business, details of which can be found at http://www.google.com/tm_complaint.html.

[WARNING] N64 Emulator scams and suspicious behaviors!

UPDATE: Mupen64Plus AE was taken down with DMCA by Brad Geng. He is NOT real developer of Mupen64Plus, more details below in third post of this thread, or here: http://www.paulscode.com/forum/index.php?topic=422.msg4593#msg4593
Some of you already know N64 emulator called Mupen64Plus Android Edition, by Paul Lamb.
http://forum.xda-developers.com/showthread.php?t=1260390
His app is still free and open-source, and everyone can download APK if they want to, while "paid" version on Play Store is only donation and auto-update.
Now, here are some problems. Other "devs" are trying to make copies of his own work and make profit while they don't improve emulator unlike he does. It would be better that devs which want to help, they should collaborate with Paul, not fragment into new app.
One of very "popular" (his emulator was removed temporarily, then it returned to Play market, causing low popularity for now) and unfair copies is "N64 Emulator" by "Emulator Publisher" A.K.A. "Brad Geng".
https://play.google.com/store/apps/details?id=com.emudev.n64player
He just copied everything from Paul's work, and what did he added instead? ADS and PAID app links to his other programs.
THIS DEVELOPER CLAIMED FALSE DMCA VIOLATION, CITING A COPYRIGHT VIOLATION OF ORIGINAL MUPEN64PLUS. RATE IT 1-STAR AND WARN OTHERS, HE DOESN'T HAVE ANY RIGHTS TO PROFIT THIS WAY.
Description said:
It's the gist of OPEN SOURCE software.
Click to expand...
Click to collapse
Just a note from Paul:
Paul Lamb said:
The true "gist"
Your comment on "gist of OPEN SOURCE" is misleading. Mupen64Plus AE is already free. It can be downloaded free on my forum as stated in the description. The 99¢ is for donations. If people buy without reading, its their decision. Donations I collect & distribute support many opensource projs & devs. By posting a free copy of my app, you undermine & have NEGATIVE impact on opensource community. Please remove this app!! Contact me to coordinate dev & address your concerns. Collaboration, not fragmentation!
Click to expand...
Click to collapse
What was the result before? An "dev" which added ads into that app, has over 500k downloads already, then removes app and returns it back to market. Yet, he takes down original version of emulator on market. Don't you think that's fair to steal and Paul's work and just publish it as yours, removing his work from market (yet even make Paul to refund all donations) and take all money away?
Yet, read comments in apps, all those who rated it 5 stars have no idea who actually made that app.
Another suspicious app is "N64 Pro Emulator" by "Game Console". Note: Name seems to change a lot of times...
https://play.google.com/store/apps/details?id=com.n64.emulator&feature=search_result
It seems he keeps changing it:
https://play.google.com/store/apps/details?id=com.n64.pro.emulation
Even if it's free and ad-free, and even says that people should donate to original developer, here's a problem.
Paul Lamb said:
I'd just like to warn everyone about some suspicious behavior of the Mupen64Plus AE copy listed on the Market as "N64 Pro Emulator" (installs as "N64 Mobile" in the app list).
Firstly, the app asks for wide sweeping permissions (stuff like GPS location, write access to the browser history and favorites, startup on boot, etc).
Additionally, when you close the app, it continues running and must be force-stopped through the settings menu (Mupen64Plus uses "System.exit( 0 )" to prevent this, so the dev must have deliberately changed this for some unknown reason).
Rebooting the phone and returning to the settings menu shows that the app has silently started itself on boot. This is EXTREMELY suspicious. If anyone has installed this app, I recommend removing it immediately! I've emailed the dev to have it updated, but until then I do not recommend installing it!
Click to expand...
Click to collapse
For now, it's not yet safe to install app due to such permissions, as such permissions aren't actually even needed. Hopefully dev won't make it for bad behaviors. I'm not that sure how safe the app is, and I don't intend to give this version of emulator as rip-off copy yet.
This Emulator was taken down by Brad Geng.
And just poor rip-off is "Mojo64" by "Mojojo", no comment.
https://play.google.com/store/apps/details?id=com.mojo.n64&feature=search_result
The only not taken down one is Brad Geng's very retarded emulator.
Others should know about this problem, it's not that fair that some dev gets less respect than others which did almost nothing than add ads or something misleading.
Out of all other emulators, none of such copies were fast as original Mupen64Plus, FYI.
If you still like those ripped-off apps and think they are original, wait when Mupen64Plus AE project stops (which hopefully won't stop). You'll realize what they have done.
There are lots of developers which have similar issues. Don't support fake copies of programs!
I agree that it is wrong to add junk such as ads to an opensource app, or make money from it when you don't contribute to it. Its an easy way to make money using someone else to do the work.
As Paul says in another post, donations to his original have now fallen significantly. This is just greedy copycat devs slapping together copies of his work to make money and get a better developer rep without putting in their own effort.
Dave
Sent from my LG P920 using Tapatalk
For more information about the Google Play Market removal, Brad Geng has lodged a false DMCA complaint, resulting in Google removing my app from the Google Play Market. The text of that complaint:
AutoDetectedBrowser: Firefox 1
AutoDetectedOS: Intel Macintosh OS X
IIILanguage: zh-Hans
IssueType: lr_dmca
Language: zh-Hans
agree1: checked
agree: checked
companyname:
country_residence: CN
description_of_copyrighted_work: Mupen64plus
dmca_signature: Huaining Geng
dmca_signature_date_day: 30
dmca_signature_date_month: 3
dmca_signature_date_year: 2012
full_name: Huaining Geng
geolocation: CN
hidden_dmca_category: image
hidden_product: androidmarket
location_of_copyrighted_work: http://code.google.com/p/mupen64plus/
represented_copyright_holder: Mupen64plus
url_box_1:
https://play.google.com/store/apps/details?id=com.n64.pro.emulation
url_box_2:
https://play.google.com/store/apps/details?id=paulscode.android.mupen64plus.free
url_box_3:
https://play.google.com/store/apps/details?id=paulscode.android.mupen64plus
url_box_4:
https://play.google.com/store/apps/details?id=paulscode.android.mupen64plus.xperiaplay
Click to expand...
Click to collapse
What this basically says is that my apps (as well as "N64 Pro Emulator") are illegal copies of Mupen64Plus. This is a false claim, because Mupen64Plus is copyrighted by the GNU GPL v2, which clearly allows derived works to be created. Brad's copy has changed names a few times, but is currently called "N64 Player (Free N64 Emulator)". It is an exact copy of Mupen64Plus AE v1.7 with ads slapped on to make money. He's made a few updates to the GUI, but hasn't updated the source code in over a month (and he's ignored my requests for the updated code, which is a violation of the GPL). The obvious reason for Brad's DMCA complaint was to knock of all competition to his ad revenues he's getting from "N64 Player". I've sent a counter notification, but I have no idea how long it will take to process. For anyone interested, here is the text of my counter notification:
The DMCA complaint sites Mupen64Plus as the copyrighted work. It links to http://code.google.com/p/mupen64plus/ If you go to that website, you can clearly see under "Code license", that this work is licensed by the GNU GPL v2. This is a common open-source license which authorizes derived works to be created and distributed following certain terms. I have abided by all terms of this license. See http://www.gnu.org/licenses/gpl-2.0.html for more details. Finally, the individual who lodged the DMCA complaint, Brad Geng, has a copy of my work listed on the Google Play Market with advertisements slapped on it. This is the very work that he is complaining is in violation of the DMCA. Mr. Geng has it listed as "N64 Player". Clearly, he lodged this false DMCA complaint to remove my original work that he copied, and to eliminate all competition to his ad revenues. (Please note that the "Add an additional field" script is broken under "Material in Question". Please refer to the DCMA complaint for all three of my apps that were suspended)
Click to expand...
Click to collapse
Everyone who agrees with me, please install "N64 Player" from the Google Play Market, leave a 1-star rating and nasty comment, and mark my rating comment as "helpful".
N64 Player was taken down. I don't have any details for why, but I'd guess it is was either taken down by Google after reading the numerous negative comments, or by Mr. Geng himself to end the onslaught.
time to go back to N64oid

Having very tough time getting apps approved by google.

Thanks in advance for taking the time to read this. I am having a hard time finding a solution to my problem. I know this isnt the "correct" place for this post but XDA is the best and I know the answers are here.
I make applications for people and businesses. They pay me for my services. They are very simple apps that, for the most part, bring someones social medias to a single place with some other basic features. The issue I am having is that when I submit these app to google, they claim impersonation...
"This is a notification that your application, The Unofficial Futureman App, with package ID com.singlestoneapps.futureman, has been suspended from the Google Play Store. REASON FOR SUSPENSION:Violation of the impersonation or deceptive behavior provisions of the Content Policy. Please refer to the impersonation policy help article for more information.
If you are authorized to publish on behalf of the original content or brand owner, please contact us via the Google Play Help Center and attach verifiable and accepted proof of permission.
This particular app has been disabled as a policy strike. If your developer account is still in good standing, you may revise and upload a policy compliant version of this application as a new package name.
This notification also serves as notice for other apps in your catalog. You can avoid further app suspensions by immediately ensuring that no other apps in your catalog are in violation of (but not limited to) the above policy. Please also ensure your apps’ compliance with the Developer Distribution Agreement and Content Policy.
All violations are tracked. Additional suspensions of any nature may result in the termination of your developer account, and investigation and possible termination of related Google accounts. If your account is terminated, payments will cease and Google may recover the proceeds of any past sales and/or the cost of any associated fees (such as chargebacks and transaction fees) from you.
If you feel we have made this determination in error, you can visit this Google Play Help Center article."
This isn't the only one I had the issue with. I submitted "rebutles" for them and never heard back from google. At this point, my account has been TERMINATED. They are claiming that I am pretending to be these people in order to get downloads. Whats form(s) do I need to bypass this? Is there a generic form? How do I submit it to google in order to avoid this issue? Any other advice is greatly appreciated.
Thanks again XDA

What to do when you have a strike on your account, but Google isn't talking

First off, it's been over the 72 hour thing. But, I'm more of getting some facts.
A few days ago I got an e-mail from Google saying they were taking down one of my apps because of... well you can read it. (Note it doesn't actual say what exactly I did wrong, what part was breaking the policy, or what the 2 year old app with no problems before hand was doing an impersonation of)
Anyways, what should I do? Since I made everything in the app 100% by myself for school. I know this is in error, but I have no idea what I'm defending since they marked this 2 year old app as impersonation
If anyone is at Google and reading this. Please PM me so we can figure this thing out. I will send you the packet name.
Below is what they sent
Hi Developers at ,
After review, Bob The Mole, , has been suspended and removed from Google Play as a policy strike because it violates the impersonation policy.
Next Steps
Read through the Impersonation article for more details and examples of policy violations.
Make sure your app is compliant with the Impersonation and Intellectual Property policy and all other policies listed in the Developer Program Policies. Remember additional enforcement could occur if there are further policy issues with your apps.
Sign in to your Developer Console and submit the policy compliant app using a new package name and a new app name.
What if I have permission to use the content?
Contact our support team to provide a justification for its use. Justification may include providing proof that you are authorized to use the content in your app or some other legal justification.
Additional suspensions of any nature may result in the termination of your developer account, and investigation and possible termination of related Google accounts. If your account is terminated, payments will cease and Google may recover the proceeds of any past sales and/or the cost of any associated fees (such as chargebacks and transaction fees) from you.
If you’ve reviewed the policy and feel this suspension may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.
Regards,
The Google Play Review Team
LINKS
The policy
https://play.google.com/about/spam.html#impersonation-intellectual-property:impersonation
contact them
https://support.google.com/googleplay/android-developer/troubleshooter/2993242

What could cause a “Violation of Usage of Android Advertising ID policy”?

I received a notification from Google Play telling me that my app has been removed because of some violation regarding the collection of Advertising IDs.
My app, however, only fetches some publicly available data from the Internet and uses firebase to deliver push notifications to devices which install the app and subscribe to specific FCM topics.
My question is: how could I be leaking Advertising IDs? Are those IDs sent in the HTTP requests made by the app? (e.g. in the headers?) Or maybe it's because of the FCM subscriptions?
The full text of the email I received follows.
Hi developers at REDACTED,
After review, REDACTED, has been removed from Google Play due to a policy violation. This app won’t be available to users until you submit a compliant update.
Issue: Violation of Usage of Android Advertising ID policy and section 4.8 of the Developer Distribution Agreement
Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. We’ve identified that your app collects and transmits the Android advertising identifier, which is subject to a privacy policy requirement. If your app collects the Android advertising ID, you must provide a valid privacy policy in both the designated field in the Play Console, and from within the app.
Next steps: Submit your app for another review
Read through the Usage of Android Advertising ID and User Data policies, as well as the Developer Distribution Agreement, and make appropriate changes to your app. If you decide to collect sensitive user information, be sure to abide by the above policies, and include a link to a valid privacy policy on your app's store listing page and within your app.
Make sure that your app is compliant with all other Developer Program Policies. Additional enforcement could occur if there are further policy violations.
Sign in to your Play Console and submit the update to your app. Alternatively, you may opt-out of this requirement by removing any requests for sensitive permissions or user data.
Alternatively, you may opt-out of this requirement by removing any requests for sensitive permissions or user data.
If approved, your app will again be available with all installs, ratings, and reviews intact.
If you’ve reviewed the policy and feel this removal may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.
Thanks for helping us provide a clear and transparent experience for Google Play users.
Regards,
The Google Play Team
Click to expand...
Click to collapse

Categories

Resources