Did you get one of these Google Play Developer Policy Violation Emails?

Here is what you can do

Ali Muzaffar
6 min readFeb 9, 2017

Whats the problem?

If you app collects User Data in any way, you’ll get this email. If your app does something malicious on the devices or violates their Device and Network Abuse policy, you’ll get this email. If your email says you have violated their Device and Network Abuse policy or Malicious Behaviour policy, this article cannot help you. This article targets indie developers or small businesses who published their apps that use “dangerous permissions” and did not include a privacy policy in their app or on Google Play. Dangerous permissions are also the features that require run-time permission.

I’ve gotten a few of these emails in the past month. Whats frustrating about these emails is that I’ve gotten them over demo apps that I published which are open source; have their code published on GitHub; and the code is even linked from the Google Play listing of the app. Ignoring the fact that Google Play actually have a category for demo apps, getting emails like this is extremely frustrating because I built these demos in my spare time and I don’t necessarily have the time to go around updating all my apps and adding a link to a privacy policy in them. Then, there is the problem of what the heck a privacy policy is.

Whats the solution?

Alas, master Google demands a privacy policy or else they will remove your app. What is a poor developer to do but comply. After a lot of Googling, I came across PrivacyPolicyTemplate.net. I was able to generate a fairly simply and readable Privacy Policy using it. However, it seems PrivacyPolicyTemplate.net caters for website rather than apps, so I had to modify the privacy policy to suit my needs.

The privacy policy is also very open ended, which I didn’t like. My demo apps do not collect any information from the user, all the information from the user is kept on the app and I in no way receive it. This is something I want to explicitly point however. However, there is the issue of using Google Play Services and crash reporting tools which whether you like it or not, can collect information from the device.

I’ve shared my modified Privacy Policy below and I’ve added a few notes in bold about things that need your attention:

<html>
<body>
<h2>Privacy Policy</h2>
<p>[Individual or Company Name] built the [App Name] app as a [open source | free | freemium | ad-supported | commercial] app. This SERVICE is provided by [Individual or company name] [at no cost] and is intended
for use as is.</p>
<p>This page is used to inform website visitors regarding [my|our] policies with the collection, use, and
disclosure of Personal Information if anyone decided to use [my|our] Service.</p>
<p>If you choose to use [my|our] Service, then you agree to the collection and use of information in
relation with this policy. The Personal Information that [I|we] collect are used for providing and
improving the Service. [I|We] will not use or share your information with anyone except as described
in this Privacy Policy.</p>
<p>The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions,
which is accessible at [App Name], unless otherwise defined in this Privacy Policy.</p>

<p><strong>Information Collection and Use</strong></p>
<p>For a better experience while using [my|our] Service, [I|we] may require you to provide certain
personally identifiable information, including but not limited to [add whatever you collect here, e.g. users name | address | location | pictures].
The information that [I|we] request is [retained on your device and is not
collected by [me|us] in any way]|[will be retained by [me|us] and used as described in this privacy policy
.</p>
<p>The app does use third party services that may collect information used to identify you. [You can mention Google services here and link to Google’s privacy policy if you want].

<p><strong>Log Data</strong></p>
<p>[I|We] want to inform you that whenever you use [my|our] Service, in case of an error in the app [I|we] collect
data and information (through third party products) on your phone called Log Data. This Log Data
may include information such as your devices’s Internet Protocol (“IP”) address, device name,
operating system version, configuration of the app when utilising [my|our] Service, the time and date
of your use of the Service, and other statistics.</p>

<p><strong>Cookies</strong></p>
<p>Cookies are files with small amount of data that is commonly used an anonymous unique identifier.
These are sent to your browser from the website that you visit and are stored on your devices’s
internal memory.</p>
<p>>!-- Check if this is true for your app, if unsure, just assume that you do use cookies and modify this next line -->This Services does not uses these “cookies” explicitly. However, the app may use third party code
and libraries that use “cookies” to collection information and to improve their services. You
have the option to either accept or refuse these cookies, and know when a cookie is being sent
to your device. If you choose to refuse our cookies, you may not be able to use some portions of
this Service.</p>

<p><strong>Service Providers</strong></p> <!-- This part may seem like it’s not needed, but if you use any Google services, or any other third party libraries, chances are, you need this. -->
<p>[I|We] may employ third-party companies and individuals due to the following reasons:</p>
<ul>
<li>To facilitate our Service;</li>
<li>To provide the Service on our behalf;</li>
<li>To perform Service-related services; or</li>
<li>To assist us in analyzing how our Service is used.</li>
</ul>
<p>[I|We] want to inform users of this Service that these third parties have access to your Personal
Information. The reason is to perform the tasks assigned to them on our behalf. However, they
are obligated not to disclose or use the information for any other purpose.</p>

<p><strong>Security</strong></p>
<p>[I|We] value your trust in providing us your Personal Information, thus we are striving to use
commercially acceptable means of protecting it. But remember that no method of transmission over
the internet, or method of electronic storage is 100% secure and reliable, and [I|we] cannot
guarantee its absolute security.</p>

<p><strong>Links to Other Sites</strong></p>
<p>This Service may contain links to other sites. If you click on a third-party link, you will be
directed to that site. Note that these external sites are not operated by [me|us]. Therefore, I
strongly advise you to review the Privacy Policy of these websites. I have no control over, and
assume no responsibility for the content, privacy policies, or practices of any third-party
sites or services.</p>

<p><strong>Children’s Privacy</strong></p>
<p>This Service does not address anyone under the age of 13. [I|We] do not knowingly collect personal
identifiable information from children under 13. In the case [I|we] discover that a child under 13
has provided [me|us] with personal information, [I|we] immediately delete this from our servers. If you
are a parent or guardian and you are aware that your child has provided us with personal
information, please contact [me|us] so that [I|we] will be able to do necessary actions.</p>

<p><strong>Changes to This Privacy Policy</strong></p>
<p>[I|We] may update our Privacy Policy from time to time. Thus, you are advised to review this page
periodically for any changes. [I|We] will notify you of any changes by posting the new Privacy Policy
on this page. These changes are effective immediately, after they are posted on this page.</p>

<p><strong>Contact Us</strong></p>
<p>If you have any questions or suggestions about [my|our] Privacy Policy, do not hesitate to contact
[me|us].</p>
<p>This Privacy Policy page was created at <a href="https://privacypolicytemplate.net"
target="_blank">privacypolicytemplate.net</a>.</p>
</body>
</html>

Sorry, I realise that there is a lot bold in there and this probably means a lot more work for you than you were expecting. If you find the above hard to read, I have hosted the text above on gist.

Where to host?

For my apps, I upload the html file to GitHub. Then I used RawGit to generate a URL for the file which would display the file as an HTML file. Then, simply in my app, I added a link to the settings, menu item, wherever that opens this link.

// The code for opening a URL in a Browser in Android:
Intent browserIntent = new Intent(Intent.ACTION_VIEW, Uri.parse(“https://cdn.rawgit.com/.../master/privacypolicy.html"));
startActivity(browserIntent);

I also have to log in to the Google Play Developer Console, go to “Store listing” and at the bottom of the page, paste the URL from RawGit.

That should do it! Now you just have to build and deploy your app on Google Play.

Idea!

If you have a lot of apps you need to do this for, just use PHP or something to customise this template at run-time by passing in parameters like app name and list of information gathered.

Finally

In order to build great Android apps, read more of my articles.

Yay! you made it to the end! We should hang out! feel free to follow me on Medium, LinkedIn, Google+ or Twitter.

--

--

Ali Muzaffar

A software engineer, an Android, and a ray of hope for your darkest code. Residing in Sydney.