How to Fix Violation of Usage of Android Advertising ID
**Update September 29 2018** How to Fix Violation of Usage of Android Advertising ID
I have read from multiple sources that people are just updating their privacy policy to solve the issue. While this might fix your problem in the short term it is not a long term solution. The risks are great, a GDPR fine can be over €50 million. A suspension from google play lasts a lifetime(no more apps) and can cause your personal gmail to stop working
Use this warning as a chance to become GDPR compliant. If you have ads use the consent SDK. Ad granular consent for your items that collect PII. Enable an option to delete and export data.
Several of my clients have got the ‘Google Play policy violation warning’ email in the last 24 hours. The warning message reads something like, If you do not submit an app update within 7 days your app can will removed from google play. Here is a helping hand to help fix the problem.
GDPR
To fully understand the violation you need to know what GDPR is and what technologies in your app are relevant to it. Here is a good break down of what GDPR is. If you have not done anything for GDPR you may have a lot of work ahead . A user on Expo forums reported that he has no ads and one of his libraries unbeknown to him has been using Advertising IDs, be warned. A lot of common libraries like Firebase, Crashlytics, Fabric, AdMob and Play services use PII(personal Identifiable information).
Hopefully, the only unmanaged piece of PII in your app is the advertising ID. If you have any GDPR questions I will do my best to help, comment below.
Checklist of what you need to do
- You need to add the consent SDK or make your own solution. The documentation can be found here. It is not too hard to follow. The consent SDK can vary in complexity depending on your ad situation.
As an app developer, you’ll need to collect user consent for both the ad technology providers returned by the Consent SDK and the providers from other ad networks. You’ll also need to manually store user consent responses and forward consent to the Google Mobile Ads SDK if the user consented to receive only non-personalized ads.
- Here is a semi-working implementation of the consent SDK, not mine but I found it helpful.
- You need an option somewhere to change the user’s consent settings. (UI change)
- You need a privacy policy. You can use a PP generator here.
- Make sure your app and the play store have a privacy policy. (Potential UI change).
- Your privacy policy must be hosted somewhere so you can include it on google play and in app. Your privacy policy must state all SDK’s that are tracking PPI.
- Now you should be good to go, submit an update to google play
Alternative options
For a quick and cheap fix you can remove ads from your app. You will also have to remove any other SDK that uses PII. This might be a good temporary option if you need more time for development or deciding how to best execute these requirements. This might also be a good option if you have a complex case where your app is using more than an Advertising ID.
“you can optout of this requirement by removing any requests for sensitive permissions or user data.” — found in the Google Action Required email.
Conclusion
Getting this email can be a bit of a shock as you need to react very quickly for it not to negatively affect you. Adding the consent SDK is not rocket science but does take time. If you need more help resolving GDPR issues or with the consent SDK please contact me here.
