How to Fix Violation of Usage of Android Advertising ID

How to Fix Violation of Usage of Android Advertising ID

Several of my clients have got the ‘Google Play policy violation warning’ email in the last 24 hours. The warning message reads something like, If you do not submit an app update within 7 days your app can will removed from google play. Here is a helping hand to help fix the problem.

GDPR

To fully understand the violation you need to know what GDPR is and what technologies in your app are relevant to it. Here is a good break down of what GDPR is. If you have not done anything for GDPR you may have a lot of work ahead . A user on Expo forums reported that he has no ads and one of his libraries unbeknown to him has been using Advertising IDs, be warned. A lot of common libraries like Firebase, Crashlytics, Fabric, AdMob and Play services use PII(personal Identifiable information).

Hopefully, the only unmanaged piece of PII in your app is the advertising ID. If you have any GDPR questions I will do my best to help, comment below.

Checklist of what you need to do

  • You need to add the consent SDK or make your own solution. The documentation can be found here. It is not too hard to follow. The consent SDK can vary in complexity depending on your ad situation.
As an app developer, you’ll need to collect user consent for both the ad technology providers returned by the Consent SDK and the providers from other ad networks. You’ll also need to manually store user consent responses and forward consent to the Google Mobile Ads SDK if the user consented to receive only non-personalized ads.
  • You need a privacy policy. You can use a PP generator here.
  • Make sure your app and the play store have a privacy policy. (Potential UI change).
  • Your privacy policy must be hosted somewhere so you can include it on google play and in app. Your privacy policy must state all SDK’s that are tracking PPI.
  • Now you should be good to go, submit an update to google play

Alternative options

For a quick and cheap fix you can remove ads from your app. You will also have to remove any other SDK that uses PII. This might be a good temporary option if you need more time for development or deciding how to best execute these requirements. This might also be a good option if you have a complex case where your app is using more than an Advertising ID.

“you can opt­out of this requirement by removing any requests for sensitive permissions or user data.” — found in the Google Action Required email.

Conclusion

Getting this email can be a bit of a shock as you need to react very quickly for it not to negatively affect you. Adding the consent SDK is not rocket science but does take time. If you need more help resolving GDPR issues or with the consent SDK please contact me here.