Google is warning removal from Play Store because of Violation of User Data, Permissions and APIs that Access Sensitive Information policies about braintree-android-drop-in HOT 16 CLOSED

Hi @EdoardoFoust - version 5.4.2 of this library should resolve this issue. Have you confirmed that all apps on all tracks have been updated to the compliant version?

We also always recommend updating to the latest version of the SDK, which is currently 6.14.0

from braintree-android-drop-in.

Thank you for your kind reply.
The app has been updated to 5.4.2 version from 5.4.0 of this library, but the issue is persistent.
The app in production has been updated to this version, in fact, Google is telling us that the problem is specific to this app, in particular Version code 156 (see screenshot).

The problem regarding the update of the SDK to 6.14.0 is that we don't have much time to perform it, but this will be done in the near future.

Is there any way to have Google accept the 5.4.2 version of this library?

Thank you again.

from braintree-android-drop-in.

We've confirmed with Google that there were no changes to the Play Store rules made recently that would block a previously compliant SDK version, but the enforcement team did move forward with apps that have not fixed the underlying issue in 1 or more of their tracks in the last day or so.

If you have confirmed that you are using a compliant version (5.4.2+, or 6.10.0+), please double-check all tracks (even private and unpublished tracks) and then to submit an appeal to Play directly.

See these steps for additional instructions on how to update all tracks.

from braintree-android-drop-in.

While i updated my app with these build plugin versions and even though i use the 3.21.0 version of paypal data collector

implementation 'com.braintreepayments.api:drop-in:3.+', { exclude group: 'com.android.support', module: 'appcompat-v7' exclude group: 'com.com.paypal.android.sdk', module:'data-collector'} implementation 'com.braintreepayments.api:data-collector:3.21.0' implementation 'com.paypal.android.sdk:data-collector:3.21.0'

I Then appealed to the issue in the google play console. And i received the following message from them:
I’ve reviewed your appeal request and found that your app is currently in violation of Google Play policy. Please resolve this issue by February 28, 2024 or your app will be removed from Google Play.

During review, we found that your app, x (xx.xx.xx)(App Bundle Version: 4, Track: Production) is not compliant with the Location Permissions policy:

We don’t allow apps that request location in the background for either unapproved and/or undisclosed purposes. Apps that request location in the background must successfully complete a console-based declaration process and adequately disclose use to users. You may not use permissions or APIs that access sensitive information that give access to user or device data for undisclosed, unimplemented, or disallowed features or purposes.

You can read through the Location Permissions policy page for more details and examples of common violations.

For example, your app currently contains Paypal Data Collector SDK or an SDK that one of your libraries depends on, which requests location in the background for either unapproved and/or undisclosed purposes.

You may consider moving to another SDK; removing this SDK; or if available from your SDK provider, upgrading to a policy-compliant version of this SDK that does not include the violating behavior.

According to the information provided by your SDK provider, you may consider upgrading the SDK version used in your app to 3.21.0. Please consult the SDK provider for further information.

Before resubmitting your app for further review, please make sure to DEACTIVATE the non-compliant APKs (App Bundle Version: 4, Track: Production) and increment the version number of the APK. Kindly note that all active APK versions need to be compliant.

Action required: Submit an updated app by February 28, 2024

Read through the Location Permissions policy for more details.
Make appropriate changes to your app, and be sure to address the issue described above. You may also want to check your app’s store listing for compliance, if applicable.
In addition to your Production release, if you have other release types that you use for testing and/or quality assurance checks (for example, Internal test, Closed, Open), please make sure to update those tracks as well.
Double check that your app is compliant with all other Developer Program policies.
Sign in to your Play Console account and submit the update to your app or upload the modified, policy-compliant APK across all tracks, and deactivate the noncompliant APK(s).
To deactivate a non compliant APK, please create a new release and upload a compliant APK to the same track.
Be sure to increment the APK version number and set the release to 100% rollout, in order to successfully override and deactivate the noncompliant APK.
If you are located in the EU, you may have additional redress options. Learn more about those potential options in the EU Out-of-Court Dispute Resolution Help Center. Routing ID: ZLFS

from braintree-android-drop-in.

@achalkias you'll need the latest version 3.21.1 to ensure compliance.

from braintree-android-drop-in.