App removed from Google Play due to policy violation with Branch

@hubex_developers, @jess, @mgaylord

Thank you for your comments! I’ve done my best to follow your lead (and instructions), but my app is still not live. For a while, I thought it had something to do with my having an old 1.0 version stuck in the beta testing branch…

But following @mgaylord’s step-by-step guide to deleting old APKs, I generated a new 1.7.0 version (identical to the 1.6.0 except for version number) and promoted the beta branch. Now my app releases look like this, but the app is still not published.

Any suggestions as to what my next step ought to be?

@geirman - in our experience, Google is rather picky about changes like this being applied to all tracks, not just the production track. I’d suggest updating all of your tracks to use the same 1.7.0 version. You can do that in the same way that you did with the Production release, by clicking “Manage” on each track and creating a new release.

Hope this helps!

1 Like

@esamelson that did the trick! I really don’t need an internal test track though. Anyway I can just delete it all together, leaving just the production track for now?

1 Like

Thanks for the quick reply.

I did replace everything and reconnected to react-native-branch. But this wasn’t the issue.

The issue was with the .turtle directory. It wasn’t updated when I installed turtle-cli@0.5.15. When I removed it and reinstalled turtle-cli the app worked :metal:

1 Like

Hi Expo Team,

Yesterday my app is rejected from playstore and received a mail and mentioned issue as below,

Issue: Violation of Personal and Sensitive Information policy

I am just using camera and storage. Using Expo sdkVersion:32.0.0. What need to be done for this issue? Please give me a solution to publish the app again in playstore.

Hi @designqube, as Adam mentioned, could you please give us some more context (specifically, the full notice) in a new/separate post? We can’t really make a helpful recommendation without specifics :slight_smile: Thanks!

Was yours ever restored? I’ve removed old builds and now on the Store Listing screen they are “Processing update”. We’ve seen that in the past but it eventually went away and we were still not in the store.

Edit: Ours did eventually finish processing and was returned to the store.

No app restored. I’m still battling.

Sorry you’re still having to deal with this fiasco @johnfredadams. It’s odd that some are not encountering the same problem. Have you tried to get more information from Google as to why subsequent attempts are not passing?

Same thing here for us, we built a new binary and uploaded to play store, now when we edit store listing, it says “Processing update” and the submit button is greyed out. I will post an update if anything changes.

Google, just removed our app from Google Play due to a policy violation : Your app is using the Branch IO SDK, which is uploading users Installed Packages information to https://api.branch.io/v1/applist without a prominent disclosure. Prior to the collection and transmission, it must prominently highlight how the user data will be used, describe the type of data being collected and have the user provide affirmative consent for such use. Make sure to also post a privacy policy in both the designated field in the Play Developer Console and from within the Play distributed app itself.

I don’t know how https://api.branch.io/v1/applist is used… Can you help us ? Thank so much !!!

Hey @olivier974,

We discuss the proposed solutions in this blog post: https://blog.expo.io/changes-to-expo-branch-support-d002c4bc564e

Also, please be sure to scroll through the thread before posting as it can often reveal some information (such as the aforementioned blog post) that will provide you with an answer or solution.

Cheers,
Adam

Thank you for your answer @adamjnav. We have build:android the application and uploaded yesterday (24hours) with new incremental number and deploy. Everything worked perfectly but the application is still deleted with the new version. No email from google… Do you think we have to keep waiting? Whats should we do else? Thanks for your help.

{
  "expo": {
    "name": "*************",
    "description": "*************",
    "slug": "***********",
    "privacy": "unlisted",
    "sdkVersion": "32.0.0",
    "version": "1.1.33",
    "orientation": "portrait",
    "primaryColor": "#cccccc",
    "notification": {
      "icon": "./assets/theme/notification.png",
      "color": "#ffffff"
    },
    "loading": {
      "icon": "./assets/theme/chargement.png",
      "backgroundColor": "#ffffff",
      "hideExponentText": true
    },
    "icon": "./assets/theme/icon-android.png",
    "updates": {
      "fallbackToCacheTimeout": 0
    },
    "assetBundlePatterns": [
      "**/*"
    ],
    "ios": {
      "bundleIdentifier": "**************",
      "icon": "./assets/theme/icon-ios.png",
      "infoPlist": {
        "NSLocationWhenInUseUsageDescription": "**** uses your location to help you choose ********"
      },
      "config": {
        "googleMapsApiKey": "********************"
      }
    },
    "android": {
      "versionCode": 13,
      "package": "*********",
      "permissions": [],
      "config": {
        "googleMaps": {
          "apiKey": "********************"
        }
      }
    }
  }
}

npm update was done before the android:build

{
  "name": "*******",
  "main": "node_modules/expo/AppEntry.js",
  "private": true,
  "scripts": {
    "start": "expo start",
    "android": "expo start --android",
    "ios": "expo start --ios",
    "eject": "expo eject",
    "test": "node ./node_modules/jest/bin/jest.js --watchAll"
  },
  "jest": {
    "preset": "jest-expo"
  },
  "dependencies": {
    "axios": "^0.18.0",
    "expo": "^32.0.6",
    "react": "16.5.0",
    "react-native": "https://github.com/expo/react-native/archive/sdk-32.0.0.tar.gz",
    "react-native-checkbox": "^2.0.0",
    "react-native-keyboard-aware-scroll-view": "^0.8",
    "react-native-picker-select": "^5.2.5",
    "react-navigation": "^3.9.0"
  },
  "devDependencies": {
    "jest-expo": "^32.0.0"
  }
}

What if you import DangerZone but aren’t using the Branch part of it - will that still include the Branch SDK?

I am using DangerZone.Localization and I’m thinking that is causing expo to still include Branch in my build even though I’m not using Branch

Hi all,

We got same issue but just resolved and app re-published.

Let us share the successful experience below:
Must do:

  • By Expo team, expo build:android ( --no-publish flag is optional)
  • Update all Internal testing apk to new build. 99% sure that anywhere (e.g. internal testing) pointing to old apk will fail the re-submission.
  • Delete apk: https://branch.app.link/apk-removal-guide

***Not sure step below necessary ***

After resubmited, we got published again after about 15mins.
(1 key thing: We re-submitted the app without removing the old apk in internal test. We don’t get response for 2 days so we believe it takes less than 30 mins for approval if you’ve done the right things)

Good luck everyone.

Rgds,
Gil

Hi all,

Thank you @ongilgil, @adamjnav for your help. Nothing works for us.

I’m going crazy with this story. I rebuilt the application 5 times, upload, deploy… No problem… I deleted the old apk. Remove BETA, TEST. I have condition of use page accessible in our application, google play and our website.

I am waiting for 7 days. I contacted google support last Thursday, no response. During this time our service is inaccessible for our customer.

Silence… without any feedback from google impossible to understand where come from the problem. I do not know what to do.

Here is the mail we received last week :

Hi Developers at ****************,

After review, ****************, ****************(Version Code:2), has been removed from Google Play due to a policy violation. This app won’t be available to users until you submit a compliant update.

Issue: Violation of Personal and Sensitive Information policy

We’ve identified that your app is using an SDK or library that facilitates the collection and transmission of installed packages information without meeting the prominent disclosure guidelines.

If necessary, you can consult your SDK provider(s) for further information.

Next steps: Submit your app for another review

Read through the Personal and Sensitive Information policy and make the appropriate changes to your app. Your app is using the Branch IO SDK, which is uploading users Installed Packages information to https://api.branch.io/v1/applist without a prominent disclosure. Prior to the collection and transmission, it must prominently highlight how the user data will be used, describe the type of data being collected and have the user provide affirmative consent for such use. Make sure to also post a privacy policy in both the designated field in the Play Developer Console and from within the Play distributed app itself.
Make sure your app is compliant with the User Data policy and all other Developer Program Policies. Additional enforcement could occur if there are further policy violations.
Sign in to your Play Console and upload the modified, policy compliant APK. Make sure to increment the version number of the APK.
Submit your app.
If you’ve reviewed the policy and feel this removal may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.

Best,

Lori

Google Play Review Team

After resending your apk and deleting the troubled version, be sure to resubmit your app.:

In order to show your app on Google Play, please submit your app again:

  1. Sign in to your Play Console.
  2. Select your app.
  3. Select Store presence > Store listing .
  4. Click Submit update or Resubmit app .

If the submit button is grayed out, you can make a minor change to your store listing to activate the button. For example, add a space after your app title and then delete it. Once the button turns blue, you can submit your update.

If you’re an AdMob publisher, please contact the AdMob team to re-enable ad serving.

1 Like

For those who still seem to be affected, can you please:

  • Ensure you have put an updated (Branch-less) apk in every release track for your app, not just the production track

  • Check to make sure you don’t have any old builds containing branch in your alpha, beta and internal tracks

Hi everyone, Alex from the Branch team here :wave: .

I’d like to apologize for this confusion and clarify the situation with a bit of background.

Branch is a mobile measurement and deep linking platform. We exist to do two things: 1) help developers offer awesome, seamless user experiences (e.g., deferred deep linking and referral programs), and 2) provide accurate measurement so developers are able to see how their user acquisition campaigns (ads, email, social media, smart banners, etc.) are performing.

Early in 2015, Branch introduced an analytics functionality that would read the package names of other apps installed on the device, intending to provide metrics around this to developers. Gathering this data was common practice for many apps and not a violation of Play Store policies. We sunset this product in early 2016 and updated our API to silently drop this data whenever it was sent by the SDK. However, the code itself remained in the Android SDK.

Google informed us in 2017 that, even though Branch is not storing or using the data, this API endpoint should be removed and that apps using older versions of the Branch SDK should be updated to the current version to remain in compliance. We removed the API endpoint and worked with app developers to encourage SDK updates. Google recently reached out and wants to take more aggressive action on apps that still contain non-compliant SDK versions in older APKs.

Basically, there are two situations that cause Google to flag an app in the way you’ve been observing in this thread:

  1. Your app is still using an old version of the Branch SDK in the current release (< v2.11.0 of the native Branch Android SDK, which was < v2.0.0 of the Branch React Native wrapper, which appears to be < v28.0.0 of the Expo SDK)
  2. The version of the Branch SDK in your current release is safe, but older APK versions still exist in the Play Store Console that contain a non-compliant SDK version.

For developers using Expo, this appears to be more complicated for two reasons:

  1. It appears the Expo SDK contained a non-compliant version of the Branch SDK until mid-2018.
  2. Due to Expo’s automatic module handling (which as noted above, has now been temporarily updated to exclude the Branch module), you might not have even realized that the Branch SDK is in older APK versions on the Play Store.

Fortunately, resolving this is pretty straight-forward: once 1) the current release of your app is updated and 2) older APKs are removed (in this case, I believe that would mean removing any app build created with a version of Expo SDK older than v28.0.0), you should have no further issue from Google.

I’ve been in touch with the Expo team to make sure we have a path forward for getting the Branch module back in ExpoKit. In the meantime, please feel free to reach out to support@branch.io with any specific questions or concerns.

Thank you for your support. I have updated the branch sdk for android to the latest (3.1.0) and I am in the process to redeploy the app, is there any need to update my privacy policy to mention branch ?