search

AndlyticsProject / andlytics

Google Play - Android Market statistics app
Other
535 stars 181 forks source link

[Google Accounts] Information about your Andlytics app #766

Open johnjohndoe opened 5 years ago

johnjohndoe commented 5 years ago

On March 18, 2019 I received the following email from Google Accounts <google-accounts-noreply@google.com>:

Hi,

We're contacting you because you are an active user of the Andlytics Android app. We've found that Andlytics requests access to more of your data than they need for their stated purposes. Although we don't suspect malicious intent, such requests violate our User Data Policy.

As part of our ongoing efforts to strengthen your data privacy, we will reduce the ways in which Andlytics can access data from your Google Account. This change will go into effect starting March 25, 2019.

As a result of this change, some Andlytics features could stop working for you. We've reached out to the Andlytics app developers about the upcoming change, and they may update the app to request your data in safer, more transparent ways.

You can always view, manage and remove apps you’ve given access to your account by visiting your Google Account page.

Thanks, The Google Accounts team

How are you going to address the case?

Related

nelenkov commented 5 years ago

Got the same message but, it is not clear what they want us to do. Presumably project owner (@AndyScherzinger ?) got some more detailed information?

Worst case scenario, app stops working and we (temporarily) unpublish it.

AndyScherzinger commented 5 years ago

Hi @johnjohndoe, hi @nelenkov, here is the mail I got from Google:

Hello Google Play Developer,

Our records show that your app, Andlytics, with package name com.github.andlyticsproject, currently violates our User Data policy regarding Personal and Sensitive Information.

Policy issue: Google Play requires developers to provide a valid privacy policy when the app requests or handles sensitive user or device information. Your app requests sensitive permissions (e.g. camera, microphone, accounts, contacts, or phone) or user data, but does not include a valid privacy policy.

Action required: Include a link to a valid privacy policy on your app's Store Listing page and within your app. You can find more information in our help center.

Alternatively, you may opt-out of this requirement by removing any requests for sensitive permissions or user data.

If you have additional apps in your catalog, please make sure they are compliant with our Prominent Disclosure requirements.

Please resolve this issue by March 15, 2017, or administrative action will be taken to limit the visibility of your app, up to and including removal from the Play Store. Thanks for helping us provide a clear and transparent experience for Google Play users.

Regards,

The Google Play Team

https://play.google.com/about/privacy-security-deception/personal-sensitive/ https://support.google.com/googleplay/android-developer/answer/113469#privacy

johnjohndoe commented 5 years ago

Maybe, a) the privacy policy (http://mytrans.it/misc/andlytics_privacy.htm) which you provide via Google Play is not good enough or b) the same must be available within the app.

nelenkov commented 5 years ago

This mail seems a bit old... Privacy policy is already accessible from the the app, so I'm guessing different issue.

johnjohndoe commented 5 years ago

Ah, then it might be a)

AndyScherzinger commented 5 years ago

I checked my mails again and haven't gotten any other mail from Google :/

Enigma644 commented 5 years ago

There's a link to the privacy policy in the app details in Google play. You need to paste the link in there for this to get resolved

Enigma644 commented 5 years ago

FYI The privacy policy link is under: Store Presence , Store Listing, Privacy Policy.

AndyScherzinger commented 5 years ago

Hmm, I just checked and the privavy policy link is also part of the store listing already. So no idea what is missing and also no email from Google after 2017...

Enigma644 commented 5 years ago

In order to check the privacy policy link was there, I had to type the exact app name into Google Play or else it didn't show, so I'm pretty sure they're already doing their "hiding" the app thing.

Also I can't authenticate at all anymore! When I refresh my stats, "Authentication failed for: ###". I tried a clean install too. Same issue.

I don't think your privacy policy is correct. It's got stuff in there about credit cards and other unrelated things.

I would write a new one with https://app-privacy-policy-generator.firebaseapp.com/ as a starting template. Then email google for them to re-review.

johnjohndoe commented 5 years ago

My assumption is that Google wants the app to shrink down its account access requirements. If I remember correctly, the Google Account page states "Has full access to your Google Account" for Andlytics. Do you know if the app can request more specific account access aka. less then "full access"?

AndyScherzinger commented 5 years ago

Maybe @nelenkov or @willlunniss know. Usually I only worked on the UI parts of the app.

nelenkov commented 5 years ago

Right, the way it worked is get a 'full access' token for Chrome and then exchange that for a dev console token. The official dev console app directly obtains a dev console token, but last I checked, it was not possible to get one from Andlytics. Maybe this has changed in the mean time, but kind of doubt it.