oleksii-kondratiuk
commented
14 hours ago This is the screenshot of the conversation with the support. They fixed it in a minor release without notifying customers and did not even mention it in the changelog: https://docs.sumsub.com/docs/react-native-module-changelog
At least we have the fix.
We are using SumSub API for identity verification purposes in our React Native application. Recently, our app was flagged by Google Play Store for violating their User Data Policy. According to Google, the app is allegedly uploading users' installed applications information to https://api.sumsub.com without a proper disclosure or consent.
We have thoroughly reviewed our codebase and confirmed that we are not intentionally collecting or sending this type of data. We are only using the SumSub API to perform KYC (identity verification) as per your documentation. Below is the exact error message we received from Google:
Email Content from Google:
Hi Eren Vardar,
Thanks for your reply.
I see you have made a new submission, however, your app, Finnova (com.finnovadigital, App Bundle: 33, Track: Production) is still not compliant with the User Data policy as it's uploading users' Installed Application information to https://api.sumsub.com without a prominent disclosure.
We understand that you've added a prominent disclosure within the app, however, it does not describe the data (installed application) being accessed or collected. Additionally, based on the screenshot you provided, it seems like the prominent disclosure will only present during account verification which we are unable to verify for compliance.
To fix this issue, we recommend you to place the prominent disclosure upon the app launch with the following example format: “[This app] collects/transmits/syncs/stores [type of data] to enable ["feature"], [in what scenario]." Please review Best practices for prominent disclosure as guidelines for your prominent disclosure.
Once you have fixed the issue, please follow the steps below and submit an update with the increased version number to your app: Go to your Play Console. Select the app. Go to App bundle explorer. Select the non-compliant APK/app bundle's App version at the top right dropdown menu, and make a note of which releases they are under. Go to the track with the policy issue. It will be one of these 4 pages: Internal / Closed / Open testing or Production. Near the top right of the page, click Create new release. (You may need to click Manage track first) If the release with the violating APK is in a draft state, discard the release. Add the policy compliant version of app bundles or APKs. The non-compliant version of app bundle version 33 under the "Not included" section of this release. For further guidance, please see the "Not included (app bundles and APKs)" section in this Play Console Help article. The new release is rolled out 100% and completely deactivates the non-compliant APK. To save any changes you make to your release, select Save. When you've finished preparing your release, select Review release. If the non-compliant APK is released to multiple tracks, repeat steps 5-9 in each track.
Could you please confirm:
Looking forward to your guidance on resolving this issue.