search

crisp-im / crisp-sdk-android

:package: Crisp Android SDK, add a chat in any Android app and communicate with your users.
https://docs.crisp.chat/guides/chatbox-sdks/android-sdk/
Other
55 stars 17 forks source link

Sending device identifiers #163

Closed nfonjeannoel closed 5 months ago

nfonjeannoel commented 8 months ago

image

Hi there. I got this message from the Play Store after integrating Crisp chat. The message:

Your app is using device identifiers (IMEI, MAC address, Build Serial, etc.) and sending identifier data to a remote network address. This issue is commonly (but not only) found in apps using an outdated Advertising SDK. Our analysis suggests that for your APK, this behavior is caused by the Advertising SDK(s) 'bb' although there may be additional SDKs or source code contributing to it.

To stop receiving this warning, try updating or changing this (these) SDK(s) and check any other SDKs or code that may be using device identifiers. Sending device identifiers is not a best practice for most use cases and if you're using this identifier for advertising purposes, this may be a violation of Google Play policies and can affect your app's visibility on the Play Store.

So I just need to confirm if or not the message is coming from Crisp chat. Is it collecting device identifiers? If yes, is there a way to stop that? Thanks

Doc1faux commented 8 months ago

Hi @nfonjeannoel and thank you for your feedback.

The only thing which seems to be the closest of what Google says is our User-Agent used for REST/WebSocket calls which contains a reference to Build.VERSION.INCREMENTAL, I don't know if this is it or if this is against Google Play policies (it does not seem to as this is a software "id", only hardwares one are prohibited, see Best practices for unique identifiers ), it seems awkward as we cannot identify a device through this info as this is the build number of the Android OS not the device serial number or IMEI or MAC Address... Documentation says about it :

The internal value used by the underlying source control to represent this build. E.g., a perforce changelist number or a git hash.

We build the User-Agent upon:

It is formatted as APP_LABEL/APP_VERSION_CODE (Version ANDROID_VERSION (Build ANDROID_BUILD)). On our app on an Android 13 Emulator it appears as Crisp/500052 (Version 13 (Build 10940250)).

Build number can be found in Settings > About menu of the phone (see below)

Maybe this is the word Build which raises a warning on their side or simply its usage? This is the first time we get this warning from our users since the 1st release of the SDK and this User-Agent was here since the beginning ^^"

Can you ask Google if this is this is the issue with your app? If this is it, I will remove the Build.VERSION.INCREMENTAL from the User-Agent.

Best regards.

nfonjeannoel commented 8 months ago

thank you @Doc1faux I will message them and get confirmation. Thanks

Doc1faux commented 5 months ago

Hi @nfonjeannoel, do you have any update from the Google Play Store team?

While waiting your reply, I close the issue, do not hesitate to reopen it if we need to take action on our side ;)