search

kotoMJ / security-showcase-android

Sample application pointing some security related practices on Android device.
131 stars 11 forks source link

BIND_DEVICE_ADMIN again in troubles #39

Open kotoMJ opened 5 years ago

kotoMJ commented 5 years ago

After review, Security Showcase, cz.koto.securityshowcase, has been removed from Google Play because it violates the deceptive device settings changes policy.

You must explain to users why you are requesting the 'android.permission.BIND_DEVICE_ADMIN' in your app. Apps must provide accurate disclosure of their functionality and should perform as reasonably expected by the user. Any changes to device settings must be made with the user's knowledge and consent and be easily reversible by the user.

Next Steps Read through the Deceptive Device Settings Changes policy for more details, and make sure your app complies with all policies listed in the Developer Program Policies. If you don't need the BIND_DEVICE_ADMIN permission in your app: Remove your request for this permission from your app's manifest. Sign in to your Play Console and submit the modified, policy compliant APK. Or, if you need the BIND_DEVICE_ADMIN permission in your app: Include the following snippet in your app’s store listing description: “This app uses the Device Administrator permission.” Provide prominent user facing disclosure of this usage before asking the user to enable this permission within your app. Your disclosure must meet each of the following requirements: Disclosure must be displayed in normal course of usage of your app. Your users should not be required to navigate into a menu or settings to view disclosure. Disclosure must describe the functionality Device Admin permission is enabling for your app. Each security policy used with the Device Admin request must be declared in your disclosure, and each policy must be accompanied with justification for the request. Disclosure cannot only be placed in your privacy policy, terms of service or end user license agreement (EULA). If approved, your app will again be available with all installs, ratings, and reviews intact.

Regards, Joy Google Play Review Team

kotoMJ commented 5 years ago

I already solved this issue in the past by adding ability to enable/disable device admin from the app when enabling/disabling app security. I expect I don't have sufficient disclosure in playstore and also I have no privacy policy linked in playstore. I will update them and let's see if it helps to return the app back.