search

newrelic / newrelic-android-agent

SDK to enable instrumentation of Android mobile apps in New Relic
Apache License 2.0
13 stars 12 forks source link

Play Store Rejection: Installed Application information #257

Closed appsandwich closed 1 month ago

appsandwich commented 1 month ago

Description

Apologies if this is filed under the wrong category.

We recently received notice from Google that our app update is in violation of Play Store policy, due to collection of Installed Application information being sent to New Relic.

APK REQUIRES PROMINENT DISCLOSURE​ Your app is not compliant with the User Data and Mobile Unwanted Software policies. Your app is uploading users' Installed Application information to https://mobile-collector.newrelic.com/ without a prominent disclosure.

image

Google are asking us to present the user with additional UI to prompt the user to agree to the collection of this data by New Relic.

Steps to Reproduce

Expected Behavior

Relevant Logs / Console output

Your Environment

Additional context

JustinRush-NR commented 1 month ago

@appsandwich The New Relic Mobile SDK itself does not collect any information about apps installed. It's possible your app's instrumentation is collecting some information about other installations and reporting them via New Relic, but the SDK itself will only collect telemetry about the app in which it is included.

appsandwich commented 1 month ago

It's possible your app's instrumentation is collecting some information about other installations and reporting them via New Relic

Thanks for the quick reply @JustinRush-NR

Re: the quoted text, would you mind elaborating a little on this? The only other instrumentation we're using is Firebase Crashlytics, and we're not collecting this information ourselves, so I'm at a loss as to how this information would end up being reported to NR.

JustinRush-NR commented 1 month ago

It's difficult to guess without more information. The only concrete detail in the message is a reference to our mobile collector, but that's just the endpoint all telemetry from the New Relic agent is sent to. The agent won't collect anything about other applications unless it is explicitly configured to do so. There are no methods available in the SDK to directly facilitate collecting data about any other application.

appsandwich commented 1 month ago

Thanks, appreciate the info. I've spent some time inspecting the traffic coming from our app and I don't see anything that would resemble the data that Google are claiming we're sending. I suspect it's a false positive on their end, so we'll have to try and appeal the rejection.