Overview
You are a BiznessApps user, and your app was removed/not accepted by Google Play with the following rejection message: "APK Has a Prominent Disclosure but the Disclosure is Not Adequate".
Solution
In August 2022, as announced by Google, all new apps uploaded to the Google Play Store must present a prominent disclosure where users may not reasonably expect their personal and sensitive user data to be required for policy-compliant features or functionality within an app.
Due to the way BiznessApps works, all apps use the same underlying codebase. Even if your app only makes use of a certain feature, when you generate an AAB/APK for publishing, all features offered by BiznessApps will be present in its source code. Thanks to this you are able to add a new feature to your app even when it's already live in the Play Store.
This also explains the rejection in question, as one of the libraries we use to enable online payments through the Food Ordering and Merchandise features will retrieve a user's phone number as a fraud-check method.
Therefore, to comply with Google's new prominent disclosure policies, we have updated our default Privacy Policy and altered our GDPR consent. While the former should happen automatically, the latter needs to be enabled manually by following the instructions below:
- Log on to your app in the BiznessApps CMS.
- Navigate to Create > Build.
- Under the App Onboarding section, select the Sign-up | Log-in feature.
- If you are using the Group Management Add-on, this will show up as Group Log-in.
- If you are using the Group Management Add-on, this will show up as Group Log-in.
- Scroll down until you see the Consent section, toggle it on, and click Edit.
- Three new sections will appear - Heading, Email Marketing Message, and Analytics Data Message, which should be filled out as follows, inserting your app/organization name where applicable:
- Heading:
"Data usage policy. Please scroll down and check both boxes to agree with our terms and to be able to use the app." - Email Marketing Message:
"If you have supplied your email address as part of your use of the Application, APP NAME HERE may, subject to the applicable law, occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what is going on with the APP NAME HERE. We primarily use our various product blogs to communicate this type of information, so we expect to keep this type of email to a minimum." - Analytics Data Message:
"In order for some services and in-app functions to work, APP NAME HERE may collect and/or store personally identifiable information such as:
Phone Numbers;
Email Addresses;
Installed Application information; and
Location InformationAnd only for the purposes required in order to maintain proper in-app functionality. This information will only be shared with third parties as required to maintain proper in-app functionality."
- Heading:
- Once finished, make sure to save all of your changes.
- Please note that we automatically add more text to the end of this due to Google's requirements. This extra text explains how the data is processed and why it is needed.
- Finally, proceed to Republish Your App to generate a new AAB with these changes, and then Upload It To The Google Play Store.
By following these steps, the Google Play Store will accept your app update, and the app will be once again available to your users.
Note: Google might still reject the app even though it is compliant. If this happens with your app and you're sure that you have properly followed the steps above, please fill out an appeal with Google so they can manually review the app and see the consent window. If possible, access your app's PWA version and get screenshots of the consent window there to add to the appeal.
Comments
4 comments
For resellers: I don't think the last step is required, where you generate and upload a new AAB file. I had this warning pop up for an existing app. I enabled the GDPR feature, and 8 days later, my app was still live on the Google Play Store (despite being told it would be removed in 7 days.) So I think their bots are automatically rescanning the app for that feature, and a new AAB upload isn't required. This is just from personal experience.
Kurt,
It looks like you're correct, at least for existing Google Apps that have Google App Key Signing. This is what appears in that case:
Therefore, the BA article, https://support.biznessapps.com/hc/en-us/articles/4404665506706-Google-Play-Store-Requires-New-AAB-Format-for-BiznessApps-App-Submissions, needs updated. That article indicates there will be an option to "OPT IN" under App Integrity, when, in fact, if you have Google App Signing Key, that option is not available. That is what makes me think you're correct about not needing to upload a new AAB as a final step.
Hello Betsey and Kurt,
While it might not be required for all apps, we still recommend submitting a new AAB file since we want to make sure Google will review the app again.
On the off-chance that the app is still not compliant, you'll know from their rejection what needs to be addressed.
I am getting this error from Google, but they are citing "Installed Application" as needing prominent disclosure. This needs to be added to the Privacy Policy.
Also can the Privacy Policy be dated something other than August 16, 2022....especially since it has been updated since then.
APK HAS A PRIVACY POLICY BUT IT IS NOT ADEQUATE
Please sign in to leave a comment.