Groundhog Day: Google Play keeps removing apps for the same false reasons.

Google requires that apps send sensitive information over https, and it also requires that you prominently disclose what you’re doing with user data.

This ‘a good thing’. I fully support these requirements.

Unfortunately, Google keeps removing my apps from the store for breaking these rules when I 100% definitively do not.

All my Android apps offer you an option to get setup instructions sent to you by email. This is the process:

1) I offer to send you instructions. You click on the orange button ‘Yes Send me details’

2) I open up a new page where you enter your email address and click the orange button ‘Send’

You won’t be surprised that this sends your email address to my server where I use it to send you instructions.

Naturally – that data is sent over https.

Here is where it gets frustrating:

First Removal

17th May:Message from Google Play:

After review, VLC Remote, com.hobbyistsoftware.android.vlcremote_us, has been removed from Google Play because it violates our personal and sensitive information policy.

…must handle the user data securely,… (for example, over HTTPS)….Your app is not currently handling user data securely.

I wrote back to explain that yes – my app is using https. They respond to say that ‘If, after making changes, you think your app is in compliance, please submit your app for another review.’

I clarify that I’m not making any changes – because none are required and resubmit.

25th May: They respond to say

Good news – I see your app, VLC Remote (com.hobbyistsoftware.android.vlcremote_us), was resubmitted earlier and has been approved.

Second Removal

29th May: A Very Similar Message

After review, VLC Remote, … has been removed from Google Play because it violates our personal and sensitive information policy … This app won’t be available to users until you submit a compliant update.

We go through the same dance. I explain that it isn’t violating their policy. It does send the user’s email to my server, but only when explicitly asked to – and over https.

They approve the resubmission.

Seriously – Again???

6th June:

After review, VLC Remote, com.hobbyistsoftware.android.vlcremote_us (Version Code: 47963), has been removed from Google Play because it violates our personal and sensitive information policy

The focus now is on ‘Prior to the collection and transmission, it must prominently highlight how the user data will be used, describe the type of data being collected and have the user provide affirmative consent for such use.’

I’m lost for words here. Supposedly, someone has reviewed the app. And they have looked setup help process. They clicked on ‘yes send me details’ then entered their email address, clicked ‘Send’ and they consider that I haven’t been clear about what is going on.

Incidentally – I had the exact same process with VLC Streamer on 20th March.

And of course my app is off the store – and not making any sales

I’ll build again, submit again and see what happens. This is getting very boring though…

Removed again – despite already being removed, and not having resubmitted yet!

13th June:

After review, VLC Remote, … has been removed from Google Play because it violates our personal and sensitive information policy

Your app is uploading users’ email information to … without posting a privacy policy in both the designated field in the Play Developer Console and from within the Play distributed app itself. Your app must also handle user data securely, … (for example, over HTTPS).

I’m guessing that my ‘this is ridiculous’ email triggered a review.

This time, the primary objection is that the app must have ‘a privacy policy in both the designated field in the Play Developer Console and from within the Play distributed app itself’

Of course – I do.

I know this because on the 29th May, VLC Remote was removed for exactly that reason.
On the 29th of May – it was correct. I did have a privacy policy linked in the store – but it wasn’t within the app itself. This app has been up for years, and I don’t know when the requirement came in to have the privacy policy within the app.

Anyway – after the email of the 29th of May, I sent in an update which added the privacy policy into the app within the settings page. I resubmitted and was approved.

At the time, I thought it was ridiculous that Google would remove the app from the store immediately over a violation like this. They could easily have sent me an email and given me (say) 7 days to put things right.

It was more ridiculous than removing me for the same reason _after_ I have fixed the problem.

btw; In the Apple store, when you submit an app for review, there is a ‘reviewer notes’ field. You can use this to let the reviewer know anything you think is important.

For example you might let them know where the privacy policy was shown (in the settings) – or that you always upload sensitive data over https. Google has nothing like this, and clearly doesn’t keep notes on review decisions / appeals.

I’m going to respond to the latest email with a link to this blog post. We’ll see what happens.