There’s been an uptick among Android developers receiving warnings from the Google Play team. The issue appears to be crash reporting, which is a common feature developers build into apps. Google now seems to be of the opinion that most crash reports count as sensitive data, and developers have to include a “Prominent Disclosure.” Affected developers are getting 30 days to implement a fix and resubmit, but as usual, Google’s violation email is light on details.
Here’s the (redacted) email posted to the /r/redditdev subReddit, which several other devs report receiving in the last few days.
This is a notification that your application, XXXXXXXXXXXXX, with package ID xxxxxxxxxxxxxxx, is currently in violation of our developer terms. Your app is collecting user data via crash reporting and must comply with the Prominent Disclosure Requirement of our User Data policy.
Action required: Please make modifications to bring your app into compliance within 30 days of the issuance of this notification, or your app will be removed. You may want to consider adding a dialog notifying users of user data collection during crash reporting to ask their consent before the collection occurs.
It’s possible Google has just reevaluated what it considers to be personally identifying or sensitive data, or there could be some specific policy change in the works. This is just speculation, but the new focus on data privacy might be a response to the Cambridge Analytica scandal. In any case, developers should take a look at how they handle crash reporting.