Google Play keeps detecting collection of personal and sensitive information, rejecting my app

Hey everyone,

Every time I submit an update to my Android app to Google Play, I get the following email:

As a premium game, and without the need for analytics, I’ve tried to remove any traces of data collection in my game, but I just keep getting this email after every resubmit. I have…

  • removed all Unity services (Analytics, Cloud Diagnostics, etc).
  • removed the built-in analytics module package and all packages except Unity UI, 2D Sprites, and the VSCode plugin.
  • removed all plugins from my project except I2 Localisation and Rewired, which both have nothing to do with collecting personal information.
  • removed references to SystemInfo.deviceName and SystemInfo.deviceModel.

What else can I disable, or what am I missing? I’m totally in the dark here, and Google Play’s email is totally not helpful.

Which Unity version are you using?

AFAIK, older Unity versions were collecting stuff regardless of anyone’s wishes.

I’m using Unity 2019.3.10f1.

That’s definitely not an old Unity version.

Any ideas @JeffDUnity3D @SamOYUnity3D ?

Also, because one of the above Unity employees is going to tell you this:

Can you try installing Charles Proxy ( https://support.unity3d.com/hc/en-us/articles/115002917683-Using-Charles-Proxy-with-Unity ) and see what kind of data is transmitted and towards where?

Followed the guide and was able to get Charles to work. These were the only two URLs that popped up:

Nothing related to my games, I presume… Weird?

What assets are you using, 3rd party? ad stuff? social stuff? All these things, especially asset store things are likely to set google or apple off, so it’s worth listening them.

I listed them in my original post: just I2 Localisation and Rewired. AFAIK neither of these plugins need or connect to internet, and Charles Proxy confirmed this I guess.

Do you have a link to a privacy policy from inside the game? Do you use Google Play Games services? I think those transmit user data. We are not targeting younger audience, so it’s probably less strict for us, but just to be sure we wrote a privacy policy that says: we use Google Play Games Services, read their Privacy Policy here.

It has worked for us, but as I said, the requirements are probably less strict for our game.

PS: Was Play Pass worth it?

I’m not (or rather ‘no longer’) using Google Play Games Services because of endless bugs and lack of support. I entered my privacy policy in the Google Play developer interface. I don’t have a link to my privacy policy in the game, but that shouldn’t be an issue as it’s not mentioned anywhere in the email from Google Play?

What I’m hoping to get at is that the email states that ‘they detected’ that I’m collecting information, which I’m not - or at least not knowlingly.

1 Like

I mean they do mention “disclosure” as being their problem, so I made a wild guess that what they wanted is you disclosing the data that Google Play Games Services collect.

But if you’re not using that… I don’t know. But Charles Proxy seems to point out that it’s not a Unity issue either? (generally Unity analytics stuff point to Unity end-points).

Maybe it is Unity’s fault after all? Coppa app rejected! Google Play Store detects Android DeviceID and Advertising ID even in empty app!

Seems like Unity’s maybe still reading Advertising ID and Device ID, they just never transmit them if you have everything off, but Google just detects the accessing part and rejects your app.

Good catch! Will subscribe to that thread too & hopefully push Unity into fixing this ASAP.

1 Like

I can confirm after reaching out to the Google Play team that they “detected that your app collects the following personal and sensitive information: Android Device ID and Advertising ID.” Unity calls these things internally. I’ve submitted a bug report and will wait for their answer.

1 Like

Can you share the bugID? We’ve had similar issues with Apple (unconfirmed if related) but we haven’t (yet) heard of a similar policy from Google https://discussions.unity.com/t/779015

Case: 1246484.

Would there be a similar workaround possible for Android after compiling the project to a Grandle project?

This issue would require an investigation first, we will let you know. I’m not familiar with a similar workaround at this point.

2 Likes

I have exactly the same problem. In the same way, they rejected an update. I asked the playstore team for more information and they answered:

You found some solution?

We are working on a solution, no ETA yet.

2 Likes

Hello everybody, I’m exactly un the same situation since few days. Anyone found à solution ?

Hey everyone,

My workaround for this problem is as follows:

  • I set “Does your app collect any personal and sensitive information?” to “Yes” in Store presence > App content > Target audience and content > App details.
  • I adding the following to my privacy policy: “Unity, one of the game engines I use (for Hidden Folks, for instance), implements an interface on Android to request a device’s Android Device ID and the Advertising ID. I don’t use these interfaces in my games whatsoever, and have confirmed through tests that the data that could be requested from these interfaces never leaves your device.”

As you would agree, this is a silly workaround. I am not a laywer and I have no right to advice you to include a line like mine in your privacy policy. I also actually did those tests (as you can read in a post above) but if you’re using ads or analytics, this might also not be the case for you. Anyway, tread carefully.

Google Play accepted my app update after the above changes.

2 Likes