Crossposting from here
Hello, I have received the following on 2 apps from gogIe that I build
a while back and have no idea on how to fix it! it goes like this: We
reviewed SDKs used by your app and found noncompliant version(s) of
SDK(s) which collects persistent device identifiers. Persistent device
identifiers may not be linked to other personal and sensitive user
data or resettable device identifiers.Your app may face additional enforcement actions, if you do not
resolve this issue by February 28, 2024 .Issue details
We found an issue in the following area(s):
Version code 4: SDK: Fabric (Firebase Crashlytics)- ID Bridging io.fabric.sdk.android:fabric (consider upgrading to version
com.google.firebase:firebase-crashlytics:18.4.0)
To bring your app into compliance, follow these steps :
You may consider upgrading to a policy-compliant version of this SDK,
if available from your SDK provider or removing the SDK.Fabric (Firebase Crashlytics)- ID Bridging io.fabric.sdk.android:fabric: Consider upgrading to version
com.google.firebase:firebase-crashlytics:18.4.0 of the SDK.
2
Answers
After digging through our Google Play Console we found that for our own application we had an old APK marked with version 580 that was still available for older devices (API 15+).
That APK was using an old version of firebase which at the same time had the famous
io.fabric SDK
mentioned in the email from Google Play.Removing all APK's that may include the
io.fabric
sdk thing and making a new release seems to address the issue.I released the last several updates directly without beta testing, and that seems to the be the problem. It looks like on Android you need to upload to the "Tracks" in beta to clear the old builds. So that they don’t get flagged in the future for an API violation you already fixed.
I had a build in progress for the offending track, and I just submitted that to be reviewed.
I don’t understand why I am forced to use the open/closed testing tracks, and maintain relevant builds there when they are paused or not used.