skip to Main Content

Crossposting from here

Hello, I have received the following on 2 apps from gogIe that I build
a while back and have no idea on how to fix it! it goes like this: We
reviewed SDKs used by your app and found noncompliant version(s) of
SDK(s) which collects persistent device identifiers. Persistent device
identifiers may not be linked to other personal and sensitive user
data or resettable device identifiers.

Your app may face additional enforcement actions, if you do not
resolve this issue by February 28, 2024 .

Issue details

We found an issue in the following area(s):

Version code 4:
    SDK: Fabric (Firebase Crashlytics)- ID Bridging io.fabric.sdk.android:fabric (consider upgrading to version

com.google.firebase:firebase-crashlytics:18.4.0)

To bring your app into compliance, follow these steps :

You may consider upgrading to a policy-compliant version of this SDK,
if available from your SDK provider or removing the SDK.

Fabric (Firebase Crashlytics)- ID Bridging io.fabric.sdk.android:fabric: Consider upgrading to version

com.google.firebase:firebase-crashlytics:18.4.0 of the SDK.

2

Answers


  1. Chosen as BEST ANSWER

    After digging through our Google Play Console we found that for our own application we had an old APK marked with version 580 that was still available for older devices (API 15+).

    That APK was using an old version of firebase which at the same time had the famous io.fabric SDK mentioned in the email from Google Play.

    Removing all APK's that may include the io.fabric sdk thing and making a new release seems to address the issue.


  2. I released the last several updates directly without beta testing, and that seems to the be the problem. It looks like on Android you need to upload to the "Tracks" in beta to clear the old builds. So that they don’t get flagged in the future for an API violation you already fixed.

    I had a build in progress for the offending track, and I just submitted that to be reviewed.

    1. To find the offending app APK, I clicked the link in the message "Reviewed App Bundles"
    2. There I could see the version and track that was problematic.

    data policy violation android

    Offending APK version and track to update

    I don’t understand why I am forced to use the open/closed testing tracks, and maintain relevant builds there when they are paused or not used.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search