**Update September 29 2018** How to Fix Violation of Usage of Android Advertising ID
Use this warning as a chance to become GDPR compliant. If you have ads use the consent SDK. Ad granular consent for your items that collect PII. Enable an option to delete and export data.
Several of my clients have got the ‘Google Play policy violation warning’ email in the last 24 hours. The warning message reads something like, If you do not submit an app update within 7 days your app can will removed from google play. Here is a helping hand to help fix the problem.
To fully understand the violation you need to know what GDPR is and what technologies in your app are relevant to it. Here is a good break down of what GDPR is. If you have not done anything for GDPR you may have a lot of work ahead . A user on Expo forums reported that he has no ads and one of his libraries unbeknown to him has been using Advertising IDs, be warned. A lot of common libraries like Firebase, Crashlytics, Fabric, AdMob and Play services use PII(personal Identifiable information).
Hopefully, the only unmanaged piece of PII in your app is the advertising ID. If you have any GDPR questions I will do my best to help, comment below.
Checklist of what you need to do
- You need to add the consent SDK or make your own solution. The documentation can be found here. It is not too hard to follow. The consent SDK can vary in complexity depending on your ad situation.
As an app developer, you’ll need to collect user consent for both the ad technology providers returned by the Consent SDK and the providers from other ad networks. You’ll also need to manually store user consent responses and forward consent to the Google Mobile Ads SDK if the user consented to receive only non-personalized ads.
- Here is a semi-working implementation of the consent SDK, not mine but I found it helpful.
- You need an option somewhere to change the user’s consent settings. (UI change)
- Now you should be good to go, submit an update to google play
For a quick and cheap fix you can remove ads from your app. You will also have to remove any other SDK that uses PII. This might be a good temporary option if you need more time for development or deciding how to best execute these requirements. This might also be a good option if you have a complex case where your app is using more than an Advertising ID.
“you can optout of this requirement by removing any requests for sensitive permissions or user data.” — found in the Google Action Required email.
Getting this email can be a bit of a shock as you need to react very quickly for it not to negatively affect you. Adding the consent SDK is not rocket science but does take time. If you need more help resolving GDPR issues or with the consent SDK please contact me here.