Google Play (Issue found: Invalid Data safety section)

Bugs
#1

I’m updating my app in Play Market. And get warning from google
SPLIT_BUNDLE 1: Policy Declaration - Data Safety Section: Device Or Other IDs Data Type - Device Or Other IDs (some common examples may include Advertising ID, Android ID, IMEI, BSSID)

I do not collect anything, there are no analysts.

1)Defold 1.3.3
2)permissions

<uses-permission android:name="android.permission.WAKE_LOCK" />

3)Dependencies

dependencies#0 = https://github.com/AGulev/jstodef/archive/1.3.0.zip
dependencies#1 = https://github.com/DanEngelbrecht/LuaScriptInstance/archive/master.zip
dependencies#2 = https://github.com/d954mas/defold-box2d/archive/refs/tags/0.9.2.zip

2022-06-27_15-12-19
2022-06-27_15-12-191026×628 52.6 KB

#2

I have no ideas, how google detect it.
I upload my game to “Open testing” and after review(1-2 hours) get email from google.

#3

Maybe it something with android_id?
Defold always try to get it

#4

I haven’t heard of this before and I’m not entirely sure of its meaning.

“We detected user data transmitted off device that you have not disclosed in your app’s Data safety section as data user collected.”

The three extensions you have do not transmit any data and Defold itself surely does not. It is true that we get the device id to populate one of the sys.get_sys_info() fields, but the data is not transmitted anywhere…

You should be able to complete/update the Data safety form for your app to get rid of the warning though:

#5

Yes I can complete data safety and set that I collected android_id.

But it is strange behavior. I do not collected anything(

#6

It would be great if they mentioned which data, and also how they detected that.
In theory you could collect a lot of data and encrypt it and send it over http, and how would they know?
Is it perhaps the fact that the android id was collected at all?

#7

Yes, but that all information that i get(
It is some id

1 Like
#8
#9

It probably is. I don’t think Google will know what happens with the value after it is retrieved. I think they only check if we have code to get it or not.

2 Likes
#10

Maybe then this method should be in a separate extension as we did before with advertisement info?

2 Likes
#11

If so, I think it perhaps should.

1 Like
#12

For now, i fill in data safety policy that device_id is collected.
It solved a problem.

But if you try to fix that issue it will be cool:)

1 Like
#13

I’m concerned that this is a breaking change. If we decide to move it to an extension then maybe we should still keep the device_id field around in sys.get_sys_info() and replace it with an UUID generated from a MAC address (and maybe emit a warning or something).

Could you please create a ticket on GitHub?

#14
3 Likes