Keywords: Google Play Policies | Data Safety Section | Device Or Other IDs | Android Development | Compliance Configuration
Abstract: This article addresses the rejection of Android apps on Google Play due to non-compliance with the Data Safety section requirements. It provides an in-depth analysis of disclosure requirements for Device Or Other IDs data types, detailed configuration steps in Play Console including data collection declarations, encrypted transmission settings, and user deletion permissions, along with code examples demonstrating proper implementation of device ID collection and processing to help developers quickly resolve compliance issues.
Problem Background and Policy Requirements Analysis
Google Play, as the world's largest Android app distribution platform, has been continuously strengthening user data protection regulations in recent years. According to the latest policy requirements, all listed apps must accurately complete the Data Safety section to fully disclose user data collection and sharing practices. Even if an app does not collect any user data, it must explicitly declare this fact.
In actual review processes, common non-compliance issues often focus on the Device Or Other IDs data type. These identifiers include advertising IDs (Advertising ID), Android IDs, IMEI, BSSID, and other device-unique identifiers. When an app transmits this data off-device without proper declaration, it triggers policy violations.
Technical Implementation and Compliance Configuration
To resolve Data Safety section non-compliance issues, developers need to ensure consistency at both the technical implementation and platform declaration levels. The following code examples illustrate how to properly implement device ID collection and processing:
// Compliant implementation for obtaining Advertising ID
public String getAdvertisingId(Context context) {
AdvertisingIdClient.Info adInfo = null;
try {
adInfo = AdvertisingIdClient.getAdvertisingIdInfo(context);
if (adInfo != null && !adInfo.isLimitAdTrackingEnabled()) {
return adInfo.getId();
}
} catch (Exception e) {
Log.e("DataSafety", "Failed to get Advertising ID: " + e.getMessage());
}
return null;
}
// Implementation for encrypted data transmission
public void sendDataToServer(String deviceId) {
try {
// Use HTTPS to ensure transmission encryption
HttpsURLConnection connection = (HttpsURLConnection) new URL("https://api.example.com/data").openConnection();
connection.setRequestMethod("POST");
connection.setDoOutput(true);
// Additional encryption for device ID
String encryptedId = encryptData(deviceId);
String jsonData = "{\"device_id\":\"" + encryptedId + "\"}";
OutputStream os = connection.getOutputStream();
os.write(jsonData.getBytes(StandardCharsets.UTF_8));
os.flush();
os.close();
int responseCode = connection.getResponseCode();
if (responseCode == HttpsURLConnection.HTTP_OK) {
Log.d("DataSafety", "Data transmitted successfully");
}
} catch (Exception e) {
Log.e("DataSafety", "Data transmission failed: " + e.getMessage());
}
}
private String encryptData(String data) {
// Implement data encryption logic
// Use standard encryption algorithms like AES or RSA
return Base64.encodeToString(
cipher.doFinal(data.getBytes(StandardCharsets.UTF_8)),
Base64.DEFAULT
);
}Detailed Play Console Configuration Steps
Based on compliant technical implementation, developers need to accurately configure the Data Safety section in Google Play Console following these steps:
- Log into
Google Play Consoleand select the target app - Navigate to the
App contentmenu - Select
Data safetyoption and clickManage - Click
Nexton the overview page to start configuration - Accurately answer core questions:
- Does your app collect or share any of the required user data types? Select
Yes - Is all user data collected by your app encrypted in transit? Select
Yes - Do you provide a way for users to request data deletion? Select
Yes
- Does your app collect or share any of the required user data types? Select
- Go to the
Device or other IDssection, check the appropriate options, and clickNext - Configure device ID settings in detail:
- Is this data collected, shared, or both? Select
Collected - Is this data processed ephemerally? Select
Yes - Is this data required for your app, or can users choose whether it's collected? Select
Users can choose whether this data is collected - Why is this user data collected? Check
App functionality
- Is this data collected, shared, or both? Select
- Save configuration and submit for review
Technical Key Points and Best Practices
When addressing data safety compliance issues, developers need to pay special attention to the following technical aspects:
Data Collection Transparency: All device identifier collection must be clearly stated in the privacy policy and accompanied by appropriate user consent mechanisms in the app. Implementing dynamic permission requests to obtain explicit user authorization before collection is recommended.
Encrypted Transmission Assurance: Use TLS 1.2 or higher to ensure data transmission security. For sensitive data, additional application-layer encryption protection is advised, as shown in the code examples above.
User Control Rights: Clear data deletion pathways must be provided. The following code demonstrates how to implement user data deletion functionality:
// User data deletion implementation
public void deleteUserData(String userId) {
// Delete locally stored data
SharedPreferences preferences = getSharedPreferences("user_data", Context.MODE_PRIVATE);
SharedPreferences.Editor editor = preferences.edit();
editor.remove("device_id_" + userId);
editor.remove("user_preferences_" + userId);
editor.apply();
// Request server to delete user data
deleteDataFromServer(userId);
// Notify user of deletion completion
Toast.makeText(this, "User data successfully deleted", Toast.LENGTH_LONG).show();
}
private void deleteDataFromServer(String userId) {
// Implement server-side data deletion logic
// Use secure API calls to ensure complete data removal
}Ephemeral Data Processing: If data is only temporarily processed in memory and not persistently stored, this should be explicitly marked in declarations. This helps alleviate user privacy concerns while meeting policy requirements.
Common Issues and Solutions
During implementation, developers frequently encounter the following challenges:
Declaration and Actual Behavior Mismatch: Ensure all data transmission behaviors in the code are accurately declared in the Data Safety section. Regular code audits are recommended to check for undeclared data collection points.
Third-Party Library Data Collection: Many third-party SDKs automatically collect device information. Developers are responsible for understanding these libraries' data practices and making corresponding declarations in the Data Safety section.
Testing vs Production Environment Differences: Ensure data collection behaviors in testing environments match those in production to avoid declaration inaccuracies due to environmental variations.
Conclusion and Recommendations
Resolving Google Play Data Safety section non-compliance requires developers to work simultaneously on both technical implementation and platform declaration dimensions. Through accurate code implementation, complete data declarations, and user-friendly privacy controls, developers can not only pass reviews smoothly but also build user trust and enhance app quality.
Development teams are advised to establish systematic privacy compliance processes, including code reviews, data flow analysis, and regular policy update tracking to ensure ongoing compliance with Google Play policy requirements. Additionally, refer to Google's official documentation and help pages for the latest policy interpretations and technical guidance, such as the professional support available through the help functionality in Play Console.