今天在搜一个已经在 Google Play 发布了快 2 年的安卓应用时,发现搜索不到了,去看了下绑定的邮箱才发现已经被 Google Play 下架了,原因是一些涉及获取一些敏感的隐私问题,当然不是我的 APP 获取的,而是 APP 中集成的百度地图 SDK 的问题,这里分享下问题和解决办法。
一、App 被 Google Play 移除
收到了一封来自 Google Play 的邮件警告:
After review,****** has been removed from Google Play due to a policy violation. This app won’t be available to users until you submit a compliant update.
Issue: Violation of the Permissions and Personal and Sensitive Information policies
We’ve identified that your app is using the Baidu SDK, which has been determined to access user or device data for undisclosed, unimplemented, or disallowed features or purposes.
Data from sensitive permissions (for example IMEI derived from the READ_PHONE_STATE) is being transmitted or read by your app in a manner that is disallowed. Apps may only handle sensitive user data in which the corresponding permission has been granted on that device for that individual app, and where the user has directly consented to that individual app’s access and use.
Furthermore, use of permissions (including READ_PHONE_STATE) must be related to the core functionality of your app. If your app does not require this permission, please remove it.
We have also determined that the use of this sensitive data is subject to prominent disclosure (and consent) requirements. Provided your app 1) has core functionality requiring access to READ_PHONE_STATE, 2) never transmits READ_PHONE_STATE (and other sensitive permissions based data) for use in other apps, 3) never accesses Permissions protected sensitive device data in an unauthorized manner; your app must fulfill the prominent disclosure and consent requirements prior to accessing and handling this data. Further, the handling of this data must also be clearly described in your Privacy Policy.
简而言之就是 App 中用的百度 SDK 用了一些本来不需要用的权限(READ_PHONE_STATE),这个权限可以得到用户的很隐私的数据,如设备码等等,所以你不解决这个问题,你的 App 就要被移除了。然后我一直没看到这个警告邮件,于是 App 就被移除了,自然也就搜不到了。
二、解决方案
去网上搜了下解决方案,有人说把百度地图 SDK 换成高德地图 SDK 就好了,但是这个改动有点大。
无意中发现百度地图 SDK 在 9 月 23 日发布了新的版本 V6.0.0:
虽然在更新日志里没写权限问题,但是还是决定试一下,一顿操作猛如虎,更新了 jar 包和 so 文件,然后把 AndroidManifest.xml 里的相关权限(<uses-permission android:name="android.permission.READ_PHONE_STATE" />
)删了,动态权限获取那里也删了,Run 了一下,新的 SDK 确实可以不依赖这个权限跑了。
然后就是发布了一个新的版本,等 Google Play 通知吧。。