There's been an uptick among Android developers receiving warnings from the Google Play team. The issue appears to be crash reporting, which is a common feature developers build into apps. Google now seems to be of the opinion that most crash reports count as sensitive data, and developers have to include a "Prominent Disclosure." Affected developers are getting 30 days to implement a fix and resubmit, but as usual, Google's violation email is light on details.

Here's the (redacted) email posted to the /r/androiddev subReddit, which several other devs report receiving in the last few days.

This is a notification that your application, XXXXXXXXXXXXX, with package ID xxxxxxxxxxxxxxx, is currently in violation of our developer terms. Your app is collecting user data via crash reporting and must comply with the Prominent Disclosure Requirement of our User Data policy.

Action required: Please make modifications to bring your app into compliance within 30 days of the issuance of this notification, or your app will be removed. You may want to consider adding a dialog notifying users of user data collection during crash reporting to ask their consent before the collection occurs.

Most devs seem to have been under the impression that collecting crash data did not require a Prominent Disclosure in the past. A privacy policy in the app settings or Play Store description was sufficient for crash reports. This new wave of email warnings seems to indicate Google now considers most forms of crash data to be sensitive, and that means the app needs affirmative consent to collect crash reports. According to the dev policy, sensitive data is "personally identifiable information, financial and payment information, authentication information, phonebook or contact data, microphone and camera sensor data, and sensitive device data."

It's possible Google has just reevaluated what it considers to be personally identifying or sensitive data, or there could be some specific policy change in the works. Crash reports may also be considered personal data under the EU's new GDPR statutes. This is just speculation, but the new focus on data privacy might even be a response to the Cambridge Analytica scandal. In any case, developers should take a look at how they handle crash reporting.

Source: Reddit