Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Google Play Console Notice - CardinalComm SDK 60 Warning Template - Id Bridging #95

Open
fahad86 opened this issue Dec 1, 2022 · 3 comments
Open

Google Play Console Notice - CardinalComm SDK 60 Warning Template - Id Bridging #95

fahad86 opened this issue Dec 1, 2022 · 3 comments

Comments

@fahad86
Copy link

fahad86 commented Dec 1, 2022
edited
Loading

Email from Google Play console:

Subject: CardinalComm SDK 60 Warning Template - Id Bridging

Hi Developers at XX,

After a recent review, we found that your app XXX is not compliant with one or more of our Developer Program Policies. Please resolve this issue within 60 days of the issuance of this notification or your new releases may be rejected or the app may be removed from Google Play. See below for more information about your app’s status and how to correct the issue.

Issue with your app

Your app is using the Cardinal Mobile SDK which collects persistent device identifiers, but may not be limited to Android ID and hardware IDs. Persistent device identifiers may not be linked to any other personal and sensitive user data and/or resettable device identifiers (e.g., IMEI, IMSI, SIM Serial #, etc).

You may consider upgrading to a policy-compliant version of this SDK, if available from your SDK provider or removing the SDK. According to your SDK provider, you may consider upgrading to 2.2.7-2. Please consult the SDK provider for further information. Google is unable to endorse or recommend any third party software.
@appstart-lt
Copy link

We are experiencing the same issue on one of our projects. Google Play sent us the same email this morning.
Our project uses the latest version (1.1.3), and it's been on Google Play for a long time, but it appears that, for some reason, Google started notifying developers recently.
Has anyone been able to resolve it yet?

@PhilipBrew
Copy link

Got the same email this morning but unable to resolve yet.

@krizzu
Copy link

krizzu commented Dec 1, 2022

That's because the sub-dependency of Braintree (Cardinal Mobile SDK) was validating Google policies. They released a version with a fix. Since this package is not actively maintained, I'd not expect any updates soon.

You can override the version that this package is using by adding resolution strategy to your gradle builds script.

In your project, open android/app/build.gradle and add configuration block:

configurations.all {
    resolutionStrategy.eachDependency {
        if (requested.group == "org.jfrog.cardinalcommerce.gradle" && requested.name == "cardinalmobilesdk") {
            useVersion("2.2.7-2")
            because("user data consent per Google's Data Safety Policy")
        }
    }
}

you can confirm it has been replaced by running dependency task in android directory: ./gradlew app:dependencies.
In displayed dependency tree, look for org.jfrog.cardinalcommerce.gradle package.
It should say org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.5-2 -> 2.2.7-2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fahad86 @krizzu @appstart-lt @PhilipBrew