User Data policy

Data Safety: Incomplete or Inaccurate Data Safety Form

High RiskMedium Difficulty0 Reports
Also known as:Missing SDK data disclosures (Firebase Analytics, AdMob, Crashlytics)Undeclared collection of Android Advertising ID or device identifiersIncorrect data deletion claims when data is retained by third-party servicesMissing encryption-in-transit declarations for data sent to external servers

Our Take

Your app's Data Safety section does not accurately reflect the app's data collection, sharing, or processing practices. Google Play requires that the Data Safety form declarations match the actual behavior of your app and all integrated third-party SDKs. Common causes include undeclared data collection by analytics, advertising, or crash reporting SDKs.

Resolution Guide

01

**Audit all SDKs** — Review every third-party SDK in your app (Firebase, AdMob, Facebook SDK, Crashlytics, etc.). Each SDK's documentation lists what data it collects. Google provides a [guide to common SDKs and their data types](https://developer.android.com/guide/topics/data/audit-logging).


02

**Enable data access auditing** — Use Android's data access auditing APIs (`AppOpsManager.OnOpNotedCallback`) to detect runtime data access you may have missed.


03

**Update your Data Safety form** — In Google Play Console → App content → Data safety, declare every data type collected, whether it's shared, whether it's optional, and the purposes.


04

**Declare encryption** — If your app transmits data over HTTPS (most apps do), declare that data is encrypted in transit.


05

**Handle data deletion** — If you declare that users can request data deletion, ensure you actually support it — including requesting deletion from third-party services.


06

**Preview before submitting** — Use the Data Safety preview in Play Console to verify how your declarations will appear to users.


07

**Re-submit** — After updating the form, re-submit your app for review.


Example Rejection Email

From:Google Play Developer Support
Subject:Policy violation - Data Safety: Incomplete or Inaccurate Da
Issue found: Data safety form We reviewed your app's Data Safety section and found discrepancies between your declarations and the app's actual behavior. Specifically, your app collects Device or other identifiers through integrated SDKs (e.g., Firebase Analytics, AdMob) but this data type is not declared in your Data Safety form. Action required: Update your Data Safety form in the Google Play Console to accurately reflect all data collected, shared, and processed by your app, including data handled by third-party SDKs.

Before & After

Before — Rejected

Data Safety form declares 'No data collected' while the app includes Firebase Analytics, AdMob, and Crashlytics SDKs that collect device identifiers and usage data

After — Approved

Data Safety form accurately declares: Device identifiers (collected by Firebase/AdMob), Crash logs (collected by Crashlytics), App interactions (collected by Firebase Analytics), with purposes and data sharing details for each

What changed: Every SDK in your dependency tree must be audited — the Data Safety form must reflect the combined data practices of your code and all third-party libraries

Community Solutions · 0

Sign in to share your solution.