User Data policy
Data Safety: Incomplete or Inaccurate Data Safety Form
Our Take
Your app's Data Safety section does not accurately reflect the app's data collection, sharing, or processing practices. Google Play requires that the Data Safety form declarations match the actual behavior of your app and all integrated third-party SDKs. Common causes include undeclared data collection by analytics, advertising, or crash reporting SDKs.
Resolution Guide
**Audit all SDKs** — Review every third-party SDK in your app (Firebase, AdMob, Facebook SDK, Crashlytics, etc.). Each SDK's documentation lists what data it collects. Google provides a [guide to common SDKs and their data types](https://developer.android.com/guide/topics/data/audit-logging).
**Enable data access auditing** — Use Android's data access auditing APIs (`AppOpsManager.OnOpNotedCallback`) to detect runtime data access you may have missed.
**Update your Data Safety form** — In Google Play Console → App content → Data safety, declare every data type collected, whether it's shared, whether it's optional, and the purposes.
**Declare encryption** — If your app transmits data over HTTPS (most apps do), declare that data is encrypted in transit.
**Handle data deletion** — If you declare that users can request data deletion, ensure you actually support it — including requesting deletion from third-party services.
**Preview before submitting** — Use the Data Safety preview in Play Console to verify how your declarations will appear to users.
**Re-submit** — After updating the form, re-submit your app for review.
Example Rejection Email
Before & After
Data Safety form declares 'No data collected' while the app includes Firebase Analytics, AdMob, and Crashlytics SDKs that collect device identifiers and usage data
Data Safety form accurately declares: Device identifiers (collected by Firebase/AdMob), Crash logs (collected by Crashlytics), App interactions (collected by Firebase Analytics), with purposes and data sharing details for each
What changed: Every SDK in your dependency tree must be audited — the Data Safety form must reflect the combined data practices of your code and all third-party libraries
Community Solutions · 0
Sign in to share your solution.