Your app … version code 16 includes the Start.io SDK version , either directly or via another SDK that your app depends on.
Start.io has acknowledged it previously sold device location data collected via its SDK. An app’s use of an SDK which collects and sells personal and sensitive user data from the app is a violation of Play’s User Data policy which prohibits the sale of such data (regardless of whether the end user gives consent for collection of this data).
Additionally, this SDK version requests device location data by default, without any programmatic method to verify that end user consent information has been obtained by the app. In cases where users may not reasonably expect that their personal and sensitive user data will be required to provide or improve the policy compliant features or functionality within your app, you must provide an in-app disclosure of your data access, collection, use, and sharing. As a result, because this SDK enables collection without checking for the consent, using this SDK version can result in your app violating the disclosure and consent and / or approved purpose requirements of Google Play’s User Data and Permissions and APIs that Access Sensitive Information policies.
Accordingly, use of an SDK violating our policies may leave you subject to additional enforcement including removal from the Play Store and new app submissions using this version to be blocked from release.
IMPORTANT: TAKE ACTION NOW TO REDUCE RISK OF VIOLATIONS
- Note that Start.io has informed Google that it has ceased the sale of device location data and will no longer sell such data going forward. You must ensure that your app does not sell personal and sensitive user data in violation of Play policies directly, or via any third-party services (including SDKs).
- Review your app behavior to ensure that your app accesses, collects, uses, and shares (including with SDKs) device location only for approved purposes and in compliance with the applicable prominent disclosure and consent requirements of the above-mentioned policies. Do not enable SDK data collection if it violates these requirements. Review your app behavior to ensure compliance with these policies by November 22, 2022 midnight (UTC). If determined to be in violation, your app may be subject to enforcement at any time including suspension from the Play Store and new app submissions being blocked from release.
- If the SDK collects device location in order to serve policy compliant ads, the app must have a primary user facing feature that utilizes device location, which may never be acquired for the sole purpose of serving ads.
- If your app meets the above-mentioned policy requirements, you are strongly recommended to move to an alternative SDK or version which includes the appropriate technical mechanism to ensure that end user consent information collected by apps is honored. According to your SDK provider, you may consider upgrading to 4.10.1. Please consult the SDK provider for further information. Google is unable to endorse or recommend any third party software.