Solving the “Families Policy Requirement” Rejection in Android PlayStore

heri sulistiyanto
2 min readAug 16, 2023

--

Photo by Denny Müller on Unsplash

A recent challenge many Android developers have faced is the consistent rejection of apps from the PlayStore, particularly concerning the “Families Policy Requirement.” This policy insists that apps targeting children must not transmit specific identifiers, including Android advertising identifier (AAID), SIM Serial, Build Serial, and more.

The problem faced by many developers, including us, was that the solutions available were often not sufficient to meet Google’s requirements, leading to back-and-forth communications and repeated rejections. In our case, we stumbled upon an unexpected connection between this requirement and the Facebook SDK.

The Challenge

One of the dependencies which automatically includes the ads permission is from Firebase refer to this release notes: https://firebase.google.com/support/release-notes/android#analytics_v20-1-1

Unfortunately, it will cause an issue that we facing according to this policy guideline :
https://support.google.com/googleplay/android-developer/answer/6048248

So we remove the permission from our AndroidManifest by adding these lines:

<uses-permission
android:name="com.google.android.gms.permission.AD_ID"
tools:node="remove" />

Despite removing the permissions for AD_ID, our app was still being rejected. Even after double-checking the Gradle dependency trees for any suspicious ad-related dependencies, we couldn’t find the culprit.

A Surprising Discovery

Google explicitly mentioned that the transmission was related to Facebook. Upon investigating our dependencies, including the Facebook SDK, we found that no suspicious connections seemed related to ads.

However, a deeper look at the code inside the Facebook SDK revealed the use of Reflection to collect AdvertisingIdClient. This was causing the app to transmit data related to advertising, thus violating the Families Policy Requirement.

Here’s the specific part of the code:

The Solution

After reading the source code thoroughly, we found the way to opt-out of the ads ID collection:

<meta-data
android:name="com.facebook.sdk.AdvertiserIDCollectionEnabled"
android:value="false" />

Adding the above line to our AndroidManifest file finally made our app comply with the family policies 👏.

Conclusion

The lack of transparency and clear guidance from Google can make resolving such issues time-consuming and challenging. In our case, understanding the Facebook SDK’s internal workings and employing a small yet crucial change to our manifest was the key to success.

For developers facing similar challenges, it is essential to consider not only the explicit dependencies but also potential hidden connections that might violate the policy requirements.

Our journey teaches us that sometimes, the answers lie in the deeper layers of code, waiting to be discovered. With perseverance and attention to detail, the solutions are there to be found.

If you find this article helpful, please give your warmest clap 👏.

--

--