目前有开发者反馈,应用在Google Play上架后被审核小组下架,提示违反个人和敏感信息政策,如下提示:
We’ve identified that your app is using an SDK or library that
facilitates the collection and transmission of installed packages
information without meeting the prominent disclosure guidelines.
If necessary, you can consult your SDK provider(s) for further information.
Next steps: Submit your app for another review
Read through the Personal and Sensitive Information policy and make
the appropriate changes to your app. Your app is using the DCloud
SDK, which is uploading users Installed Packages information without a
prominent disclosure to http://stream.dcloud.net. Prior to the
collection and transmission, it must prominently highlight how the
user data will be used, describe the type of data being collected and
have the user provide affirmative consent for such use. Your app must
handle user data securely, including transmitting it using modern
cryptography (for example, over HTTPS).
Make sure your app is compliant with the User Data policy and all
other Developer Program Policies. Additional enforcement could occur
if there are further policy violations.
Sign in to your Play Console and upload the modified, policy compliant
APK. Make sure to increment the version number of the APK.
Submit your app.
If you’ve reviewed the policy and feel this removal may have been in
error, please reach out to our policy support team. One of my
colleagues will get back to you within 2 business days.
根据谷歌应用市场反馈的信息,我们排查到应用启动时会发送请求到“http://stream.dcloud.net.cn/device/location”,查询当前设备Webview是否支持需要将标准H5定位API(navigator.geolocation)替换为5+定位API(plus.geolocation),用于解决部分设备在国内无法使用标准H5定位API的问题。
navigator.geolocation这个是H5标准的定位API,但在中国,由于谷歌定位服务被墙,导致很多Android Rom上这个API无法成功定位。
主流浏览器不存在这个问题,它们都已经修改过内核。部分国产Rom也修改了自家webview,可以让navigator.geolocation成功定位。所以这个问题只存在于部分rom的webview中。
自动替换 navigator.geolocation 为 plus.geolocation 是有性能损耗的。所以DCloud官方没有强制全部自动替换。而是在云端维护了一个白名单,根据指定rom来替换。
“http://stream.dcloud.net.cn/device/location”,这个链接请求并没有发送应用安装列表。而是根据rom情况,决定是否替换navigator.geolocation为plus.geolocation。
但谷歌市场仍然认为此请求会提交用户敏感数据,并且使用了http的非加密方式。
当然如果开发者使用了一些其他三方sdk,它们也有可能采集了应用列表信息。
为了尽快帮助开发者恢复上架,已发布新的HBulderX 版本
- 1.9.11 alpha版,该版本临时去掉自动替换navigator.geolocation为5+定位API(plus.geolocation)的逻辑。已被更新的2.0版本替代。
- 2.0 版,该版本打包时,必须选择google play store 渠道包。
在HBuilderX 2.0里,打包选择google play渠道包时,还会自动校验targetSdkVersion。避免提交时才发现targetSdkVersion不符合要求,耽误审核时间。
如果开发者仍需要定位替换功能,将标准H5定位API替换为5+定位API,可以使用以下方法进行配置,这种配置是全部替换,不是根据有问题的rom来替换:
- 创建Webview窗口时设置是否需要替换
var wv = plus.webview.create(url, 'id', { replacewebapi: { geolocation: 'alldevice' } });
- 应用首页可在manifest.json的plus->launchwebview中配置是否需要替换
//... "plus": { "launchwebview": { "replacewebapi": { "geolocation": "alldevice" } }, //... }
另不少开发者关注谷歌的新政策:8月1日前,不提供64位版本APK的应用,将无法通过谷歌play store安装在64位的Android手机上。
HBuilderX新版已经提供支持,详见:https://ask.dcloud.net.cn/article/36195
重新提交google play时注意要把alpha、beta里面的旧版全部清掉后再提交。
提交按钮为灰,不是因为64位,检查页面里其他项目是否填全或填对。