braintree_android icon indicating copy to clipboard operation
braintree_android copied to clipboard
verified publisher icon braintree

Include Data Safety info required for Play Store

Open doug-textnow opened this issue 3 years ago • 7 comments

General information

  • SDK/Library version: all
  • Environment: Production
  • Android Version and Device: All

Issue description

Developers who publish apps to the Google Play Store are required to disclose whether their app collects or shares a variety of types of data (see: https://support.google.com/googleplay/android-developer/answer/10787469) This includes data that is collected or shared by embedded 3rd-party SDKs such as Braintree. It is difficult and time-consuming to have every app author conduct their own investigation to determine which of the designated categories of data Braintree collects, and it is impossible for app authors to give authoritative answers with regard to the purposes associated with the data Braintree collects, so this really is info that Braintree must provide to Android developers who wish to integrate Braintree into their apps.

Suggested solution: Taking a similar approach to license files, include the Play Store Data Safety info in a csv or markdown file in the repo, or link to it from the repo.

doug-textnow avatar Jun 01 '22 02:06 doug-textnow

👋 @doug-textnow thanks for reaching out, and the suggestion. I'm going to leave this open while we decide the best way to make this info available (and that info entirely depends on a merchant's integration with us, since we're using CardinalCommerce's SDK for 3D Secure as an example). But in the meantime, if you need assistance completing this information, please contact Support.

hollabaq86 avatar Jun 01 '22 15:06 hollabaq86

for internal reference, ticket 1715

hollabaq86 avatar Jun 01 '22 15:06 hollabaq86

hi @hollabaq86 any news about providing that document? We are really close to the final day (20th of July) and we still don't have this data. For example, something like Branch or Firebase does:

  • https://help.branch.io/using-branch/docs/answering-the-google-play-store-privacy-questions
  • https://firebase.google.com/docs/android/play-data-disclosure

gomera avatar Jul 18 '22 19:07 gomera

@gomera at the moment we do not have an update. We're still prioritizing the effort and coordinating with our 3rd party MPI Cardinal. As @hollabaq86 mentioned our Support team will be a great resource for more information going forward.

sshropshire avatar Jul 20 '22 13:07 sshropshire

It seems that CardinalCommerce Claims this is fixed in their newest version, but apps receive the warning despite of that. See new Issue: https://github.com/braintree/braintree_android/issues/629

CC changelog: https://cardinaldocs.atlassian.net/wiki/spaces/CMSDK/pages/11862033/Cardinal+Mobile+SDK+-+Android

@sshropshire is there any way for you clarify this with CardinalCommerce as it seems partners are on a deadline now and CardinalCommerce provided the wrong information to google as we are using the version they mentioned to google.

marxhendrik avatar Dec 01 '22 10:12 marxhendrik

@marxhendrik thanks for notifying us. We're investigating the issue and we hope to report back here soon with more information.

sshropshire avatar Dec 01 '22 21:12 sshropshire

2023 still no answer!?

saraXX avatar Dec 12 '23 16:12 saraXX