hms-flutter-plugin
hms-flutter-plugin copied to clipboard
HMS-Core
Google Play Device and Network Abuse policy
Hello Team,
Today I've received email from Google with following words:
Your app contains content that doesn’t comply with the Device and Network Abuse policy. We found your app is using a non-compliant version of Huawei Mobile Services SDK which contains code to download or install applications from unknown sources outside of Google Play.
After 120 days, new app releases containing this non-compliant version of this SDK will be rejected. This SDK version violates Device & Network Abuse policy.
About the Device and Network Abuse policy
An app distributed via Google Play may not modify, replace, or update itself using any method other than Google Play's update mechanism. Likewise, an app may not download executable code (e.g. dex, JAR, .so files) from a source other than Google Play. Please note that you are responsible for all aspects of your app; by using an SDK in your app, you are responsible for how that SDK behaves within your app.
Our flutter apps have HMS/GMS support and they select corresponding service in runtime - and there are was no claims from Google till today. Now we need to resolve the issue within 120 days. Currently only barcode scan, push and location services from HMS are used
Do you have any suggestions how to proceed?
PS: Currently we don't use any in-app-update functionality from HMS.
Best Regards, Vladimir Kormin
Thank you for providing the information regarding this issue. We are very sorry that it brings you inconvinience and are now investigating the root cause of it.
Could you kindly help us with some information to locate this issue?
1.pls leave your APPID, app name and package name.
2.which HMS Core Kit are you integrate and what was the version numbers?
3.whether configured the following metadata in your app?
<meta-data
android:name="com.huawei.hms.client.channel.androidMarket"
android:value="false" />
- Package name: com.rtc.servicedesk, app name: "ATM Service Desk", AppID: 4975233938527623628 Google Play url: https://play.google.com/store/apps/details?id=com.rtc.servicedesk (must be available in China)
- HMS core kit version: how to check which version is used? build.grudle contains following lines:
classpath 'com.huawei.agconnect:agcp:1.4.2.301'
...
maven { url 'https://developer.huawei.com/repo/' }
- There is no such lines in manifest. Should I add them? And if yes, will the app continue to work on regular Android devices with GMS? We have in-app-update for GMS devices
I got the same message today.
https://play.google.com/store/apps/details?id=com.wind_method Never Relapse Again Package name: com.wind_method App ID: 104882507
build.gradle
maven { url 'https://developer.huawei.com/repo/' }
...
classpath 'com.huawei.agconnect:agcp:1.5.2.300'
pubspec.yaml
huawei_account: ^6.1.0+302
@adrianvintu @vkormin Your request has been received. We are aware of this issue and are currently investigating. Your application experience won't be affected at this time and we will continue to update you on solutions. Thanks for your understanding and support.
Same here and upon appeal request i got this reply
During review, we found that your app causes users to download or install apps from unknown sources outside of Google Play, which is not compliant with our Device and Network Abuse policy:
An app distributed via Google Play may not modify, replace, or update itself using any method other than Google Play's update mechanism. Likewise, an app may not download executable code (e.g. dex, JAR, .so files) from a source other than Google Play. Please note that you are responsible for all aspects of your app; by using an SDK in your app, you are responsible for how that SDK behaves within your app. Apps and app listings on Google Play must not provide any means to activate or access functionality that violate these terms, such as linking to a non-compliant APK hosted outside Google Play. You can read through the Device & Network Abuse policy page for more details and examples of common violations.
For example, your app (Production Track version code:38) is using Huawei Mobile Services SDK or library, which causes users to download or install applications from unknown sources outside of Google Play.
Action required: Submit an updated app within 120 days
What information do you mean? Is it there is setting need to do at Hua Wei developer profile?
This is the message displayed at google play console
error Implicit pending intent Your app contains an implicit pending intent vulnerability. Please see this Google Help Centre article for details.
com.huawei.hms.push.o.e
Your issue is different from theirs.
If you met "implicit pending intent vulnerability" problem on com.huawei.hms.push.o.e, you can update push SDK to 6.3.0.302 or above.
I'm glad the update can fix "implicit pending intent vulnerability" problem but i'm also facing the same issue as stated in my first post
Hi @Xuejiao-Shi,
It looks Huawei has released new versions for their native SDKs probably including a fix for this issue: From release note: "Deleted the capability of prompting users to install HMS Core (APK)."
Is there a timeline for Flutter plugins' updates?
Since it's not clear from the previous comments in this issue, I just want to ask huawei_hmsavailability plugin also violates this policy, and should it be updated?
ps. This repo depends on HMS Base 5.2.0:300.
Thanks
Hello all, So far, we have updated Safety Detect, IAP, Health, FIDO, Push, Account, Ads, Analytics, Map, Location, Site, ML Body, ML Text, ML Language, ML Image and Base (HMS Availability) plugins to the related versions that "delete the capability of prompting users to install HMS Core (APK)". You can find the latest versions on pub.dev.
Thank you all for your interest in our plugins.
Update: Note: If you have confirmed that the latest SDK version is used, before submitting a release to Google, please check the apks in all Testing track on Google Play Console(including Open testing, Closed testing, Internal testing). Ensure that the APKs on all tracks(including paused track) have updated to the latest HMS Core SDK.
same proplem Issue details
We found an issue in the following area(s):
Version code 4: SDK: Github Updater SDK
Hello @assadig2 Can you please share the packages you used in your app with their versions?
https://play.google.com/store/apps/details?id=com.wz.wz2023
في الجمعة، ٣ نوفمبر ٢٠٢٣, ٤:٤٦ م Bengisu @.***> كتب:
Hello @assadig2 https://github.com/assadig2 Can you please share the packages you used in your app with their versions?
— Reply to this email directly, view it on GitHub https://github.com/HMS-Core/hms-flutter-plugin/issues/175#issuecomment-1792376860, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATTQDASPITOEGHVT3KNSGD3YCTRS7AVCNFSM5Q6MOLV2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCNZZGIZTONRYGYYA . You are receiving this because you were mentioned.Message ID: @.***>
Welcome Thank you for your cooperation The packages and versions are attached to your email
https://www.4shared.com/s/fxLKz4mQege
في الجمعة، 3 نوفمبر 2023 في 4:46 م تمت كتابة ما يلي بواسطة Bengisu < @.***>:
Hello @assadig2 https://github.com/assadig2 Can you please share the packages you used in your app with their versions?
— Reply to this email directly, view it on GitHub https://github.com/HMS-Core/hms-flutter-plugin/issues/175#issuecomment-1792376860, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATTQDASPITOEGHVT3KNSGD3YCTRS7AVCNFSM5Q6MOLV2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCNZZGIZTONRYGYYA . You are receiving this because you were mentioned.Message ID: @.***>