androidpolicynetwork-traffic

Google Play Issue found: Invalid Encryption Declaration on your Data safety form


I recent uploaded a new adb to Google Play and got the following message: Issue found: Invalid Encryption Declaration on your Data safety form

You have declared that user data is encrypted in transit in your app’s Data safety form and we’ve detected unencrypted network traffic that may carry user data off device.

Issue details

We found an issue in the following area(s):

SPLIT_BUNDLE *******: Policy Declaration - Data Safety Section: "http://insight.adsrvr.org"

I have tried to check if all my connections are in https with Android Studio tool -> App Inspection -> Network Inspector . And could not find any http connection going out from my app.

My app always declared on network-security-config: <domain-config cleartextTrafficPermitted="false"> <domain includeSubdomains="true">************</domain> </domain-config> <debug-overrides> <trust-anchors> <!-- Trust user added CAs while debuggable only --> <certificates src="user" /> </trust-anchors> </debug-overrides>

Is there any way for me to check any unencrypted network traffic from my app or any third party sdk more carefully?


Solution

  • I received the same message and after wasting time looking for the infringing code, I realized that the report was about an older version of the app. Somehow, our latest release still included an older APK intended for older devices. To resolve the problem, I had to edit the release, remove the older package, and resubmit for review.