Google Play privacy policy when not actuvally using any users information

Question

First of all - I am really sorry for my english.

So, recentlty I've recieved an email from Google saying that my application "violates our User Data policy regarding Personal and Sensitive Information". The thing is, my application includes only these permissions:

<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="com.android.vending.BILLING" />

But in generated manifest I can see 2 more of them:

<android:uses-permission android:name="android.permission.READ_PHONE_STATE" />
<android:uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />

The only library I use is admobs one, by including compile 'com.google.android.gms:play-services-ads:+' into the gradle file.

The question is how can I resolve this issue. Either by somehow removing this permission or providing some dummy privacy policy template for admob users (I guess thousands of developers around the world faced the same issue but here is not that many topics and none of them were helpfull).

Answer 1

Read phone state is a sensitive permission which triggers the requirement of a Privacy Policy for your app.

You can fix this by either removing the read phone state permission or by adding a Privacy Policy to your listing page.

That said, note that AdMob requires you to have a Privacy Policy because AdMob serves interest-based ads to users through your app.

At the very least, you need inform users about the use of interest-based ads through your app and how users can opt-out. From the "Interest-based advertising" section of the AdMob Policies page: