how to resolve Issue: Invalid Data safety form

Question

despite the fact that my app has nothing to do with users data security (a simple credit calculation app), every time I publish it on the Google Play console, I get this message:

build.gradle(:app):

plugins {
    id 'com.android.application'
}
android {
    namespace '***************************'
    compileSdk 34

    defaultConfig {
        applicationId "***********************************e"
        minSdk 24
        targetSdk 34
        versionCode 8
        versionName "1.0"
        testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
    }
    buildTypes {
        release {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
        }
    }
    compileOptions {
        sourceCompatibility JavaVersion.VERSION_1_8
        targetCompatibility JavaVersion.VERSION_1_8
    }
    //buildToolsVersion '30.0.3'
    buildFeatures {
        viewBinding true
    }
}
dependencies {
    implementation 'com.google.android.gms:play-services-ads:22.6.0'
    implementation 'androidx.appcompat:appcompat:1.6.1'
    implementation 'com.google.android.material:material:1.11.0'
    implementation 'androidx.constraintlayout:constraintlayout:2.1.4'
    testImplementation 'junit:junit:4.13.2'
    androidTestImplementation 'androidx.test.ext:junit:1.1.5'
    androidTestImplementation 'androidx.test.espresso:espresso-core:3.5.1'
}

Please, tell me where do you see the user data breach, and help me how to solve this problem. thanks to all

Answer 1

The problem is directly related to the SDK version used:

Instead of version 34, use version 33 of the SDK (of course in the build.gradle(app) file) and of course the dependency com.google.android.gms:play-services-ads:22.3.0 instead of com.google.android.gms:play-services-ads:22.6.0. And that’s it. Do not hesitate to put your solutions. Thank you all.

Answer 2

Going back to SDK 33 will be a temporary solution. If you decide to update your app after ~September 2024 you will have to increase it to SDK 34 as it will be mandatory for updates and new apps(new apps a bit earlier).

We received the same rejection reason for our app when a target SDK 34 build was submitted. The changes around targeting SDK 34 were

• increase Gradle to 8.x
• increase AGP to 8.x
• update Google Billing Lib from 5.2.0 to 5.2.1(supports SDK 34)
• transition from ProGuard to R8
• update build system JDK from 11 to 17

No changes to how data was processed so the rejection did not make much sense. Added to that is the fact that the rejection message does not include list of offending libraries. So we decided to

• upload new build from last release with target SDK 33
• upload new build for the target SDK 34

No code changes were done. The target SDK 33 build was approved within 30-60 min. The target SDK 34 build took 2 days and was approved.

My suggestion is to try again for you and anyone who has a similar use-case. If however new libraries are introduced you should check what data is collected there from the respective documentations and go again through the Data Safety questions.