Recently, I've been getting a security warning in my Google developer console's Pre-launch report's security tab after uploading the apk. This is the issue:
Sending Device Identifiers Detected in APK (List of APKs)... Your app is using device identifiers (IMEI, MAC address, Build Serial, etc.) and sending identifier data to a remote network address. This issue is commonly (but not only) found in apps using an outdated Advertising SDK. To stop receiving this warning, try updating or changing any SDKs or code in your app that may be using device identifiers. Sending device identifiers is not a best practice for most use-cases and if you're using this identifier for advertising purposes, this may be a violation of Google Play policies and can affect your app’s visibility on the Play Store. To get recommendations on how your app can use identifiers, learn about unique identifier best practices.
I'm using the Appsflyer sdk in my project to register user events, tracking installs and uninstalls etc., I'm also using the latest sdks for this. When I remove this sdk, the security issue doesn't show up in the pre-launch report. When I contacted Appsflyer support team, they mentioned not to use the functions that send IMEI and Android Id data using their API calls, which I didn't include in first place. And also not to include READ_PHONE_STATE permission, which I removed and uploaded to play store again, which resulted in the Security issue.
They also made sure that atleast one device identifier, GAID, Android ID or IMEI, MUST be collected to allow for proper attribution. In their newer SDK versions, the GAID or Google AID is collected automatically and does not require any specific action on my part.
Is this the reason for the security warning?
Any help is appreciated. Thanks in advance.
I contacted the support team of AppsFlyer and they solved my problem, the solution is basically removing the recollection of IMEI, option that seems to be enabled by default, this is done by placing:
AppsFlyerLib.getInstance().setCollectIMEI(false);Just above Appsflyer.startTracking call in your OnCreate of the MainActivity (or wherever in the app you've placed the startTracking call)
In my case I was using the segment integration so I placed this just above this line:
Analytics.setSingletonInstance(analyticsBuilder.build());Hopefully this will help you, otherwise I'd suggest you to contact the support team, they answered me really fast