Two days ago, one of my friends in the EVA developer exchange group said that he received an email from Google Play and the APP was rejected. The reason is thatIn violation of the malicious behavior policy, the Tencent TBS SDK used in the app contains code for downloading executable code (such as dex, JAR and.so files) from sources other than Google Play.Tencent officials have long advised on this,Click here to view.Today we’re going to talk about Google Play’s malicious behavior policy. Here’s what the official explanation is:
We do not allow apps to steal data, spy on users, harm users, or otherwise engage in malicious behavior.
For apps distributed through Google Play, the app itself may not be modified, replaced, or updated by any means other than the Google Play update mechanism. Similarly, apps must not download executable code (such as dex, JAR, and.so files) from sources other than Google Play.
1. Modify, replace or update the app itself by any means other than the Google Play update mechanism
Alipay has made this mistake before:Alipay officials said the reason for the removal of Google’s email notification was that the Android version of the Alipay APP has an upgrade function. According to Google’s newly revised rules, apps uploaded to the Google Play market are not allowed to be upgraded by themselves, and can only be upgraded through Google Play.
This rule makes sense. If every APP updates itself with automatic updates, then the approval of the APP store will be meaningless. Developers can simply put a malicious APP on the market with no malicious features, and then install malicious code on the user’s phone with automatic updates.
2. Download executable code from sources other than the Google Store (such as dex files or native code)
Remote code execution poses serious security and privacy risks. At any time, the server owner may change the behavior of the application.
According to the experience of some developers, the use of illegal SDKS will be directly removed or rejected, and the subsequent adjustment costs are quite large, and may even lead to the termination of the developer account and bear economic losses.
The most common SDK types on the market include login sharing, payment, push, AD monetization, and statistics. EVA Data compiled a list of SDKS that have been “named” by Google Play.
1. AltaMob, advertising realization
www.altamob.com/
2. Tencent TBS, browsing service
X5.tencent.com/tbs/index.h…
3. Tencent Bugly, abnormal reporting and operation statistics service
bugly.qq.com/v2/
4. AMAP, Location and Maps (GooglePlay SDK available on the website)
lbs.amap.com/api
5. BatMobi, advertising realization
www.batmobi.net/index
YeahMobi, Advertising Realization class
cn.yeahmobi.com/
7. Moplus, push class, developed by Baidu
8. Mi SDK, advertising realization class
www.youmi.net/
Note: It’s best to check the official documentation before using a third-party SDK to find out if Google Play is supported. If the APP does not want to be affected by the third-party SDK, there are two ways to solve the problem: one is to require the third-party to modify the SDK, the other is to change a clean one.
Do not abuse the SDK. It is recommended to delete the SDK that is no longer used. Misuse of SDK containing malicious behavior may lead to direct removal of the app or even closure, we hope developers pay attention to it.
Did you step on the SDK? Welcome to group communication.
– E N D –