Two days ago, one of my friends in the EVA developer exchange group said that he received an email from Google Play and the APP was rejected. The reason is thatIn violation of the malicious behavior policy, the Tencent TBS SDK used in the app contains code for downloading executable code (such as dex, JAR and.so files) from sources other than Google Play.Tencent officials have long advised on this,Click here to view.Today we’re going to talk about Google Play’s malicious behavior policy. Here’s what the official explanation is:

We do not allow apps to steal data, spy on users, harm users, or otherwise engage in malicious behavior.





For apps distributed through Google Play, the app itself may not be modified, replaced, or updated by any means other than the Google Play update mechanism. Similarly, apps must not download executable code (such as dex, JAR, and.so files) from sources other than Google Play.

1. Modify, replace or update the app itself by any means other than the Google Play update mechanism

Alipay has made this mistake before:Alipay officials said the reason for the removal of Google’s email notification was that the Android version of the Alipay APP has an upgrade function. According to Google’s newly revised rules, apps uploaded to the Google Play market are not allowed to be upgraded by themselves, and can only be upgraded through Google Play.

This rule makes sense. If every APP updates itself with automatic updates, then the approval of the APP store will be meaningless. Developers can simply put a malicious APP on the market with no malicious features, and then install malicious code on the user’s phone with automatic updates.

2. Download executable code from sources other than the Google Store (such as dex files or native code)

Remote code execution poses serious security and privacy risks. At any time, the server owner may change the behavior of the application.

According to the experience of some developers, the use of illegal SDKS will be directly removed or rejected, and the subsequent adjustment costs are quite large, and may even lead to the termination of the developer account and bear economic losses.

The most common SDK types on the market include login sharing, payment, push, AD monetization, and statistics. EVA Data compiled a list of SDKS that have been “named” by Google Play.

1. AltaMob, advertising realization

www.altamob.com/



2. Tencent TBS, browsing service

X5.tencent.com/tbs/index.h…

3. Tencent Bugly, abnormal reporting and operation statistics service

bugly.qq.com/v2/



4. AMAP, Location and Maps (GooglePlay SDK available on the website)

lbs.amap.com/api



5. BatMobi, advertising realization

www.batmobi.net/index



YeahMobi, Advertising Realization class

cn.yeahmobi.com/



7. Moplus, push class, developed by Baidu

8. Mi SDK, advertising realization class

www.youmi.net/



Note: It’s best to check the official documentation before using a third-party SDK to find out if Google Play is supported. If the APP does not want to be affected by the third-party SDK, there are two ways to solve the problem: one is to require the third-party to modify the SDK, the other is to change a clean one.

Do not abuse the SDK. It is recommended to delete the SDK that is no longer used. Misuse of SDK containing malicious behavior may lead to direct removal of the app or even closure, we hope developers pay attention to it.

Did you step on the SDK? Welcome to group communication.

– E N D –


—— concerns us ——
At present, the number of online applications in Google Play App Store has exceeded 3.2 million, and the annual distribution of applications has exceeded 119 billion downloads in 19 years. EVA data provides accurate application data support and ASO optimization tools for overseas developers, helping developers get more high-quality traffic!


Follow us (evaaso_com)
Official number: EVA data
Official website: www.evaaso.com
All-around help sea players grow up quickly