Summary
Google rejected the app because third-party SDK-driven data collection or sharing is not reflected accurately in Data Safety and policy disclosures.
Google Play App Review issue
Google Play SDK disclosure rejected
Google rejected the app because third-party SDK-driven data collection or sharing is not reflected accurately in Data Safety and policy disclosures.
google play sdk disclosure rejectedgoogle play sdk data collection rejectionthird party sdk google play rejection
Fix Google Play review issues before the next submission
Use LogicSpring to run a free precheck, regenerate the right policy or disclosure pack, and shorten the loop from rejection notice to resubmission.
What this means
Google sees or infers vendor data practices that your current store disclosures do not capture.
This is common for analytics, ads, attribution, auth, support, and AI model telemetry SDKs.
Even if the app team does not actively call every SDK path, the shipped dependency still matters.
Common causes
- The SDK inventory is incomplete or maintained separately from the policy and Data Safety workflow.
- The form omits identifiers, diagnostics, app activity, or sharing behaviors triggered by SDKs.
- The policy mentions vendors generically without describing the actual data categories involved.
Step-by-step fix
- Step 1
Rebuild the shipped SDK inventory from the release branch and verify data categories against vendor docs and config.
- Step 2
Update Data Safety answers and policy sections from that same inventory.
- Step 3
Remove nonessential SDKs where disclosure cost and rejection risk outweigh release value.
What to update
- SDK inventory
- Data Safety form
- Privacy Policy vendor sections
- Release checklist
How LogicSpring helps
- LogicSpring keeps SDK inventory and policy/disclosure generation tied to the same project.
- Precheck highlights likely disclosure gaps caused by third-party dependencies.
- You can turn vendor inventory into cleaner store-facing content without hand-editing every field.
FAQ
Can I resubmit to Google Play without changing the binary?
Only for pure listing or form corrections. If the shipped build still requests the wrong permission, bundles the wrong SDK, or behaves inconsistently, resubmitting the same build is risky.
What evidence should I prepare before resubmitting?
Prepare the updated public policy URL, the exact store fields you changed, screenshots for permission or disclosure flows where relevant, and a short reviewer note explaining what changed and why it now matches the app.
Should the privacy policy, store form, and in-app disclosure all match?
Yes. Review teams compare these surfaces together. If one says you collect or disclose something and another says you do not, the mismatch itself often becomes the next rejection.