Updates to one of our apps was being blocked by Google Play console.
Initially, in the developer console, there was a Policy Declaration we had to make, stating the reason for adding a particular sensitive permission - in this case, REQUEST_INSTALL_PACKAGES permission.
There was a form to appeal the rejection, but submitting that just gave a generic reply saying the appeal was rejected.
The Moodle app's repository meanwhile mentioned this issue, and gave a fix - https://tracker.moodle.org/projects/MOBILE/issues/MOBILE-4134?filter=doneissues
But even after uploading a version of the app with these fixes, the same generic automated rejection of the update. Then I tried the "reaching out to our policy support team" link at the bottom of the email.
It was not very clear where exactly I should reach out to the policy support team in this screen, but I guessed it was via the arrow to the right of the "Appeals" section. I specifically mentioned that this permission had been removed, but the "policy declaration" could not be removed - there is no provision on the console to do that.
Again I got a template email as a reply saying "we are unable to approve your app's use of REQUEST_INSTALL_PACKAGES", but at the bottom of that email, there was some additional information -
Step 2: Submit a compliant update or remove the permission from your app
Once you’re ready to submit a compliant version of your app:
- Make the necessary updates to address the issue(s) identified above OR please remove the permission from your manifest AND in-app functionality.
- Double check that your app is compliant with all other Developer Program Policies.
- Sign in to your Play Console, upload the modified, policy compliant APK across all tracks, and deactivate the non-compliant APK(s).
- To deactivate a non-compliant APK, please create a new release and upload a compliant APK to the same track.
- Be
sure to increment the APK version number and set the release to 100%
rollout, in order to successfully override and deactivate the
non-compliant APK.
- To save any changes you make to your release, select Save.
- When you've finished preparing your release, select Review release.
Kindly note that your changes aren't sent for review automatically. You must go to the Publishing overview page and click Send for review to submit your changes.
Aha - so I have to deactivate non-compliant APKs on all tracks - not just the Production track. And how should I deactivate?
https://stackoverflow.com/questions/48624580/how-to-deactivate-my-previous-version-retained-apk-in-play-store
So I have to go to each track and add a new version with "Create New Release". For that, I had to create one more version of the "fixed" APK, since the current "proper" release had been auto-rejected - I had to build another apk with an incremented version code. One of the rejected apks had a higher version code than the current "fixed" version. So, I added one to that to get my next version code - though retaining the same version name and version number displayed inside the app, which have to be changed via config.xml and moodle.config.json.
For changing only the version code, I just did Edit --> Find --> "Replace in files" inside Android Studio for the old version code with the new version code, with "Scope" as the "search in" parameter. It found 7 matches in 6 files or something like that. 7 clicks of "Replace" later, clicking on "Generate signed APK" got me the fresh apk which I could upload to the Play store. Much easier than going through the entire Cordova build process.
Now, after submitting all these tracks, it looks like the update has not been auto-rejected. I also edited the "Policy declaration" mentioning that this permission is no longer needed. Perhaps after the update is reviewed, the policy declaration change - where this permission is not listed - would also happen. We have to wait and see. Maybe a week.
Edit: The update went through in 2 days.