Google Assistant is showing that my privacy policies are invalid ,while i was creating a quiz in Google Assistant
my privacy poliy document is as follows
https://docs.google.com/document/d/1C6G50XX5lOtdjFZTk2Qc9wkSqPKSeaM95Ydw0lt1zGI/edit?usp=sharing
Your Privacy Policy document is not available to the public. You need to change the permissions on the document so everyone can read it.
Once you've done so, you can test to make sure you can see it without logging in by, for example, testing it with Chrome in Incognito Mode.
Apart of the fact that as Prisoner said, your policy needs to be public, also be aware that your policy matches your actions language. I had that mistake so i had to set up a policy for english and one in spanish.
Related
I have created a flutter application in both iOS and Android that uses OAuth2. In order to authenticate the the app. While I can sign in successfully on iOS, Android provides error the following error:
E/flutter ( 6309): [ERROR:flutter/lib/ui/ui_dart_state.cc(157)] Unhandled Exception: PlatformException(sign_in_failed, com.google.android.gms.common.api.ApiException: 10: , null)
This is almost certainly because of a configuration issue in my OAuth verification request. Their rejection (see below) describes a homepage they require:
Dear Developer,
Thank you for submitting an OAuth App Verification request.
Unfortunately, we cannot proceed further with the verification process
until the requested things are provided.
As we discussed in our previous communication, to proceed with the
verification process for your project what-happend-here you will need
to provide a homepage that accurately represents your app’s identity
to Google users.
Every OAuth2 project requires a homepage. To ensure users’
understanding of your app’s purpose, your homepage should:
Be a verified domain under your ownership
Be accurate, inclusive, and easily accessible to all users
Link to an externally accessible domain that describes the necessary content, context, or connection to the app you are submitting
Explain with transparency the purpose for which your application requests user data
etc.
However, despite the description, I've no feel of what it should be like. Is there an example of such a page that I can use as a model?
Thanks for any help.
I've been back and forth with google over this issue. I can't give a simple answer, but I can summarize the items I've changed in order to meet compliance.
For context, I'm just using oauth on my personal webpage to identify users. I'm not selling an app. I'm not using restricted scopes. I'm not touching any user data.
This should be the simplest case, yet it was difficult to get approval. Each rejection reply is in the style of a form letter. I conclude that an AI has be trained against a set of compliant pages, and it "feels" mine isn't compliant, i.e. it's not able to point to a specific violation like a human or a rule's based system would. For this reason, I advise against spending time in your email replies. It doesn't seem that anyone reads them, just change your content and reply to get the AI to look again.
In the google console you must provide:
a homepage url
a privacy policy url
an uploaded icon image file
If you're using oauth for a website, don't confuse the oauth console "homepage url" with the base url of your website. Google wants a "homepage" that says "what your app is".
The content served at the homepage must have a [link rel="shortcut icon"] whose href points to the identical bytes of the icon you uploaded in the oauth console. If the bytes differ because you're using a scaled or differently styled image, you'll be rejected.
The content served at the homepage must have a privacy policy link where the href is identical to the characters entered at the console. If they're the same page, but differ by an anchor for example, you'll be rejected.
Also watch for caching. I changed the contents of my [link rel="shortcut icon"/] and got a reply that seemed to accept the icon but complain about another issue. Then when I fixed the other issue they rejected me for the icon again. I think since I changed the uploaded icon but didn't change it's name that they later saw a cached icon. I changed just the url (thus invalidating their cache) and the next reply didn't complain about the icon.
If you're not using restricted scopes you shouldn't need the limited use disclosure, but I got a complaint about that so I added it.
Here's what I'm using for both the homepage and the privacy policy:
https://holtstrom.com/michael/about/
Here's how that looked at the time of this posting when it was finally approved.
You'll see that I have all of the google requirements rendered in underline followed by the text that satisfies the requirement.
In case it helps, here's the replies I received from Google:
Google OAuth Consent Screen Verification:
#Michael Holtstrom's answer works perfectly, And I got my app approved in just the 2nd attempt.
But, since there is no information available anywhere on internet regarding this, that's why
I am posting my answer with all the screenshots, only to support #Michael Holtstrom's answer, so that you can move ahead with more confidence.
Because, I was really worried for 3-4 days whether my app will get approved or not. Because this was the last part left in my project.
I was also using Google OAuth only to get email, name and profile picture.
My app could have got approved in the first attempt only, but the first time I submited homepage had text selection disabled(Because I built it using Flutter Web, on which text selection is disbaled by default).
So, I think the Google's AI was unable to read the text on homepage, and thus asked me to update the homepage.
Next time, I built using wordpress, and then my app got approved.
(And by the way, I'm using chrome extension dark reader, that's why all the screenshot has dark mode enabled.)
Youtube Video Url:
https://youtu.be/lzq9WjCXT6c
Consent screen form on GCP Console
Google OAuth Homepage
https://www.madhavkumar.in/about/
Privacy Policy
https://www.madhavkumar.in/privacy-policy/
Email thread with Google Trust Team
I'm trying to import fb-login function and there are some features which need to be inspected by facebook such as job status, education, etc.
And they're saying that they requires privacy policy URL. So, I made a facebook page, which I will use as a landing page for my app, and wrote down the Privacy Policy to the Note.
After that, I copied the note's url and pasted it to the Privacy Policy URL box. I tried to save and proceed, but than error message comes up,
Facebook URL: Facebook URL cannot be crawled
So, my question is this: Is it unavailable to use facebook page to submit the privacy policy URL? This is my first time importing fb-login, so I just don't know what should I do and what shouldn't I do.
This should work ( Kind of a trick to fool FB ;) )
Create a free privacy policy here.
Upload your privacy policy (the one you just created) to your google drive account.
Select the uploaded privacy policy file and click on Get Shareable link. Copy and paste the generated link into your facebook app's Privacy Policy URL input box and click on save changes.
Thanks ☺️
This is likely the problem.
After that, I copied the note's url and pasted it to the Privacy
Policy URL box. I tried to save and proceed, but than error message
comes up, 'Facebook URL: Facebook URL cannot be crawled'
Instead of using a Facebook note, you're likely required to host that privacy policy yourself publicly. Given that Facebook can be a silo and hide pages whenever they like from the public web, you'd be well advised to move it to a site of yours.
This also seems to be Facebook's requirement:
Provide a publicly available and easily accessible privacy policy that
explains what data you are collecting and how you will use that data.
You may use Account Information in accordance with your privacy policy
and other Facebook policies. All other data may only be used outside
your app after you have obtained explicit user consent.
Include your privacy policy URL in the App Dashboard.
Link to your privacy policy in any app marketplace that allows you to.
Comply with your privacy policy.
How can you do that?
There are a few options:
host on your own site
host on sites that allow to create public and persistent pages (just a thought, github?)
use a dedicated tool for privacy policy creation and hosting like iubenda
Hope this helps (p.s. I work for iubenda)
Facebook has provided a link to test your URL which will show you that your URL is as per their standard or not.
Test your URL here:
https://developers.facebook.com/tools/debug/sharing/
Working
go to this link https://developers.facebook.com/apps
then click Basic tab setting
scroll down till you see +add platform tab and click it
remove all allowed platform link android web....NB makes sure you have the details saved somewhere else ..like on notepad
then go to top and switch the mode from off to live.
your app will be live
then go down again to add platform and add your plaform like android or web
The URL to your Privacy Policy must be public and accessible. That's both a requirement from Facebook and law (see California Business Code and CalOPPA in the US). Here's Facebook Developer Policy:
If you received the Facebook URL: Facebook URL cannot be crawled try to also not block bots access to the Privacy Policy page, i.e. Facebook Link Preview could crawl it or Google bot.
Some of the previous suggestions are not for free as for now. One of the free options I found:
https://www.iubenda.com/en/start-generating
Be sure to select Facebook app, NOT Mobile app, and click "Start Generating"
For those looking for a free solution, I used https://www.termsfeed.com/privacy-policy-generator/ and it was validated in the Meta API in less than 2 minutes.
This site will offer a paid professional solution, but the free one worked like a charm.
Don't worry about hosting. the site gives you a hosted url
Go to Dashboard, Click on the Application
Go to Settings --> Basic at Sidebar
Remove apps if there is any under Add platform
Add policy URL and Turn the status to LIVE
and then you can add apps of your choice for live apps
The past few hours i keep getting the following message
Please update your privacy policy for MY_APP_NAME to avoid enforcement action. The URL may be missing or returning an error.
Also, be sure your privacy policy displays on your website or app. For more info, refer to >Platform Policy II.3 and this external resource: http://www.applicationprivacy.org/platform-requirements/facebook/.
on the guide lines of the submission i get this ..
These apps are not currently eligible for App Center:
A Page Tab app
A Desktop web game off of Facebook.com
so why i am eligible for privacy update afterall?? and still i have entered all required info in the app details tab and still get an error of invalid submission
Before you can submit your app detail page you must first comply with App Center >Guidelines. Please make sure you have specified how your app integrates with Facebook and >have met all the requirements. Click here to update your integration.
i could really use some help instead some negative feedback..as i ve seen in similar questions
and last but not least, i ve not spotted any broken url.. :S
I need to hide an app's presence in user's profile completely so no one else besides the app's user will be aware of the app. (No notifications will be posted on timeline.) It will be a private app (it's weird to see something like this on a social network eh?) that will only be visible to users of it. Think of it like a personal assistant.
As I've found, the solution is to disable Settings > Advanced > Social Discovery from App settings panel. Will it be enough to address my issue? I'm asking this because there is no good documentation besides the little question mark near the field that makes me paranoid.
We have a browser based game which uses Facebook Connect through an AppID that we used to run the same game in a canvas until Fb Credits were introduced and we were forced to shut it down. Now, we only use the App the same way as a product page with the FbConnect integration on our own site.
Today's mail states for our case:
If your Connect app is accessing user connections or asking for additional permissions beyond age, email, and our Publishing Permissions, please remove these requests.
(This refers to this policy change: https://developers.facebook.com/blog/post/2012/09/05/platform-updates--operation-developer-love/)
We are using oauth FbConnect with scope=email,user_birthday. This is exactly what was specified in an earlier mail so it should be ok.
Once the user is authenticated, we simply call
https://graph.facebook.com/me?access_token=...
and read what comes there.
Is it possible, that we are not allowed to call the GraphAPI's me anymore? It contains info like gender, location and locale...
The Oauth data contains the fbuid, first/lastname and the email, but it does not contain the age, what we are supposed to be allowed to ask?
Do I have to call https://graph.facebook.com/me?fields=birthday explicitly?
Did anyone actually succeed in getting an "desktop web game hosted primarily off Facebook" to comply with their new policy without creating a new AppID?
Note: There have been a couple of questions about the "Sep 5th policy change" like Facebook: Notice of Violation this one and many previous closed as duplicates, but none I found so far contains questions or answers on a technical level.
Maybe you could skip the "Website with Facebook Login" part in developer settings and only provide your game directly via canvas. (eg. apps.facebook.com/logogame). that's what "on facebook.com" is all about, I guess.