analytics-react-native: Device ID Collection Violates Google Play's User Data Policy

Summary

Previously for Analytics Android to be compliant the access of Settings.Secure.ANDROID_ID and Build.SERIAL was removed in the following commit : get rid of android id and serial number. Which addressed this common violation: Your app collects or links persistent device identifiers (e.g., IMEI, IMSI, SIM Serial #, etc.)

However in Analytics React Native 2.x.x, Settings.Secure.ANDROID_ID is being directly accessed : AnalyticsReactNativeModule.kt -> getUniqueId .

Which is what theoretically resulted in violations for Analytics Android previously.

This access of Settings.Secure.ANDROID_ID that violates the Google Play User Data policy needs to be addressed.

Details

• analytics-react-native version: 2.2.1
• Integrations versions (if used): N/A
• React Native version: 0.68.0
• iOS or Android or both? Android

Steps to reproduce

• Install any 2.x.x version fof @segment/analytics-react-native.
• Submit Android build to Google Play Store.

Behavior

Expected behavior

No User Data policy violations.

Actual behavior(p.s. theoretically)

We have yet to submit our build of the new app experience containing the upgrade to 2.2.1 for Analytics React Native. But we have already received violation warnings from Google Play on a build of our app for the old experience that’s using Analytics Android 4.10.0. So we are anticipating the same warning when we upgrade from Analytics React Native 1.5.2 to 2.2.1 in a build for the new experience of our app:

References

• Google Play User Data Policy