Edit: This issue is now resolved thanks to @DotProto!
A few days ago I was trying to make some exciting new features available in Join’s Chrome extension when, after submitting an update, I got the following email from Google:
Your recent publish request for Google Chrome item “Join” with ID: flejfacjooompmliegamfbpjjdlhokhj was rejected because it did not comply with our policies.
[…]
“User Data Privacy”
Your product violates the “Use of Permissions” section of the policy, which requires that you:
- Request access to the narrowest permissions necessary to implement your product’s features or services.
- If more than one permission could be used to implement a feature, you must request those with the least access to data or functionality.
- Don’t attempt to “future proof” your product by requesting a permission that might benefit services or features that have not yet been implemented.
I hadn’t requested any new permission for quite some time so I tried to figure out what was wrong. This is the conversation that followed:
- Me: Can you please clarify which permission you are referring to? All the permissions Join requests are necessary for it to work so I don’t know which one you are referring to exactly.
- Google: Request access to the narrowest permissions necessary to implement your Product’s features or services. If more than one permission could be used to implement a feature, you must request those with the least access to data or functionality. Don’t attempt to “future proof” your Product by requesting a permission that might benefit services or features that have not yet been implemented.
- Me: Hello. I didn’t attempt to “future proof” the extension. All the permissions are needed and I justified each one in the app’s submission. Can you please clarify which permission you think the extension doesn’t need so I can further clarify?
- Google: Request access to the narrowest permissions necessary to implement your Product’s features or services. If more than one permission could be used to implement a feature, you must request those with the least access to data or functionality. Don’t attempt to “future proof” your Product by requesting a permission that might benefit services or features that have not yet been implemented.
- Me: It seems you have mistakenly replied the exact same text as last time. Can you please clarify further what permissions you think I’m using to future proof my extension? I have detailed the reason for every permission in my submission.
- Google: As we mentioned in our initial message, to have your Product reinstated, please ensure that your Product requests and uses only those permissions that are necessary to deliver the currently stated product’s features. Examples of such permission is Storage
- Me: As I mentioned in the Chrome Store submission the Storage permission is needed for my app to store MMS images locally so it doesn’t always have to always get them from a server. My extension syncs MMS messages from user’s phones and those messages need to appear on the extension’s window. Those images are stored locally so the user can quickly access them.
- Google: Request access to the narrowest permissions necessary to implement your Product’s features or services. If more than one permission could be used to implement a feature, you must request those with the least access to data or functionality. Don’t attempt to “future proof” your Product by requesting a permission that might benefit services or features that have not yet been implemented.
- Me: Hi again. You already said that before. I already said why I use the permissions I do. Can you please tell me which permissions you think are not adequate considering I already explained why the storage permission is needed?
- Google: As we mentioned in our initial message, to have your Product reinstated, please ensure that your Product requests and uses only those permissions that are necessary to deliver the currently stated product’s features. example storage permission.
- Me:Are you correctly getting my previous messages? It seems that you didn’t see the part where I clarified why I need the storage permission. Can you please let me know why my response isn’t acceptable?
- Google: Thank you for your email. Your item was re-reviewed and Unfortunately, we cannot provide any additional information regarding this issue.
So now I seem to be stuck. Unless I want to downgrade the extension for no good reason and hope they eventually accept it, the extension can’t be updated anymore.
Since they mention the storage permission I’ll try make the extension work without it. Will make it not work as well but I hope that will let me update the extension if I’m lucky.
But that’s the worst part about all of this: I (or any developer) shouldn’t have to be lucky. Why do we need to guess what’s wrong? Why give the developer an option to justify the use of permissions if it won’t be accepted anyway and Google won’t tell you why?
Google, wouldn’t it be easier to avoid all the useless back and forth and simply tell developers what they need to fix? Would make it a better experience for everyone involved…
Here’s hoping for a happy ending…