github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-03-12 05:04:17 -05:00
Code Issues 144 Packages Projects Releases 116 Wiki Activity

Resolve 30 day notice from Google Play Review Team, re BIND_ACCESSIBILITY_SERVICE #116

New Issue
Closed
opened 2025-11-07 08:27:10 -06:00 by GiteaMirror · 30 comments
GiteaMirror commented 2025-11-07 08:27:10 -06:00
Owner
Copy Link

Originally created by @kspearrin on GitHub (Nov 10, 2017).

Need to file an appeal or figure out why we are in violation here. It appears that Google does not want us using accessibility services for stuff that isn't actually helping people with disabilities. We use this service for autofilling.

Anyone have experience with dealing with these notices from Google?

We’re contacting you because your app, bitwarden Password Manager, with package name com.x8bit.bitwarden is requesting the ‘android.permission.BIND_ACCESSIBILITY_SERVICE.’ Apps requesting accessibility services should only be used to help users with disabilities use Android devices and apps. Your app must comply with our Permissions policy and the Prominent Disclosure requirements of our User Data policy.

Action required: If you aren’t already doing so, you must explain to users how your app is using the ‘android.permission.BIND_ACCESSIBILITY_SERVICE’ to help users with disabilities use Android devices and apps. Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to unpublish your app.

If you need to make changes to your apps, please follow these steps:

Read through the Permissions and User Data policies for more details, and make sure your app complies with all policies listed in the Developer Program Policies.

If you don’t need the BIND_ACCESSIBILITY_SERVICE permission in your app or the permission is being used for something other than helping users with disabilities use Android devices and apps:
Remove your request for this permission from your app’s manifest.
Sign in to your Play Console and upload your modified, policy-compliant APK.

Or, if you need the BIND_ACCESSIBILITY_SERVICE permission in your app to help users with disabilities use Android devices and apps:
Include the following snippet in your app’s store listing description: “This app uses Accessibility services.”
Provide prominent user-facing disclosure of this usage before asking the user to enable this permission within your app. Your disclosure must meet each of the following requirements:
Disclosure must be provided via the android:summary and android:description elements of the AccessibilityServiceInfo class
Disclosure must describe the functionality that the Accessibility Service permission is enabling for your app. Each feature used with the Accessibility Service request must be declared in your disclosure with justification.

Alternatively, you can choose to unpublish the app.
All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts.

If you’ve reviewed the policy and feel we may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.

Regards,

The Google Play Review Team

Originally created by @kspearrin on GitHub (Nov 10, 2017). Need to file an appeal or figure out why we are in violation here. It appears that Google does not want us using accessibility services for stuff that isn't actually helping people with disabilities. We use this service for autofilling. Anyone have experience with dealing with these notices from Google? > We’re contacting you because your app, bitwarden Password Manager, with package name com.x8bit.bitwarden is requesting the ‘android.permission.BIND_ACCESSIBILITY_SERVICE.’ Apps requesting accessibility services should only be used to help users with disabilities use Android devices and apps. Your app must comply with our Permissions policy and the Prominent Disclosure requirements of our User Data policy. > > Action required: If you aren’t already doing so, you must explain to users how your app is using the ‘android.permission.BIND_ACCESSIBILITY_SERVICE’ to help users with disabilities use Android devices and apps. Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to unpublish your app. > > If you need to make changes to your apps, please follow these steps: > > Read through the Permissions and User Data policies for more details, and make sure your app complies with all policies listed in the Developer Program Policies. > > If you don’t need the BIND_ACCESSIBILITY_SERVICE permission in your app or the permission is being used for something other than helping users with disabilities use Android devices and apps: Remove your request for this permission from your app’s manifest. Sign in to your Play Console and upload your modified, policy-compliant APK. > > Or, if you need the BIND_ACCESSIBILITY_SERVICE permission in your app to help users with disabilities use Android devices and apps: Include the following snippet in your app’s store listing description: “This app uses Accessibility services.” Provide prominent user-facing disclosure of this usage before asking the user to enable this permission within your app. Your disclosure must meet each of the following requirements: Disclosure must be provided via the android:summary and android:description elements of the AccessibilityServiceInfo class Disclosure must describe the functionality that the Accessibility Service permission is enabling for your app. Each feature used with the Accessibility Service request must be declared in your disclosure with justification. > >Alternatively, you can choose to unpublish the app. >All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts. > > If you’ve reviewed the policy and feel we may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days. > > Regards, > > The Google Play Review Team
GiteaMirror commented 2025-11-07 08:27:11 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Nov 12, 2017):

More people are getting these. See:

https://www.reddit.com/r/Android/comments/7c4go5/is_google_play_really_going_to_suspend_all_apps/

https://groups.google.com/forum/#!topic/tasker/ZDbjtD4bAts

https://ausdroid.net/2017/11/11/google-play-developers-use-accessibility-service-properly-removed/

@kspearrin commented on GitHub (Nov 12, 2017): More people are getting these. See: https://www.reddit.com/r/Android/comments/7c4go5/is_google_play_really_going_to_suspend_all_apps/ https://groups.google.com/forum/#!topic/tasker/ZDbjtD4bAts https://ausdroid.net/2017/11/11/google-play-developers-use-accessibility-service-properly-removed/
GiteaMirror commented 2025-11-07 08:27:12 -06:00
Author
Owner
Copy Link

@jerryn70 commented on GitHub (Nov 12, 2017):

If we are no longer able to use accessibility then we need to look alternative methods like keyboard integration #62 . Now keepass2android can switch keyboard automatically on non rooted device with keyboard swap plugin .

@jerryn70 commented on GitHub (Nov 12, 2017): If we are no longer able to use accessibility then we need to look alternative methods like keyboard integration #62 . Now keepass2android can switch keyboard automatically on non rooted device with keyboard swap plugin .
GiteaMirror commented 2025-11-07 08:27:12 -06:00
Author
Owner
Copy Link

@mbirth commented on GitHub (Nov 12, 2017):

@jerryn70: But that one needs the user to set a specific permission using adb. (see here)

Wouldn't it be easier to provide the Accessibility stuff via a separately downloadable "plugin"? Like e.g. Lawnchair launcher or Nova add the Google Now page.

@mbirth commented on GitHub (Nov 12, 2017): @jerryn70: But that one needs the user to set a specific permission using adb. (see [here](https://www.xda-developers.com/keyboardswap-plugin-keepass2android-automatically-switches-keyboards-without-root/)) Wouldn't it be easier to provide the Accessibility stuff via a separately downloadable "plugin"? Like e.g. Lawnchair launcher or Nova add the Google Now page.
GiteaMirror commented 2025-11-07 08:27:13 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Nov 13, 2017):

More news/discussion coming out:

https://www.xda-developers.com/google-threatening-removal-accessibility-services-play-store/

https://www.reddit.com/r/Android/comments/7cfldu/google_is_threatening_to_remove_apps_with/

@kspearrin commented on GitHub (Nov 13, 2017): More news/discussion coming out: https://www.xda-developers.com/google-threatening-removal-accessibility-services-play-store/ https://www.reddit.com/r/Android/comments/7cfldu/google_is_threatening_to_remove_apps_with/
GiteaMirror commented 2025-11-07 08:27:13 -06:00
Author
Owner
Copy Link

@jerryn70 commented on GitHub (Nov 13, 2017):

@mbirth but we cannot give that plugin through play store. If we provide that through other stores/clouds , then no one will trust that. Especially for a password manger

@jerryn70 commented on GitHub (Nov 13, 2017): @mbirth but we cannot give that plugin through play store. If we provide that through other stores/clouds , then no one will trust that. Especially for a password manger
GiteaMirror commented 2025-11-07 08:27:14 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Nov 13, 2017):

https://thenextweb.com/apps/2017/11/13/googles-about-to-brick-a-bunch-of-useful-android-apps-that-rely-on-accessibility-services/

@kspearrin commented on GitHub (Nov 13, 2017): https://thenextweb.com/apps/2017/11/13/googles-about-to-brick-a-bunch-of-useful-android-apps-that-rely-on-accessibility-services/
GiteaMirror commented 2025-11-07 08:27:14 -06:00
Author
Owner
Copy Link

@walrus543 commented on GitHub (Nov 13, 2017):

I discussed this issue with other devs. Many apps will lose features or will be removed... If only bitwarden could be FLOSS, you would publish it on F-Droid.
Too much power was put in their hands...

@walrus543 commented on GitHub (Nov 13, 2017): I discussed this issue with other devs. Many apps will lose features or will be removed... If only bitwarden could be FLOSS, you would publish it on F-Droid. Too much power was put in their hands...
GiteaMirror commented 2025-11-07 08:27:15 -06:00
Author
Owner
Copy Link

@mbirth commented on GitHub (Nov 14, 2017):

@jerryn70 The main app (from the Play Store) could verify the integrity of the plugin file, e.g. via checksum of the plugin's apk file. Maybe there's a way to check the developer signature, too. This way you could make sure to only use the plugin when it's genuine.

@mbirth commented on GitHub (Nov 14, 2017): @jerryn70 The main app (from the Play Store) could verify the integrity of the plugin file, e.g. via checksum of the plugin's apk file. Maybe there's a way to check the developer signature, too. This way you could make sure to only use the plugin when it's genuine.
GiteaMirror commented 2025-11-07 08:27:15 -06:00
Author
Owner
Copy Link

@samlu commented on GitHub (Nov 15, 2017):

Read this post https://blog.lastpass.com/2017/11/lastpass-android-accessibility-services.html/

It seems that they do the same thing as you by using Accessibility services but not getting the warning email from Google review team. FYI.

@samlu commented on GitHub (Nov 15, 2017): Read this post https://blog.lastpass.com/2017/11/lastpass-android-accessibility-services.html/ It seems that they do the same thing as you by using Accessibility services but not getting the warning email from Google review team. FYI.
GiteaMirror commented 2025-11-07 08:27:15 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Nov 15, 2017):

@samlu Well hopefully that applies to bitwarden as well (and other password apps) and not just LastPass because they have special contacts with the play store team.

@kspearrin commented on GitHub (Nov 15, 2017): @samlu Well hopefully that applies to bitwarden as well (and other password apps) and not just LastPass because they have special contacts with the play store team.
GiteaMirror commented 2025-11-07 08:27:16 -06:00
Author
Owner
Copy Link

@pehlm commented on GitHub (Nov 17, 2017):

It's possible that passwordmanagers can receive reprieve "from possible upcoming removals from the Play Store" as they write on Androidauthority. So it's important to contact Google.

@pehlm commented on GitHub (Nov 17, 2017): It's possible that passwordmanagers can receive reprieve "from possible upcoming removals from the Play Store" as they write on [Androidauthority](https://www.androidauthority.com/lastpass-google-accessibility-services-815528/). So it's important to contact Google.
GiteaMirror commented 2025-11-07 08:27:16 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Nov 17, 2017):

It's possible that passwordmanagers can receive reprieve "from possible upcoming removals from the Play Store" as they write on Androidauthority. So it's important to contact Google.

Anyone have a contact for Google? 😃

@kspearrin commented on GitHub (Nov 17, 2017): > It's possible that passwordmanagers can receive reprieve "from possible upcoming removals from the Play Store" as they write on Androidauthority. So it's important to contact Google. Anyone have a contact for Google? 😃
GiteaMirror commented 2025-11-07 08:27:16 -06:00
Author
Owner
Copy Link

@pehlm commented on GitHub (Nov 17, 2017):

The only one I've is https://docs.google.com/forms/d/e/1FAIpQLScem3Xhk4991YKhX3YtPUZ7_YSuFZGacdH5r5yFO8lrSMQNqA/viewform?usp=sf_link. But it's for Oreo Autofill API though.

@pehlm commented on GitHub (Nov 17, 2017): The only one I've is https://docs.google.com/forms/d/e/1FAIpQLScem3Xhk4991YKhX3YtPUZ7_YSuFZGacdH5r5yFO8lrSMQNqA/viewform?usp=sf_link. But it's for Oreo Autofill API though.
GiteaMirror commented 2025-11-07 08:27:17 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Nov 17, 2017):

@pehlm Yes, we've already reached out with that form for Oreo, but I don't think that help us with this issue :)

@kspearrin commented on GitHub (Nov 17, 2017): @pehlm Yes, we've already reached out with that form for Oreo, but I don't think that help us with this issue :)
GiteaMirror commented 2025-11-07 08:27:17 -06:00
Author
Owner
Copy Link

@moneytoo commented on GitHub (Nov 17, 2017):

Or https://support.google.com/googleplay/android-developer/contact/appappeals It creates a new ticket where you talk to a real person via email (with 2 day response time).

@moneytoo commented on GitHub (Nov 17, 2017): Or https://support.google.com/googleplay/android-developer/contact/appappeals It creates a new ticket where you talk to a real person via email (with 2 day response time).
GiteaMirror commented 2025-11-07 08:27:18 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Nov 17, 2017):

@moneytoo Looks like that is only for apps that have been removed?

@kspearrin commented on GitHub (Nov 17, 2017): @moneytoo Looks like that is only for apps that have been removed?
GiteaMirror commented 2025-11-07 08:27:18 -06:00
Author
Owner
Copy Link

@jerryn70 commented on GitHub (Nov 18, 2017):

https://www.androidauthority.com/lastpass-google-accessibility-services-815528/

Lastpass, keeper, dashlane and 1password are on safe zone 🤔 what about us

@jerryn70 commented on GitHub (Nov 18, 2017): https://www.androidauthority.com/lastpass-google-accessibility-services-815528/ Lastpass, keeper, dashlane and 1password are on safe zone 🤔 what about us
GiteaMirror commented 2025-11-07 08:27:19 -06:00
Author
Owner
Copy Link

@pehlm commented on GitHub (Nov 18, 2017):

Yes it seems so as I also said. But he wants to know where to contact Google about it. Maybe all password managers are spared, but who will take that risk being removed from Play Store?

@pehlm commented on GitHub (Nov 18, 2017): Yes it seems so as I also said. But he wants to know where to contact Google about it. Maybe all password managers are spared, but who will take that risk being removed from Play Store?
GiteaMirror commented 2025-11-07 08:27:19 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Nov 28, 2017):

Anyone have a way that I can directly contact someone at Google Play regarding this? I've been unsuccessful at finding a way to actually contact a human being.

@kspearrin commented on GitHub (Nov 28, 2017): Anyone have a way that I can directly contact someone at Google Play regarding this? I've been unsuccessful at finding a way to actually contact a human being.
GiteaMirror commented 2025-11-07 08:27:19 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Dec 2, 2017):

Well, not looking good guys. I tried following up through the play store console support channel to get further clarification on our use of accessibility services for autofilling as a password manager. Below is the reply that I got. Seems mostly like copy/paste from the original message but they are clearly saying we can no longer do this. I guess the only way will be to use the Android 8.0 autofill.

Hello,

Thanks for contacting the Google Play team.

During review, we found that your app bitwarden Password Manager (com.x8bit.bitwarden) violates our policy on deceptive device settings changes.

Accessibility services should only be used to help users with disabilities use Android devices and apps. If you are accessing user data via accessibility services, you may only request access to the user data necessary to implement existing features or services used to help users with disabilities use Android devices and apps.

Provided your app meets these requirements, you must clearly disclose to users your reason(s) for requesting the ‘android.permission.BIND_ACCESSIBILITY_SERVICE.’ Permission requests should make sense to users, and should be limited to the critical information necessary to implement your application.

Here’s how you can submit your app again:

Read through the Permissions and User Data policies for more details.

If you don’t need the BIND_ACCESSIBILITY_SERVICE permission in your app or the permission is being used for something other than helping users with disabilities use Android devices and apps:

Remove your request for this permission from your app’s manifest.
Sign in to your Play Console and submit the modified, policy compliant APK.

Or, if you need the BIND_ACCESSIBILITY_SERVICE permission in your app to help users with disabilities use Android devices and apps:

Include the following snippet in your app’s store listing description: “This app uses Accessibility services.”

Provide prominent user-facing disclosure of this usage before asking the user to enable this permission within your app. Your disclosure must meet each of the following requirements:

Disclosure must be provided via the android:summary and android:description elements of the AccessibilityServiceInfo class.

Disclosure must describe the functionality Accessibility Service permission is enabling for your app. Each feature used with the Accessibility Service request must be declared in your disclosure with justification.

Make sure you’ve corrected all policy violations before submitting your app again. You may want to review the Developer Program Policies for additional guidance.

Regards,
Linda
The Google Play Team

@kspearrin commented on GitHub (Dec 2, 2017): Well, not looking good guys. I tried following up through the play store console support channel to get further clarification on our use of accessibility services for autofilling as a password manager. Below is the reply that I got. Seems mostly like copy/paste from the original message but they are clearly saying we can no longer do this. I guess the only way will be to use the Android 8.0 autofill. > Hello, > > Thanks for contacting the Google Play team. > > During review, we found that your app bitwarden Password Manager (com.x8bit.bitwarden) violates our policy on deceptive device settings changes. > > Accessibility services should only be used to help users with disabilities use Android devices and apps. If you are accessing user data via accessibility services, you may only request access to the user data necessary to implement existing features or services used to help users with disabilities use Android devices and apps. > > Provided your app meets these requirements, you must clearly disclose to users your reason(s) for requesting the ‘android.permission.BIND_ACCESSIBILITY_SERVICE.’ Permission requests should make sense to users, and should be limited to the critical information necessary to implement your application. > > Here’s how you can submit your app again: > > Read through the Permissions and User Data policies for more details. > > If you don’t need the BIND_ACCESSIBILITY_SERVICE permission in your app or the permission is being used for something other than helping users with disabilities use Android devices and apps: > > Remove your request for this permission from your app’s manifest. > Sign in to your Play Console and submit the modified, policy compliant APK. > > Or, if you need the BIND_ACCESSIBILITY_SERVICE permission in your app to help users with disabilities use Android devices and apps: > > Include the following snippet in your app’s store listing description: “This app uses Accessibility services.” > > Provide prominent user-facing disclosure of this usage before asking the user to enable this permission within your app. Your disclosure must meet each of the following requirements: > > Disclosure must be provided via the android:summary and android:description elements of the AccessibilityServiceInfo class. > > Disclosure must describe the functionality Accessibility Service permission is enabling for your app. Each feature used with the Accessibility Service request must be declared in your disclosure with justification. > > Make sure you’ve corrected all policy violations before submitting your app again. You may want to review the Developer Program Policies for additional guidance. > > Regards, > Linda > The Google Play Team
GiteaMirror commented 2025-11-07 08:27:20 -06:00
Author
Owner
Copy Link

@Moxville commented on GitHub (Dec 2, 2017):

Kyle,
Maybe you can post a query in Hacker News or Reddit. Someone might share ideas or direct contacts. Worth a shot.
https://news.ycombinator.com/

Bitwarden should also be in safe zone like LastPass, 1Password, etc.

@Moxville commented on GitHub (Dec 2, 2017): Kyle, Maybe you can post a query in Hacker News or Reddit. Someone might share ideas or direct contacts. Worth a shot. https://news.ycombinator.com/ Bitwarden should also be in safe zone like LastPass, 1Password, etc.
GiteaMirror commented 2025-11-07 08:27:20 -06:00
Author
Owner
Copy Link

@pehlm commented on GitHub (Dec 2, 2017):

It's very remarkable, I agree with Moxville that Bitwarden must be on the safe ground together with Lastpass, Dashlane, 1Password and Keeper. You are a little player but are in the same boat as them. Truly sarcastic by Google, if it's their official opinion. You must phone them, they have phone numbers all over the world and in the US: https://www.google.com/intl/sv/about/locations/?region=north-america&office=mountain-view. Don't give up! Otherwise if you can't come to an agreement with them, release the accessibility autofill service as an external plugin. Likely it can be downloaded from your site. And then release the Oreo autofill when that time come. Regards.

@pehlm commented on GitHub (Dec 2, 2017): It's very remarkable, I agree with Moxville that Bitwarden must be on the safe ground together with Lastpass, Dashlane, 1Password and Keeper. You are a little player but are in the same boat as them. Truly sarcastic by Google, if it's their official opinion. You must phone them, they have phone numbers all over the world and in the US: https://www.google.com/intl/sv/about/locations/?region=north-america&office=mountain-view. Don't give up! Otherwise if you can't come to an agreement with them, release the accessibility autofill service as an external plugin. Likely it can be downloaded from your site. And then release the Oreo autofill when that time come. Regards.
GiteaMirror commented 2025-11-07 08:27:21 -06:00
Author
Owner
Copy Link

@mbirth commented on GitHub (Dec 3, 2017):

Others seem to just put that "This app uses accessibility services" info into the Play Store description and that's it. See also this Reddit thread where the argument is that disabled people can make use of those apps, so they can use the accessibility services.

@mbirth commented on GitHub (Dec 3, 2017): Others seem to just put that "This app uses accessibility services" info into the Play Store description and that's it. See also [this Reddit thread](https://www.reddit.com/r/Android/comments/7cfldu/google_is_threatening_to_remove_apps_with/dppx5ka/) where the argument is that disabled people can make use of those apps, so they can use the accessibility services.
GiteaMirror commented 2025-11-07 08:27:21 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Dec 4, 2017):

@mbirth We already had that notice in our play store description prior to contacting Google Play support (see above response). That didn't seem to satisfy their requirements.

It's pretty difficult to know what part of their policy we are even violating here since they list off several very subjective and vague things.

I'll reply to the Google Play support ticket I have open (see above) one more time with a note that I have updated our service's summary and description and see if I can get a definitive answer.

See summary/description updates here: https://github.com/bitwarden/mobile/blob/master/src/Android/Resources/values/strings.xml . Any thoughts on improvements?

@kspearrin commented on GitHub (Dec 4, 2017): @mbirth We already had that notice in our play store description prior to contacting Google Play support (see above response). That didn't seem to satisfy their requirements. It's pretty difficult to know what part of their policy we are even violating here since they list off several very subjective and vague things. I'll reply to the Google Play support ticket I have open (see above) one more time with a note that I have updated our service's summary and description and see if I can get a definitive answer. See summary/description updates here: https://github.com/bitwarden/mobile/blob/master/src/Android/Resources/values/strings.xml . Any thoughts on improvements?
GiteaMirror commented 2025-11-07 08:27:22 -06:00
Author
Owner
Copy Link

@moneytoo commented on GitHub (Dec 4, 2017):

IMHO you should say that this feature requiring accessibility service is only for users with disabilities and only they should enable it. Now you say "especially those with disabilities" while Google allows "only people with disabilities". From my few encounters with Google, it's usually about these exact wordings. Like other devs state it in apps like this: https://play.google.com/store/apps/details?id=org.de_studio.recentappswitcher.trial&hl=en
You can't control who enables this feature but you must not encourage people to do so.

@moneytoo commented on GitHub (Dec 4, 2017): IMHO you should say that this feature requiring accessibility service is only for users with disabilities and only they should enable it. Now you say "especially those with disabilities" while Google allows "only people with disabilities". From my few encounters with Google, it's usually about these exact wordings. Like other devs state it in apps like this: https://play.google.com/store/apps/details?id=org.de_studio.recentappswitcher.trial&hl=en You can't control who enables this feature but you must not encourage people to do so.
GiteaMirror commented 2025-11-07 08:27:22 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Dec 6, 2017):

We submitted version 1.13.0 to Google Play today with updated disclosures strings (see here).

I contacted the Play Store team back via my open support ticket asking them if they could review version 1.13.0 and tell me if it was in compliance or not. Their reply:

Hello,

Thanks again for reaching out to the Google Play team.

At this time, my team is unable to comment on the compliance of your app's implementations. We encourage you to use the following guidelines and policies:

Google Play Developer Program Policies

Permissions and User Data

If you believe your app complies with our policies, please submit your app and we’ll review it again.

Thanks for supporting Google Play!

Seems I am having a hard time getting a yes/no answer.

I asked them again to review version 1.13.0 and tell me if it is in compliance or not.

@kspearrin commented on GitHub (Dec 6, 2017): We submitted version 1.13.0 to Google Play today with updated disclosures strings ([see here](https://github.com/bitwarden/mobile/blob/master/src/Android/Resources/values/strings.xml)). I contacted the Play Store team back via my open support ticket asking them if they could review version 1.13.0 and tell me if it was in compliance or not. Their reply: > Hello, > > Thanks again for reaching out to the Google Play team. > > At this time, my team is unable to comment on the compliance of your app's implementations. We encourage you to use the following guidelines and policies: > > Google Play Developer Program Policies > > Permissions and User Data > > If you believe your app complies with our policies, please submit your app and we’ll review it again. > > Thanks for supporting Google Play! Seems I am having a hard time getting a yes/no answer. I asked them again to review version 1.13.0 and tell me if it is in compliance or not.
GiteaMirror commented 2025-11-07 08:27:22 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Dec 6, 2017):

So some better news this time:

Hello,

Thanks again for contacting the Google Play team.

We're evaluating responsible and innovative uses of accessibility services. While we complete this evaluation, we are pausing the 30 day notice we previously contacted you about.

We'll notify you once our evaluation is completed.If further actions are needed to bring your app into compliance with our policies, your 30 day notice period will begin when we reach back out to you.

In the meantime, we've included clarifying guidance below which may be helpful:

  • If you don't need the BIND_ACCESSIBILITY_SERVICE permission in your app:
    1. Remove your declaration of this permission from your app's manifest.
    2. Sign in to your Play Console and upload your modified, policy-compliant APK.

No further action is required after publishing the app.

  • If you need the BIND_ACCESSIBILITY_SERVICE permission in your app to exclusively help users with accessibility needs use Android devices and apps, or for another approved accessibility related purpose (e.g. Accessibility testing tools) that benefits users, you must set the android:description element to the following sentence to provide a user-facing disclosure of the Accessibility Service API:
    • "All usage of accessibility service privileges is exclusively for the purpose of providing accessibility features to users."

If your accessibility app uses accessibility privileges for both accessibility and non-accessibility purposes, you must instead fulfill the below criteria.

  • If you use the BIND_ACCESSIBILITY_SERVICE permission in your app for any purpose not relating to, or in addition to, helping users with accessibility needs use Android devices and apps, you must update the android:description element in your accessibility service definition to provide user-facing disclosure of the Accessibility Service API: before asking the user to enable this permission within your app. Your disclosure must meet the following requirements:
    • In all cases, you must have a disclosure to explain why you need to observe user actions in general using the Accessibility Service API.
    • For each accessibility capability declared, you must have an accompanying disclosure to describe the app functionality that the Accessibility Service permission is enabling for your app. (The default disclosure tells us "what", but you must disclose to the user "why").

If you believe your app uses the Accessibility API for a responsible, innovative purpose that isn't related to accessibility, please respond to this email and tell us more about how your app benefits users.  This kind of feedback may be helpful to us as we complete our evaluation of accessibility services.

Regards,

The Google Play Team

Seems we fall into point 3. Any thoughts on how we could improve our disclosure descriptions with this new information?

@kspearrin commented on GitHub (Dec 6, 2017): So some better news this time: > Hello, > > Thanks again for contacting the Google Play team. > > We're evaluating responsible and innovative uses of accessibility services. While we complete this evaluation, we are pausing the 30 day notice we previously contacted you about. > > We'll notify you once our evaluation is completed.If further actions are needed to bring your app into compliance with our policies, your 30 day notice period will begin when we reach back out to you. > > In the meantime, we've included clarifying guidance below which may be helpful: > > - If you don't need the BIND_ACCESSIBILITY_SERVICE permission in your app: > 1. Remove your declaration of this permission from your app's manifest. > 2. [Sign in to your Play Console](https://play.google.com/apps/publish) and upload your modified, policy-compliant APK. > > No further action is required after publishing the app. > > - If you need the BIND_ACCESSIBILITY_SERVICE permission in your app to exclusively help users with accessibility needs use Android devices and apps, or for another approved accessibility related purpose (e.g. Accessibility testing tools) that benefits users, you must set the [android:description](https://developer.android.com/reference/android/accessibilityservice/AccessibilityServiceInfo.html#attr_android:description) element to the following sentence to provide a user-facing disclosure of the Accessibility Service API: > - "*All usage of accessibility service privileges is exclusively for the purpose of providing accessibility features to users."* > > If your accessibility app uses accessibility privileges for both accessibility and non-accessibility purposes, you must instead fulfill the below criteria. > > - If you use the BIND_ACCESSIBILITY_SERVICE permission in your app for ***any*** purpose not relating to, or in addition to, helping users with accessibility needs use Android devices and apps, you must update the [android:description](https://developer.android.com/reference/android/accessibilityservice/AccessibilityServiceInfo.html#attr_android:description) element in your accessibility service definition to provide user-facing disclosure of the Accessibility Service API: before asking the user to enable this permission within your app. Your disclosure must meet the following requirements: > - In all cases, you must have a disclosure to explain why you need to observe user actions in general using the Accessibility Service API. > - For each accessibility capability declared, you must have an accompanying disclosure to describe the app functionality that the Accessibility Service permission is enabling for your app. (The default disclosure tells us "what", but you must disclose to the user "why"). > > If you believe your app uses the Accessibility API for a responsible, innovative purpose that isn't related to accessibility, please respond to this email and tell us more about how your app benefits users.  This kind of feedback may be helpful to us as we complete our evaluation of accessibility services. > > Regards, > > The Google Play Team Seems we fall into point 3. Any thoughts on how we could improve our disclosure descriptions with this new information?
GiteaMirror commented 2025-11-07 08:27:23 -06:00
Author
Owner
Copy Link

@gsora commented on GitHub (Dec 6, 2017):

Any thoughts on how we could improve our disclosure descriptions with this new information?

Just declaring that Google AutoFill API isn't working on every input text view should be enough, after all this is the main reason why bitwarden is still using Accessibility API if I understood everything right.

@gsora commented on GitHub (Dec 6, 2017): > Any thoughts on how we could improve our disclosure descriptions with this new information? Just declaring that Google AutoFill API isn't working on every input text view should be enough, after all this is the main reason why bitwarden is still using Accessibility API if I understood everything right.
GiteaMirror commented 2025-11-07 08:27:24 -06:00
Author
Owner
Copy Link

@samlu commented on GitHub (Dec 9, 2017):

Looks like you guys are in the safe zone now.

http://www.androidpolice.com/2017/12/07/google-pauses-accessibility-app-ban-considers-responsible-innovative-uses-accessibility-services/

@samlu commented on GitHub (Dec 9, 2017): Looks like you guys are in the safe zone now. http://www.androidpolice.com/2017/12/07/google-pauses-accessibility-app-ban-considers-responsible-innovative-uses-accessibility-services/
GiteaMirror commented 2025-11-07 08:27:24 -06:00
Author
Owner
Copy Link

@kspearrin commented on GitHub (Dec 9, 2017):

Closing this since it is no longer an issue.

@kspearrin commented on GitHub (Dec 9, 2017): Closing this since it is no longer an issue.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#116
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?