On 23rd June, slice’s Android users who had updated their app to the 10.0.7.1 version were alerted by Google Play Protect that our app was harmful and made attempts to access our users’ personal data.
This statement is to clarify this alert relayed by Google Play Protect.
First of all, this version of the app was meant to sync phone and SMS permissions for waitlisted users to verify and match the SIM as per UPI guidelines.
Upon receiving this alert, the slice team worked closely with the Google Play Store team to identify the issue. As per the instructions given by Google Play Store team, the issue incurred due to the following reason – “The prominent disclosures for Location, Contact, SMS need to be expanded to disclose the type of data, features and scenarios referenced and relevant to the slice app.”
While updating the UPI phone and SMS permissions for waitlisted users, the team missed updating the UPI use case on the permission screen. Please note that the permission screen is in the app from the beginning, and user consent is taken to proceed. The lack of specifications regarding the prominent disclosures led to the momentary alert from Google Play Protect. However, there is no material change in the app.
The issue was identified and resolved within 4 hours of being notified of this alert and all users were instructed to update/reinstall the app with the version titled, 10.0.7.3 immediately. Later after this, Google Play Store has removed the alert after reviewing the updated information on the permission screen. Even for users who are with the version titled, 10.0.7.1, the harmful alert won’t come up by re-scan the app.
Here is the link to the first statement that went out on 24th June and subsequently on 25th June, relaying the details of why this alert was issued by Google Play.
slice, as always, reiterates its true commitment towards protecting the privacy of the users’ data. slice does not access or violate the privacy of the personal data of its users which include call logs, audio recordings and photos. slice seeks limited permissions that users consent to, for availing a slice card and the efficient usage of its services which recently included UPI.
Further, this is to reiterate that Google Play has not officially termed slice as a harmful app via an official statement to the public.