com.paypal.android.sdk:data-collector not compliant with Play store policy due to device location collection about braintree_android HOT 65 OPEN

Thank you @sshropshire! I've also filed several appeals and have been waiting for a response from a "specialist" support team on the Google side for five days now. They originally quoted a 24-48 hour turnaround on this investigation so I hope this means they're looking into something.

In the meantime, depending on internal decisions today, I will work on either upgrading to v4 or removing this library entirely to see if I can unblock our release process.

I'll update this thread if I hear anything more on the Google side, thank you!

from braintree_android.

Hello all,

We're working with Google to find out what's causing the Google Play store compliance issue with the BT Android SDK.

The SDK does not collect privacy data directly, however we do have 3rd-party dependencies that collect data when needed to protect our merchants and their customers from fraudulent transactions. Third-party data collection and infrequent Play Store policy changes make it difficult to get explicit guidance from Google to pinpoint the exact cause of compliance issues.

Best Path Forward: Upgrade to v4

To achieve compliance, the best path forward will be to upgrade to the latest v4 version of the BT SDK. We understand that this takes effort and time. In the short-term, we're trying to find a workaround to help merchants who are stuck on v3. It's worth mentioning that Version 3 of our SDK is no longer supported and will not receive updates in the future.

Potential Workaround: Upgrade Cardinal Dependency

UPDATE: It is confirmed that updating Cardinal does not solve the issue.

We did notice that v3 of our SDK is linked to an out-of-date version of the Cardinal SDK. The older Cardinal version linked by default may not have the necessary updates to achieve Google Play store compliance.

Theoretically, your app should be able to opt in to the newer version of Cardinal by placing the following in your app's build.gradle file:

implementation 'org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-5'

NOTE: We can't guarantee that the above works until we hear feedback from merchants stating that this helped resolve their Google Play compliance issue.

Play Store Resubmissions

For either scenario, please make sure to update all tracks (release, testing, internal testing, etc.) when publishing a compliance update to Google Play. Google will reject apps if any track contains a build artifact that isn't compliant.

Google Play Store Appeal

As a last resort, we were informed that filing an appeal should help unblock merchants from making updates. When making an appeal in the Google Play store, make sure to mention the following:

1. Indicate that you are aware of the compliance issue
2. Indicate that you have updated to a compliant version of the SDK as requested
3. Mention that you are working in earnest with the SDK provider to resolve compliance issues
4. Request that you would like to be able to publish updates while working through compliance issues

Google has told us that the appeals team has often granted approvals for appeals in extreme scenarios like this. If granted an appeal, you should prioritize migrating to v4 of the BT SDK as soon as possible.

@ALL thank you for your patience as we work to resolve this matter.

from braintree_android.

We managed to fix the issue by migrating to v4 - com.braintreepayments.api:paypal:4.41.1.

The warning did not go away until:

• All test tracks + production were replaced and pushed to 100% 1 day before the deadline.
• Warning was still there after the deadline. So we uploaded another build to a test track and send it for review.
• Then the warning got removed.

For anyone trying com.braintreepayments.api:braintree:3.21.1:

• This is supposed to be a compliant version.
• Google will not remove the warning before the deadline if you use this on everything besides production. Emails/appeals sent before to check if they would accept this version on production did not get anywhere constructive.
• We never risked finding out on deadline day if v3.21.1 on all tracks + prod would have worked. Your mileage may vary.

from braintree_android.

@Kowshika-aspire try updating to version 5.4.2 of DropIn.

@vuphamdirox updating to version 3.21.1 should be enough.

Also in Google Play, please make sure all tracks (production and test) are referencing the new build. This is the only explicit advice we've received from Google. It will not work unless all tracks reference your latest build with the up to date Braintree versions.

from braintree_android.

@costafotjet 's comment seems to confirm (thank you by the way!) that the warning did not get resolved by updating to 3.21.1 and instead was only resolved after updating to the 4.x branch.

I'm several days past our deadline with multiple email threads with Google support underway while they investigate on their side but so far I can confirm that having all tracks set to a build that includes the 3.21.1 release is not resolving the issue even though Google has told me it should. That is why I went digging to find any unrelated references to Kount since my concern was they were just searching for that string within the build to raise a false positive for compliance flags.

I'll report back if I make any progress with Google on the 3.21.1. build but it sounds like I might need to do an emergency upgrade to 4.x based on @costafotjet 's latest comment. Thanks all for the help!!

from braintree_android.

Hello :)

I thought that was the problem at first. We have replaced all old builds, in every track (private, beta, alpha, you name it).

I can understand old builds with 3.14.0 being flagged by Google, as it is using some Kount methods that are querying location in some way? At least, that's what I got out of a look into the source code for 3.14.0.

But for 3.21.1 it all looks normal in my eyes and should be compliant.

When we sent an appeal, the latest release that includes 3.21.1 only, got mentioned in the email, which added even more confusion.

I have checked the build scan and the build itself is strictly using 3.21.1. My only option is to remove the SDK and try again, but that is not what we would like to do by any means.

We would love to do the migration.
However, It is a complete rewrite and not something we could do safely in 3 days, hence why I am trying to find a temporary solution while the migration to v4 happens on a normal sprint that goes through testing etc.

from braintree_android.

@costafotjet got it yeah that's understood. It may be a Google issue we've seen a few inbounds related to this recently and even double checked with Google recently this month. They actually helped us modify 3.21.1 to reach compliance and it has been approved for other merchants in the past.

They basically told us "as long as the artifact hasn't changed, the SDK should be compliant." And we haven't made changes to the 3.21.1 artifact so theoretically it should be compliant. They are extremely vague on their process of scanning apps for compliance.

Our best option may be to file an appeal here. If there's anything specific to your app's submission they should be able to pinpoint the root cause.

from braintree_android.

I will include this issue and responses alongside other evidence that we are compliant.

Have a feeling the review/warning is stale, and now we are running around in circles trying to fix something that will probably go away on its own on deadline day.

Thanks for the prompt responses @sshropshire

from braintree_android.

I'm just chiming in to echo everything @costafotjet has mentioned, our experience has been the same throughout.

Perhaps a minor difference in our experience was that when I initially made the update to our app to move to 3.21.1 I only submitted that change to closed beta and then production tracks (also we were upgrading from 3.17.2 as the non-compliant version).

I then received the rejection and only then moved to update the inactive tracks containing out of compliance builds, at which point I appealed and received the same messaging that my latest builds were still out of compliance.

We're currently past our deadline and waiting to hear back from support but I don't know what else to do besides trying to start the work involved in upgrading to v4.

Has anyone had success in resolving this issue by migrating to v4?

from braintree_android.

Hey @kmayoral this may be a shot in the dark, but on your branch that references Braintree Android 3.x can you try adding this line to your build.gradle file and posting the build to Google Play?

implementation 'org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-5'

The 3.x version of the SDK is officially no longer supported, however I'm looking at the dependencies linked by the latest 3.x version, and I'm hoping the above line may elevate the Gradle dependency to a more compliant version if included.

from braintree_android.

Thanks @kmayoral keep us posted. We're seeking more information from Google and they are starting to respond. We're asking for more specifics to help resolve these issues.

from braintree_android.

@sshropshire , reporting back that it seems that after a second attempt to get the same build from last night reviewed (which failed the first time around), it was accepted this time around. This was the build that updated to braintree v4 SDK.

I currently have a build in review that was submitted afterwards that contains the explicit data-collector dependency specified, and I'll report back if that somehow fails.

Ultimately though, it seems that the v3.21.1 release that Google claims will be treated as compliant is not being treated that way and only an upgrade to v4.x will resolve the issue at this time :(

Thanks all for all the help and I hope Google resolves the issue on their end for those developers who can't spend the resources to upgrade to v4 currently (it was a considerable undertaking and I'd be happy to provide some additional feedback in that regard @sshropshire , thanks!).

from braintree_android.

@kmayoral the credentials for said SDK have been shared here: #373. We are dealing with Google as well, will let you all know how it goes.

from braintree_android.

Hi @sshropshire, we have been getting this error for a while now and I can say that upgrading the cardinal package did not work. We updated the version of the cardinal package due to an error we received before, and although it appears as below in the dependency tree, we still continue to receive the error from Google.

| | +--- com.braintreepayments.api:three-d-secure:3.21.1
| | | +--- androidx.appcompat:appcompat:1.2.0 -> 1.4.1 (*)
| | | --- org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-2 -> 2.2.7-5

from braintree_android.

Hello all, I can also confirm that upgrading the cardinalmobilesdk did result in another rejection. Waiting for Google's reply.

from braintree_android.

@desxz @alvaro-ritual thanks for reporting this. We're still pressing Google for specifics.

Updating Cardinal seemed like something that could potentially fix at the time, though it appears the issue may be with the Magnes library. We'll report more information as it becomes available.

from braintree_android.

Hi folks, I don't know how but Play Store Resubmission with updating all tracks works for us today. Our app contains com.braintreepayments.api:drop-in:5.4.2 SDK (depends on com.braintreepayments.api:braintree:3.21.1).

from braintree_android.

Issue Update

Our teams are actively working with Google and investigating internally to resolve this issue and provide an updated version of the SDK. We have identified that the root cause of this violation is due to user location data access for fraud prevention purposes within an internal library. See Google’s best practices for additional information.

Upgrade to v4

Version 3 of the Braintree Android SDK has been unsupported since June 2023, and we are not able to provide any updates to this version of the SDK. This fix will only be available for versions 4 and later when available. We encourage you to begin the process to upgrade to v4 of the Braintree Android SDK to be able to include the version of the SDK that includes this fix when available.

Play Store Extension/Appeal

In the meantime, please file an appeal with the Play Store and request an extension to allow time to upgrade and for this fix to be released. These extensions may be allowed for 30-60 days. In the appeal please include that you are requesting an extension while a fix in the underlying Braintree/PayPal SDK with location access is being developed. If location is expected to be gathered based on the function of your app (ex: travel), please include that information in the appeal. After submitting the appeal, please reach out to Braintree Support with the package ID of your appeal request.

from braintree_android.

@nrferreira ok thanks. Your app's integration shouldn't require any server-side changes then. Have a look at our MIGRATION_GUIDE.md and the official docs site for details on upgrading to v4.

from braintree_android.

Hello @sarahkoop,

Thank you for the update. Can I ask when do you estimate this fix could be released?

from braintree_android.

Thanks, we got approved now 🎉
Apparently sercet was in setting roll out to 100% and not less 🤦

from braintree_android.

Hi @costafotjet thanks for using the Braintree SDK. We've gotten assurance from Google that version 3.21.1 resolves the issue in the past.

Also Google mentioned:

Please ask your merchants who believe they are only using newer/compliant versions to double-check all tracks (even private and unpublished tracks) and then to submit an appeal to Play directly.

Hopefully the above will help?

from braintree_android.

@costafotjet as an aside, would you be willing to share some of your experience upgrading to v4 of the SDK? We've received some feedback in the past about some of the migration being unclear, and we want to update our documentation to clear up any ambiguities. Any and all feedback (positive or negative) would be helpful 🙏.

from braintree_android.

@costafotjet I'm received email from google after using "com.braintreepayments.api:data-collector:3.21.0" . have you get any solution ? because today is on deadline day. @sshropshire Please update here

from braintree_android.

Hi all - we reached out to Google recently to confirm that these versions of the SDK are still compliant see comment here.

from braintree_android.

Yes please update to 3.21.1 for v3 and 4.41.0 for v4 on all tracks (public and private) in the Google Play Console.

from braintree_android.

Additionally, do you have any insight @sarahkoop on what Google's system is looking for when marking an app as out of compliance? I only ask because I know that the change that resolved compliance issues was the removal of Kount in #742 but when I decompile my app using version 3.21.1 I can still see one string reference to kountMerchantId. I would hope that Google's system would not be looking at that instance to trigger a false positive but perhaps something similar to that is going on.

Here are some attached screenshots of the decompiled code and the single reference to it.

This also makes me wonder if this could be an issue for some of us due to some incorrectly set proguard settings....

from braintree_android.

Ah, I see, that decompiled code refers to KountConfiguration.java in the 3.x branch. I see that is still referenced in the Configuration class but is always set as null.

I don't know if that could be impacting Google's analysis but that is the only reference to to kount I can find in the build that Google is claiming is non-compliant.

Also, this rules out any proguard type issue since that class can't be removed due to still being referenced by Configuration.

from braintree_android.

Hi guys, we are having the same problem with our app, did anyone manage to solve it?

from braintree_android.

Hi everyone, we are facing same policy violation problem with our React native app. Used these sdks for braintree

• com.braintreepayments.api:drop-in:5.4.0
• com.braintreepayments.api:google-payment:3.3.1
• com.braintreepayments.api:braintree:3.21.0

Please help me to fix this issue.

from braintree_android.

We managed to fix the issue by migrating to v4 - com.braintreepayments.api:paypal:4.41.1.

The warning did not go away until:

• All test tracks + production were replaced and pushed to 100% 1 day before the deadline.
• Warning was still there after the deadline. So we uploaded another build to a test track and send it for review.
• Then the warning got removed.

For anyone trying com.braintreepayments.api:braintree:3.21.1:

• This is supposed to be a compliant version.
• Google will not remove the warning before the deadline if you use this on everything besides production. Emails/appeals sent before to check if they would accept this version on production did not get anywhere constructive.
• We never risked finding out on deadline day if v3.21.1 on all tracks + prod would have worked. Your mileage may vary.

@costafotjet Thanks for your reply.

So upgrading to com.braintreepayments.api:braintree:3.21.1 will fix this issue ?

from braintree_android.

Hi @costafotjet
We are having the same issue. Could you confirm upgrading to com.braintreepayments.api:braintree:3.21.1 enough to fix this issue ?
Thank you very much for your advise.
Regards,

from braintree_android.

Also @kmayoral KountConfiguration.java is a data class maintained by Braintree. It's only used for JSON parsing, so it should be fine.

from braintree_android.

I am pretty sure all tracks were updated, even unpacking APK file marked by google shows it's using proper versions:

We tried sending appeal for this exact build yesterday - no luck, appeal got rejected with exactly same reason.
@costafotjet mentioned they got exactly same unproductive outcome from appealing:

Emails/appeals sent before to check if they would accept this version on production did not get anywhere constructive.

@sshropshire what would be your advice on appealing this? There are cleary something wrong with SDK or with google. Maybe you can provide "confirmation message" that @sarahkoop mentioned before to send them as argument?

from braintree_android.

I'm facing the same issue, we are using com.braintreepayments.api:braintree:3.21.1 and Google is complaining about com.paypal.android.sdk:data-collector lib, they are asking me to update to com.braintreepayments.api:data-collector, is there a way to enforce com.braintreepayments.api:braintree to use com.braintreepayments.api:data-collector instead of com.paypal.android.sdk:data-collector?

from braintree_android.

@Kowshika-aspire try updating to version 5.4.2 of DropIn.

@vuphamdirox updating to version 3.21.1 should be enough.

Also in Google Play, please make sure all tracks (production and test) are referencing the new build. This is the only explicit advice we've received from Google. It will not work unless all tracks reference your latest build with the up to date Braintree versions.

@sshropshire Updated drop-in to 5.4.2. But still got policy violation issue,

This is our build.gradle file. Any suggestions please ?

from braintree_android.

@Kowshika-aspire try updating to version 5.4.2 of DropIn.
@vuphamdirox updating to version 3.21.1 should be enough.
Also in Google Play, please make sure all tracks (production and test) are referencing the new build. This is the only explicit advice we've received from Google. It will not work unless all tracks reference your latest build with the up to date Braintree versions.

@sshropshire Updated drop-in to 5.4.2. But still got policy violation issue,

This is our build.gradle file. Any suggestions please ?

@kmayoral #914 (comment)
From my understanding:
I think we have to follow steps here to upload the build with upgraded to version 3.21.1 to all tracks ( internal/ alpha/beta testing and production) because Google play scan on all tracks

The email looks like potentially all apps and tracks have not been updated. Can you please try the following and confirm if the issue still exists:

Note: If you are seeing Google Play Store flag your APK after updating to the latest version of our SDK, please try following these steps:

Go to your Play Console
Select the app
Go to App bundle explorer
Select the violating APK/app bundle's App version at the top right dropdown menu, and make a note of which releases they are under
Go to the track with the violation. It will be one of these 4 pages: Internal / Closed / Open testing or Production
Near the top right of the page, click Create new release. (You may need to click Manage track first) If the release with the violating APK is in a draft state, discard the release
Add the new version of app bundles or APKs
Make sure the non-compliant version of app bundles or APKs is under the Not included section of this release
To save any changes you make to your release, select Save
When you've finished preparing your release, select Review release, and then proceed to roll out the release to 100%.
If the violating APK is released to multiple tracks, repeat steps 5-9 in each track

from braintree_android.

@vuphamdirox Thanks for your reply.

We still got this issue for latest bundle with drop-in 5.4.2.

Any suggestions ?

from braintree_android.

@vuphamdirox , thanks for your reply. Just as several others and myself have mentioned though, all tracks have been updated and we keep getting notified by Google that the version code bundle containing the 3.21.1 fix is still non-compliant.

from braintree_android.

So far there's no solution to this issue? Are we supposed to sit back and relax while our apps are being rejected.

from braintree_android.

It seems that the only verified solution by @costafotjet was to update to the 4.x version of this repo. I can confirm that my bundles which contain the 3.21.1 release have been blocked and marked as non-compliant by Google (the package version code called out by google matches my 3.21.1 enabled release) so I'll be starting work on upgrading to 4.x tomorrow.

from braintree_android.

@BunnyBuddy @kmayoral we have reached out to Google as well and we're waiting to hear back. We were told this issue (due to a 3rd party dependency that we've since removed) was resolved. As soon as we receive more information we will report back here.

In the meantime, I would file an appeal in the Google Play console so that we can get more eyes on the issue.

from braintree_android.

Thanks for the suggestion @sshropshire. I tried adding that dependency into my app but it looks like it's not served from public maven repositories. I found a few threads on this github issue board related to specifying certain credentials and urls to be able to access but I feel like this might be going down the wrong path seeing how when I run gradle app:dependencies now I don't see that dependency referenced within my app or its depdendencies.

Ultimately, I think it might be related to Google's requirement that com.paypal.android.sdk:data-collector be updated to com.braintreepayments.api:data-collector package:

Paypal Data Collector com.paypal.android.sdk:data-collector: Consider upgrading to version com.braintreepayments.api:data-collector:3.21.0 of the SDK.

whereas I can see in my deps that the current version is com.paypal.android.sdk:data-collector:3.21.1

|    +--- com.braintreepayments.api:braintree:3.21.1
|    |    +--- androidx.appcompat:appcompat:1.2.0 -> 1.6.1 (*)
|    |    +--- com.braintreepayments.api:google-payment:3.3.1
|    |    +--- com.braintreepayments.api:core:3.21.1
|    |    |    \--- com.braintreepayments:browser-switch:1.2.0
|    |    |         +--- androidx.annotation:annotation:1.1.0 -> 1.6.0 (*)
|    |    |         +--- androidx.appcompat:appcompat:1.2.0 -> 1.6.1 (*)
|    |    |         \--- androidx.fragment:fragment:1.2.5 -> 1.6.1 (*)
|    |    \--- com.paypal.android.sdk:paypal-one-touch:3.21.1
|    |         +--- com.braintreepayments.api:core:3.21.1 (*)
|    |         \--- com.paypal.android.sdk:data-collector:3.21.1

If you have thoughts or think that it'd still be worthwhile to attempt the change you suggested, let me know, thanks again!

from braintree_android.

@kmayoral ok yes I would say add this as well for good measure:

implementation 'com.braintreepayments.api:data-collector:3.21.1'

This should force Gradle to pick the most up-to-date version. com.paypal.android.sdk:data-collector is a separate dependency in 3.x so they aren't interchangeable. It's one of the parts we cleaned up in v4.

We're looking to cover all bases here since we don't have explicit guidance from Google, but we did receive word that one of our merchants mentioned Cardinal SDK being cited as a possible compliance violation.

from braintree_android.

@sshropshire I am having the same issue as others have noted above. I tried just now to add the data-collector implementation explicitly, and so have a gradle file containing the following:

    implementation "com.braintreepayments.api:braintree:3.21.1"
    implementation 'com.braintreepayments.api:data-collector:3.21.1'

I am still getting

SDK: Paypal Data Collector com.paypal.android.sdk:data-collector (consider upgrading to version com.braintreepayments.api:data-collector:3.21.0)

From the Play Store. I've reached out to them in the appeal process and they gave what seemed to be a bit of an automated response, that says to update to 3.21.0. I've also used gradle to analyze dependencies to see if anything else may have been including the sdk, but could not find it. Any other ideas?

from braintree_android.

Sorry for the lack of updates @sshropshire , I went ahead and started the work to migrate to v4 but have been running into issues.

We use braintree exclusively for PayPal vault support, but when I go to use v4 to handle my paypal flow, I don't see the callbacks being triggered. I can go to the browser, login to paypal and select my payment but when the window closes and I'm redirected back to my app, no PayPalListener callbacks trigger.

If I update my activity to set a launchMode of singleTask I am able to verify that the onNewIntent() method is called and contains a successful uriString of the format ${appPackage}.braintree://onetouch/v1/success?token=<token>&ba_token=<token2> but calling intent = newIntent in the onNewIntent callback doesn't appear to forward that on to any part of the braintree SDK as far as I can tell. Do I need to include any other braintree dependencies to get this to work? I'm just using the paypal dep currently. Thanks for any help and I'm happy to create a new issue for this if it helps!

from braintree_android.

Hmm, for some reason, I had to manually parse the intent myself via code like this to get it to register:

  fun onNewIntent(newIntent: Intent?) {
    payPalClient?.parseBrowserSwitchResult(activity, newIntent)?.let {
      payPalClient?.onBrowserSwitchResult(it) { nonce, error ->
        if (nonce != null) {
          onPayPalSuccess(nonce)
        } else if (error != null) {
          onPayPalFailure(error)
        }
      }
    }
  }

Not sure the details of why, but I'll go with it for now....

from braintree_android.

Well I spent the day updating from v3 to v4 which was quite a task but I was finally able to create new builds and attach them to all tracks and submit for review...only to get another rejection a few minutes ago.

My braintree deps look like this now:

|    |    |    +--- com.braintreepayments.api:card:4.41.0
|    |    |    |    +--- com.braintreepayments.api:braintree-core:4.41.0
|    |    |    |    |    +--- com.braintreepayments.api:browser-switch:2.6.1
|    |    |    |    |    |    +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.7.10 -> 1.9.0 (*)
|    |    |    |    |    |    +--- androidx.annotation:annotation:1.2.0 -> 1.6.0 (*)
|    |    |    |    |    |    +--- androidx.appcompat:appcompat:1.3.1 -> 1.6.1 (*)
|    |    |    |    |    |    \--- androidx.browser:browser:1.5.0 (*)
|    |    |    |    |    +--- com.braintreepayments.api:shared-utils:4.41.0
|    |    |    |    |    |    +--- androidx.annotation:annotation:1.2.0 -> 1.6.0 (*)
|    |    |    |    |    |    \--- org.jetbrains.kotlin:kotlin-stdlib:1.7.10 -> 1.9.22 (*)
|    |    |    |    |    +--- androidx.appcompat:appcompat:1.3.1 -> 1.6.1 (*)
|    |    |    |    |    +--- androidx.work:work-runtime:2.7.0-alpha05 -> 2.8.1 (*)
|    |    |    |    |    +--- androidx.core:core-ktx:1.1.0 -> 1.10.1 (*)
|    |    |    |    |    +--- org.jetbrains.kotlin:kotlin-stdlib:1.7.10 -> 1.9.22 (*)
|    |    |    |    |    \--- androidx.room:room-runtime:2.2.6 -> 2.6.1 (*)
|    |    |    |    +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.7.10 -> 1.9.0 (*)
|    |    |    |    \--- androidx.annotation:annotation:1.2.0 -> 1.6.0 (*)
|    |    |    +--- com.braintreepayments.api:paypal:4.41.0
|    |    |    |    +--- com.braintreepayments.api:braintree-core:4.41.0 (*)
|    |    |    |    +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.7.10 -> 1.9.0 (*)
|    |    |    |    +--- androidx.appcompat:appcompat:1.3.1 -> 1.6.1 (*)
|    |    |    |    \--- com.braintreepayments.api:paypal-data-collector:4.41.0
|    |    |    |         +--- com.braintreepayments.api:braintree-core:4.41.0 (*)
|    |    |    |         +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.7.10 -> 1.9.0 (*)
|    |    |    |         \--- androidx.annotation:annotation:1.2.0 -> 1.6.0 (*)

So I'm not sure why Google is still rejecting it, but I do see there is a paypal-data-collector (com.braintreepayments.api:paypal-data-collector:4.41.0), would that require any updates perhaps?

from braintree_android.

What's weird is that the rejection message references the bundle version for the release that is already in production, not the one I submitted for review. I'll resubmit in case there was some sort of blip or mistake on my part....

from braintree_android.

Thanks @sshropshire, we have multiple apps and they've all been rejected even after updating to v4 and having these dependencies set:

payment-braintree = { group = "com.braintreepayments.api", name = "card", version = "4.41.0" }
payment-braintreePaypal = { group = "com.braintreepayments.api", name = "paypal", version = "4.41.0" }

Those are the only dependencies we set and yet we're still getting errors that seem to be related to previous builds we submitted as the latest builds don't even feature the v3 classes they're referencing in their "how to fix" message.

Please let me know if you hear anything back from Google, thanks

from braintree_android.

Next build attempt started which adds data-collector to our dep list explicitly (even though our current implementation doesn't even reference it) like so:

payment-braintree = { group = "com.braintreepayments.api", name = "card", version = "4.41.0" }
payment-braintreeDataCollector = { group = "com.braintreepayments.api", name = "data-collector", version = "4.41.0" }
payment-braintreePaypal = { group = "com.braintreepayments.api", name = "paypal", version = "4.41.0" }

and

  implementation(libs.payment.braintree)
  implementation(libs.payment.braintreeDataCollector)
  implementation(libs.payment.braintreePaypal)

Producing this depedencies output, but I don't know how this won't be stripped out in the R8 step, but we'll see if this shot in the dark works....

 +--- com.braintreepayments.api:card:4.41.0
|    |    |    |    +--- com.braintreepayments.api:braintree-core:4.41.0
|    |    |    |    |    +--- com.braintreepayments.api:browser-switch:2.6.1
|    |    |    |    |    |    +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.7.10 -> 1.9.0 (*)
|    |    |    |    |    |    +--- androidx.annotation:annotation:1.2.0 -> 1.6.0 (*)
|    |    |    |    |    |    +--- androidx.appcompat:appcompat:1.3.1 -> 1.6.1 (*)
|    |    |    |    |    |    \--- androidx.browser:browser:1.5.0 (*)
|    |    |    |    |    +--- com.braintreepayments.api:shared-utils:4.41.0
|    |    |    |    |    |    +--- androidx.annotation:annotation:1.2.0 -> 1.6.0 (*)
|    |    |    |    |    |    \--- org.jetbrains.kotlin:kotlin-stdlib:1.7.10 -> 1.9.22 (*)
|    |    |    |    |    +--- androidx.appcompat:appcompat:1.3.1 -> 1.6.1 (*)
|    |    |    |    |    +--- androidx.work:work-runtime:2.7.0-alpha05 -> 2.8.1 (*)
|    |    |    |    |    +--- androidx.core:core-ktx:1.1.0 -> 1.10.1 (*)
|    |    |    |    |    +--- org.jetbrains.kotlin:kotlin-stdlib:1.7.10 -> 1.9.22 (*)
|    |    |    |    |    \--- androidx.room:room-runtime:2.2.6 -> 2.6.1 (*)
|    |    |    |    +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.7.10 -> 1.9.0 (*)
|    |    |    |    \--- androidx.annotation:annotation:1.2.0 -> 1.6.0 (*)
|    |    |    +--- com.braintreepayments.api:data-collector:4.41.0
|    |    |    |    +--- com.braintreepayments.api:braintree-core:4.41.0 (*)
|    |    |    |    +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.7.10 -> 1.9.0 (*)
|    |    |    |    +--- androidx.annotation:annotation:1.2.0 -> 1.6.0 (*)
|    |    |    |    \--- com.braintreepayments.api:paypal-data-collector:4.41.0
|    |    |    |         +--- com.braintreepayments.api:braintree-core:4.41.0 (*)
|    |    |    |         +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.7.10 -> 1.9.0 (*)
|    |    |    |         \--- androidx.annotation:annotation:1.2.0 -> 1.6.0 (*)
|    |    |    +--- com.braintreepayments.api:paypal:4.41.0
|    |    |    |    +--- com.braintreepayments.api:braintree-core:4.41.0 (*)
|    |    |    |    +--- org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.7.10 -> 1.9.0 (*)
|    |    |    |    +--- androidx.appcompat:appcompat:1.3.1 -> 1.6.1 (*)
|    |    |    |    \--- com.braintreepayments.api:paypal-data-collector:4.41.0 (*)

from braintree_android.

Okay we finally got through.

First of all I had to update all the code utilizing Data Collector and Drop-In (because my code was fine uptill Drop-in 5.4.2 but not 6.13.0, had a lot of breaking changes) and changed the library version as follows.

implementation 'com.braintreepayments.api:drop-in:6.13.0'
implementation 'com.braintreepayments.api:data-collector:4.38.2'

Secondly, added this line our app's policy page "We only collect device data for Braintree (for the sole purpose of fraud detection)"

And also provided links to PayPal and Braintree's policy pages links there.

from braintree_android.

Thanks @sshropshire , I think we all can relate to it being difficult to get guidance from Google regarding app store submissions.

Thanks for the summary and suggested workarounds, I'm sure that will help those who are still stuck dealing with this issue. I would only add a request to expand upon the process for performing the update of the Cardinal dependency. I was unable to get that to work as it seems that the cardinalmobilesdk is not served by any public maven repositories. I saw older issues on this board that described repo and credentials required to access this dependency but perhaps the latest details could be shared here as there seemed to be several out of date suggestions.

Thanks again for all the help and best of luck getting some clarification from Google on this issue.

from braintree_android.

Any other updates on getting 3.2.1 approved?

from braintree_android.

Any other updates on getting 3.2.1 approved?

Nope. Tried com.braintreepayments.api:drop-in:5.4.2 and com.braintreepayments.api:drop-in:5.4.0. Same rejection.

from braintree_android.

Hi,
the upgrade of Android SDK to v4, requires any server-side updates? Because, in my case, the server-side was implemented by another company and I don't know if they could accomodate the upgrade.

Our current dependencies:

Thanks

from braintree_android.

Hi @nrferreira can you share a code snippet of your v3 data collector integration?

from braintree_android.

Hi @sshropshire, we don't have any code for data collector. We just declare this dependency:

implementation 'com.braintreepayments.api:braintree:3.21.1'

So, data-collector (and the others) are additional sub-dependencies that we don’t explicitly declare.

from braintree_android.

Hi @sarahkoop, thanks for the info.
For us the integration of the v4 has major impacts, any updates on the v3 fix availability?

from braintree_android.

I've tried version 4.44.0 - it got rejected by google.
Updated again all tracks to use 4.45.0 and just got another rejection today.

As I understand there is no working solution at the moment? So the only way to unblock releases is to remove this SDK completely?

from braintree_android.

Hi all - Thanks for your patience while we worked to resolve this issue!

Fix Versions

This fix has been released in Braintree Android 4.45.0 and Braintree Android Drop In 6.16.0.

Unsupported Versions

Version 3 of the Braintree Android SDK and version 5 of the Braintree Android Drop In SDK are unsupported, and we will not be able to update those versions - please upgrade to a supported version of the SDK for this fix.

Documentation

We are in the process of updating our developer documentation with the changes, but you can find the additional parameters added in the CHANGELOG.

Changes

A new hasUserLocationConsent parameter has been added to applicable request objects throughout the SDK.

Merchant applications are responsible for collecting user data consent. If your app has obtained consent from the user to collect location data in compliance with Google Play Developer Program policies, set hasUserLocationConsent to true. This flag enables PayPal to collect necessary information required for Fraud Detection and Risk Management.

Next Steps

Please update to the latest version of the SDK and update your integration to pass hasUserLocationConsent where available. Make sure you have updated ALL versions of your app, package, or build before re-releasing to the Play Store. If you continue to experience this issue, please include a screenshot of the rejection email from Google including the flagged library in your comment.

from braintree_android.

So is it mandatory now to ask for consent manually and pass hasUserLocationConsent: true in order for google to approve an app?

We upgraded to 4.45.0 without changing how SDK was executed and got same rejection as before:

> Configure project :ekreative_react-native-braintree
+--- project :ekreative_react-native-braintree
+--- project :ekreative_react-native-braintree
|    +--- com.braintreepayments.api:data-collector:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0
|    |    |    +--- com.braintreepayments.api:browser-switch:2.6.1
|    |    |    +--- com.braintreepayments.api:shared-utils:4.45.0
|    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0
|    |         +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:google-pay:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:paypal:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:paypal:4.45.0 (*)
|    +--- com.braintreepayments.api:three-d-secure:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0 (*)
|    |    +--- org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-5
|    \--- com.braintreepayments.api:card:4.45.0 (*)
+--- project :ekreative_react-native-braintree
+--- project :ekreative_react-native-braintree
|    +--- com.braintreepayments.api:data-collector:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0
|    |    |    +--- com.braintreepayments.api:browser-switch:2.6.1
|    |    |    +--- com.braintreepayments.api:shared-utils:4.45.0
|    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0
|    |         +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:google-pay:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:paypal:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:paypal:4.45.0 (*)
|    +--- com.braintreepayments.api:three-d-secure:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0 (*)
|    |    +--- org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-5
|    \--- com.braintreepayments.api:card:4.45.0 (*)
+--- project :ekreative_react-native-braintree
+--- project :ekreative_react-native-braintree
+--- project :ekreative_react-native-braintree
|    +--- com.braintreepayments.api:data-collector:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0
|    |    |    +--- com.braintreepayments.api:browser-switch:2.6.1
|    |    |    +--- com.braintreepayments.api:shared-utils:4.45.0
|    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0
|    |         +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:google-pay:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:paypal:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:paypal:4.45.0 (*)
|    +--- com.braintreepayments.api:three-d-secure:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0 (*)
|    |    +--- org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-5
|    \--- com.braintreepayments.api:card:4.45.0 (*)
+--- project :ekreative_react-native-braintree
+--- project :ekreative_react-native-braintree
|    +--- com.braintreepayments.api:data-collector:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0
|    |    |    +--- com.braintreepayments.api:browser-switch:2.6.1
|    |    |    +--- com.braintreepayments.api:shared-utils:4.45.0
|    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0
|    |         +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:google-pay:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:paypal:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:paypal:4.45.0 (*)
|    +--- com.braintreepayments.api:three-d-secure:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0 (*)
|    |    +--- org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-5
|    \--- com.braintreepayments.api:card:4.45.0 (*)
+--- project :ekreative_react-native-braintree
+--- project :ekreative_react-native-braintree
|    +--- com.braintreepayments.api:data-collector:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0
|    |    |    +--- com.braintreepayments.api:browser-switch:2.6.1
|    |    |    +--- com.braintreepayments.api:shared-utils:4.45.0
|    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0
|    |         +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:google-pay:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:paypal:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:paypal:4.45.0 (*)
|    +--- com.braintreepayments.api:three-d-secure:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0 (*)
|    |    +--- org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-5
|    \--- com.braintreepayments.api:card:4.45.0 (*)
+--- project :ekreative_react-native-braintree
+--- project :ekreative_react-native-braintree
|    +--- com.braintreepayments.api:data-collector:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0
|    |    |    +--- com.braintreepayments.api:browser-switch:2.6.1
|    |    |    +--- com.braintreepayments.api:shared-utils:4.45.0
|    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0
|    |         +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:google-pay:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:paypal:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:paypal:4.45.0 (*)
|    +--- com.braintreepayments.api:three-d-secure:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0 (*)
|    |    +--- org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-5
|    \--- com.braintreepayments.api:card:4.45.0 (*)
+--- project :ekreative_react-native-braintree
+--- project :ekreative_react-native-braintree
|    +--- com.braintreepayments.api:data-collector:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0
|    |    |    +--- com.braintreepayments.api:browser-switch:2.6.1
|    |    |    +--- com.braintreepayments.api:shared-utils:4.45.0
|    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0
|    |         +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:google-pay:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:paypal:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:paypal:4.45.0 (*)
|    +--- com.braintreepayments.api:three-d-secure:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0 (*)
|    |    +--- org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-5
|    \--- com.braintreepayments.api:card:4.45.0 (*)
+--- project :ekreative_react-native-braintree
+--- project :ekreative_react-native-braintree
|    +--- com.braintreepayments.api:data-collector:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0
|    |    |    +--- com.braintreepayments.api:browser-switch:2.6.1
|    |    |    +--- com.braintreepayments.api:shared-utils:4.45.0
|    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0
|    |         +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:google-pay:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:paypal:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:paypal:4.45.0 (*)
|    +--- com.braintreepayments.api:three-d-secure:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0 (*)
|    |    +--- org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-5
|    \--- com.braintreepayments.api:card:4.45.0 (*)
+--- project :ekreative_react-native-braintree
+--- project :ekreative_react-native-braintree
+--- project :ekreative_react-native-braintree
|    +--- com.braintreepayments.api:data-collector:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0
|    |    |    +--- com.braintreepayments.api:browser-switch:2.6.1
|    |    |    +--- com.braintreepayments.api:shared-utils:4.45.0
|    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0
|    |         +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:google-pay:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:paypal:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:paypal:4.45.0 (*)
|    +--- com.braintreepayments.api:three-d-secure:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0 (*)
|    |    +--- org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-5
|    \--- com.braintreepayments.api:card:4.45.0 (*)
+--- project :ekreative_react-native-braintree
+--- project :ekreative_react-native-braintree
|    +--- com.braintreepayments.api:data-collector:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0
|    |    |    +--- com.braintreepayments.api:browser-switch:2.6.1
|    |    |    +--- com.braintreepayments.api:shared-utils:4.45.0
|    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0
|    |         +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:google-pay:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:paypal:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:paypal:4.45.0 (*)
|    +--- com.braintreepayments.api:three-d-secure:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0 (*)
|    |    +--- org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-5
|    \--- com.braintreepayments.api:card:4.45.0 (*)
+--- project :ekreative_react-native-braintree
+--- project :ekreative_react-native-braintree
|    +--- com.braintreepayments.api:data-collector:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0
|    |    |    +--- com.braintreepayments.api:browser-switch:2.6.1
|    |    |    +--- com.braintreepayments.api:shared-utils:4.45.0
|    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0
|    |         +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:google-pay:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:paypal:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:paypal:4.45.0 (*)
|    +--- com.braintreepayments.api:three-d-secure:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0 (*)
|    |    +--- org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-5
|    \--- com.braintreepayments.api:card:4.45.0 (*)
+--- project :ekreative_react-native-braintree
+--- project :ekreative_react-native-braintree
|    +--- com.braintreepayments.api:data-collector:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0
|    |    |    +--- com.braintreepayments.api:browser-switch:2.6.1
|    |    |    +--- com.braintreepayments.api:shared-utils:4.45.0
|    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0
|    |         +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:google-pay:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:paypal:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    |    \--- com.braintreepayments.api:paypal-data-collector:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0
|    |    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    +--- com.braintreepayments.api:paypal:4.45.0 (*)
|    +--- com.braintreepayments.api:three-d-secure:4.45.0
|    |    +--- com.braintreepayments.api:braintree-core:4.45.0 (*)
|    |    +--- com.braintreepayments.api:card:4.45.0 (*)
|    |    +--- org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-5
|    \--- com.braintreepayments.api:card:4.45.0 (*)
+--- project ekreative_react-native-braintree (n)

from braintree_android.

@olessavluk The version of data collector (3.21.0) included in the email from Google is from the previous Braintree SDK version - so this looks like there are still tracks or versions of your app that have not been fully updated. The below steps may help to fully update your app with the latest version:

from braintree_android.

@sarahkoop thank you for providing the updates while we have the same issue when updating braintree SDK. We are doing an e-shop App.
Now, our app dev says there will be a location permission popup to ask the user to 'Allow App to access location'. What if the user clicks 'Deny' then the SDK would never launch which means the user cannot pay. Is it how it works?

I mean as a user experience point of view by adding a location permission popup is weird before payment. And is there any way to bypass collecting user location data to allow the user to pay (launch SDK) when the user clicks 'Deny'?

Thanks

from braintree_android.

@sarahkoop thank you for providing the updates while we have the same issue when updating braintree SDK. We are doing an e-shop App. Now, our app dev says there will be a location permission popup to ask the user to 'Allow App to access location'. What if the user clicks 'Deny' then the SDK would never launch which means the user cannot pay. Is it how it works?

I mean as a user experience point of view by adding a location permission popup is weird before payment. And is there any way to bypass collecting user location data to allow the user to pay (launch SDK) when the user clicks 'Deny'?

Thanks

If your app does not have consent to collect user location data (for example, if the user has "denied" the pop-up), then pass false for the hasUserLocationConsent parameter. This will still allow the SDK to be used for payment, but will not allow user location data to be collected for Fraud Protection and Risk Management.

from braintree_android.