Ask HN: Play Store removed our app, but allows WhatsApp
About two weeks ago, Google Play banned updates to our app from the Play Store citing this section of their Policy, here: https://play.google.com/about/privacy-security-deception/use...
We complied. This is how the screen looked before the change: https://imgur.com/a/o4Cvh7F
Here's how it looked after the change: https://imgur.com/a/gHP8BDR
We were approved after the change. However 3 days later, we were removed from the Play Store. So now no one can download our app, or update their app if they have a buggy outdated version.
Despite regular appeals, Google keeps redirecting us to the policy above.
Today I checked how WhatsApp handled user uploads, as it's the same thing we do; sync contacts on each launch(we don't sync when the app is not being used though). Here's how WhatsApp looks: https://vimeo.com/user112475576/review/406480240/9ca7c4e2c1
Can anyone help us with what should we do? With the COVID crisis our users are unable to depend on us for their daily spends. We're are the primary credit card for a lot of them, and not being able to service them now, is making us look bad.
76 comments
[ 2.8 ms ] story [ 143 ms ] threadAre you saying you contact the user's contacts to try to get them to pressure the user to pay their bill?
---
I read through your TOS and it looks like this is the relevant line:
> In case of default or late payment, GalaxyCard reserves the right to use suitable means to collect dues including electronic and or physical communication to the debtor and the debtor's known contacts
I think this is a digusting practice, and I am not surprised Google is blocking your app. This is nothing like what WhatsApp does - in fact I don't know of any service at all that does this.
We do this to prevent having to file legal cases against the users as those can drag on for very long in India and are a pain for both parties
Your app is uploading users' [Contact] information to [URL] without a prominent disclosure. Prior to the collection and transmission, it must prominently highlight how the user data will be used, describe the type of data being collected and have the user provide affirmative consent for such use.
Your current tick box doesn’t say that at all. They probably want you have a nice big tick box that says:
“I agree for [company] to harass my phone contacts if I don’t repay”
Edit: And doing so in the hope that they shame or pressure your customers is awful. I agree with ccmcarey upthread: This is disgusting. Stop it.
One such example of that is that we told our users that we won't be charging them any late fee during the lockdown as we understand they have issues. We did this even before our government came up with such an option.
Why such a weird practice and not simply consider repeated failed payment as a form of cancelation?
Your problem really is your lawmakers are letting you down by allowing you to do this. The solution is to do the right thing despite what they allow.
Could you explain this sentence in more detail please.
We do this to prevent having to file legal cases against the users as those can drag on for very long in India and are a pain for both parties
I wonder if this is a case of “internet friction”: Indian people would see no problem with such a behaviour, but one “western” person would be horrified (because this part of the world has largely moved on from those practices).
This is what they told us as the reason:
Your app is uploading users' [Contact] information to [URL] without a prominent disclosure. Prior to the collection and transmission, it must prominently highlight how the user data will be used, describe the type of data being collected and have the user provide affirmative consent for such use.
This is section seems relevant. It could be argued that whatsapp's use of a user's contacts is related to directly improving the user experience and functionality of the application itself by adding those of your contacts that have whatsapp installed. Your usecase is not directly related to the functionality of the application.
So it may not fall into the unsolicited mail clause.
This is of course independent on the fact that this is a despicable practice.
I mildly participated in the preparations for GDPR in my (large) company and the sharing of third party personal data was one of the points. It was a few years back so my memory may be at fault here.
The point I am trying to make is that the person who is sharing the information takes the responsibility, not the application (which uses it as advertized, at least according to the quotes here as I did not read the tos myself).
Imagine you have a friend in debt and start receiving such notices ? They’re collecting private information on you (your name, your phone number or your email) without your consent.
IANAL but I’m pretty confident it falls under GDPR.
(Sans parler du fait que les mecs qui font ça sont quand même une belle bande d’enfoirés)
If they do not, they are to blame because they willingly shared the contacts. The app used them per their tos.
(et oui, je suis d'accord que c'est un vrai dick move, aparamment c'est une pratique courante en Inde pour ce genre d'apps)
- On strict business perspective, if your business model and your economic success rely on the ability to apply this policy, your business model has a problem.
- Google and Apple cannot cope with national specificities and their own policies are driven by western ethics and business logic. Do not expect it changes soon...
Maybe you should instead contract with; - a bank that accepts to insure your income even if your are not paid. - and a third party company in charge of recovery
> This app so far was good. Recently I has got worse. I had my dues 2days back .and they keep calling, I know it's their job but they should understand the current situation going on because of lock down. Even worse they are threatening to call all the people from my contacts lists. I don't evenknow how they got the all the contact lists.
> Dont install . One of the worst app Kindly dont ever try One of the harassing app My due date was 26mar due to lock down I was unable to pay I had inform then they started texting to my whatsApp contacts..
> One of the worst app Kindly dont ever try One of the harassing app My due date was 14 mar due to some problems I was unable to pay I had inform them On 15 th they started texting to my whatsApp contacts
> Worst service i have taken 6times loan everytime i paid on time but this time 2day late, they hacked my contacts and start sending the sms and create problem for me
---
Do not do this.
If this is truly a humanitarian issue, then then disable the contact harvesting feature
"This person you know is too poor to pay their credit card bill, can you pressure them into paying it?"
Damn. That's a new level of crazy.
Stop using unethical practices. If you use your clients contacts to spam them, to put pressure on your client, then it seems obvious that you have been removed. And this is not the same as what WhatsApp does. Their method is not quite ethical as well, but your method is way below.
Also the Google page states the following "We don't allow unauthorized publishing or disclosure of people's non-public contacts. " Arguably contacting these people is disclosing they are in a user's contacts. You do seem to breaching Google's policy.
I'm on Google's side here.
Is it possible to open source the app itself and then distribute via F-Droid?[1]
Can you provide your customers with a direct apk download? Although, you will then need to educate your customers about the "scarey" warnings about doing so. I do not have Google Play Store installed on my phone and it is an annoyance when app developers do not provide a direct apk download.
Initially, from an ease of update point of view, I guess neither option is quite as convenient as the Play Store. However, once you've broken your reliance on Google to distribute your application, you'll never have to deal with such a situation again.
[1] https://f-droid.org/
- first is compliance with Google's term. Obviously, you don't say that the USER's contact will be contacted when the USER bill is out of time and the USER doesn't pay... so your USER might not have understood that this will be the case. I think that you should be clearer about the consequences of allowing your app to access the USER contact list.
- second, the morality of the app: obviously, some people in occidental (US / europe) countries might find the app principle awful... because we rely more on Justice than peer-to-peer social pressure. But it's more a cultural difference. If the principle is agreed between the people giving and receiving money... why not ? (I guess that the people giving the money is the one requiring the USER to download the app... Am I right ?)
BTW: what happens if the people receving the money desinstall the app ? Or empty its contact list ? Or has no contact ?
If I would like to trick your system, I would fill my contact list with garbage, get the money, spend it, then let you contact these garbage contact... Or do you require contacts to use your app too (forced "net effect") ?
Anyway: nothing common with WhatsApp
I think your misunderstanding the model. You borrow money from this company using this app that harvests your contacts without explicitly stating why. If you don't repay the loan this company starts spamming and harassing your contacts forcing them to pressure you into repaying your loan.
Personally I can see no other way to read it.
“I understand that my contacts will be uploaded and saved on GalaxyCard, and that they will be used to calculate my eligibility and remind me of my bills.”
Note the use of ‘remind me of my bills’ at the end of that sentence. If this company truly wanted to be clear, they could have written that:
“I understand that my contacts will be uploaded and saved to GalaxyCard, where they will be used for two major reasons. First, they will be used to verify that I am eligible for this service. Second, if I am late to pay my bills, I understand that GalaxyCard will contact my contacts to tell them that I have not paid my bills.”
That is significantly more clear as it specifically states they will contact your contacts if you are late.
They pointed to another app that does this as an example of what they do. The reviews from that app indicate that coming out and saying they are delinquent is exactly what they do.
“We first contact the user if they don't pay despite calls/emails/push notification/sms for 45 days. Then we warn them for 15 days that their contacts will be asked to remind them of the bill, as per the terms. Finally we contact the contacts.“
This company specifically contacts the contacts to remind the delinquent person of their bill. I don’t think that warning is very good in light of this practice. Do you?
- You are right. We are not doing something out the jurisdiction. The contacts notified are the ones who have agreed to be sent "promotional" messages. So we don't spam these people. We are also working on something to make the loans a "group" loan that will make it a requirement for other people to be "fiscally" responsible for your unpaid loan
We run an algorithm which tries to ascertain that the contacts list is not fake/empty. Uninstalling the app would only prevent us from getting new contacts, and ability to notify you of your pending bills via push notification.
The commonality I was referring to is not having a "Checkbox" before uploading contacts as is required by Play Store.
First, afaik WhatsApp doesn't store your contacts but checks if they're available on WhatsApp.
Second, it most definitely doesn't contact them.
You'll get no sympathy if a private business will remove you from their store.