Google Play compliance — rejection fixes
Use this checklist after the May 20, 2026 rejection for com.doadzikirandroid.
1. Invalid Privacy Policy (User Data policy)
What Google requires
- A public HTTPS URL that loads a dedicated privacy policy (not a 404, not only a generic homepage).
- The policy must describe what data the app collects, why, how it is shared, and how users can contact you.
- The Data safety form in Play Console must match the policy and the app’s actual behavior.
What we added in this repo
| File | Purpose |
|---|---|
| privacy-policy.html | Full policy text (English + Indonesian summary) |
Host the policy (required before resubmit)
The site is deployed on Cloudflare Pages (deploy guide in pages/). Policy URL:
https://doadzikir.novalagung.com/privacy-policy.html
- Push to
main(Cloudflare runsnpm run build:pageand publishespages/). - Confirm the URL loads in an incognito browser.
- In Play Console → App content → Privacy policy, paste that URL.
Data safety form (Play Console → App content → Data safety)
Declare to match the app:
| Data type | Collected? | Shared? | Purpose | Notes |
|---|---|---|---|---|
| Approximate location | Yes, optional | Yes, with Al Adhan API | App functionality (prayer times) | Only when user enables prayer reminders |
| App interactions (favorites, settings) | Yes | No | App functionality | Stored on device only |
| Device or other IDs | No | — | — | App does not use advertising IDs |
| Personal info (name, email, etc.) | No | — | — | No accounts |
- Data is encrypted in transit: Yes (HTTPS to Al Adhan).
- Users can request deletion: Yes — uninstall or clear app storage (explain in form).
- Data is not sold.
2. Target API level warnings / rejection
Cause
The legacy app in doadzikir-legacy used targetSdkVersion 22. Play requires target API 33+ (enforced since Aug 31, 2023) and warns when the published binary targets lower APIs.
The React Native rewrite in this repo already sets:
// android/build.gradle
targetSdkVersion = 36
compileSdkVersion = 36
What you must do
- Build a new release AAB from this project (not the legacy folder).
- Increment
versionCodeinandroid/app/build.gradleabove whatever is live on Play. - Upload the new
.aabto Internal testing or Production.
Verify targetSdk in the bundle (before upload)
From project root, after bundleRelease:
# Requires Android SDK build-tools (bundletool or aapt2)
cd android/app/build/outputs/bundle/release
unzip -p app-release.aab base/manifest/AndroidManifest.xml | strings | grep -i targetSdk || true
Or in Play Console, after upload, check the release details for Target API level — it should show 35 or 36, not 22.
One-shot release build
npm run generate:content && cd android && ./gradlew --stop && ./gradlew clean bundleRelease
Output: android/app/build/outputs/bundle/release/app-release.aab
3. Resubmission order
- Deploy site on Cloudflare Pages and confirm privacy policy URL works.
- Update Privacy policy URL in Play Console.
- Complete Data safety to match privacy-policy.html.
- Bump
versionCode/versionNameinandroid/app/build.gradle. - Build and upload new
app-release.aabfrom this repo. - Add release notes (e.g. React Native rewrite, API 36, privacy policy update).
- Submit for review.
4. Permissions declared (for store review)
See android/app/src/main/AndroidManifest.xml:
INTERNET— prayer times API when reminders enabledPOST_NOTIFICATIONS— local remindersACCESS_FINE_LOCATION/ACCESS_COARSE_LOCATION— optional, for prayer reminders only