Most write-ups about shipping an Android app focus on the build pipeline. The thing that actually eats your weekend is the Data Safety form in the Play Console.
If you have not filled it out before, here is what to expect.
Why it stalls so many releases
The form looks short on the surface. A few yes/no questions about data collection. But the rules behind those questions are dense, and Google quietly rejects drafts that have any of the following:
- A question left blank, even if it does not apply
- A declared SDK that handles user data without a matching disclosure
- A deletion request toggle set to off when your app actually has account features
- Conflicting answers between data collection and data sharing sections
None of those throw a clear error. You hit submit, the draft sits, then the email comes back hours later asking you to re-check section 4.2. Lose another day.
The settings I now check before opening the form
- Pull a fresh dependency tree and note every third-party SDK in the release build. Firebase, AdMob, analytics tools, crash reporters all need to be declared.
- Re-read the deletion request rules if your app has any account-style flow. If users can sign in, you almost certainly need a deletion path declared, even for a side project.
- Map each data type your app touches to one of Google's predefined categories before opening the form. Doing this in a notepad first saves a lot of back and forth.
- Check encryption in transit and at rest. The encryption questions trip up devs who use Firebase but never thought about how data flows to it.
Why I built around this
I got tired of losing release weekends to the same form. IOn Emit handles the Play Console submission flow end to end, including the data safety section, screenshot sizing, signing key setup, and the steps that the official docs gloss over. Freemium, runs locally on desktop.
Link: https://theionproject.com/ionemit
If you have your own data safety horror story, drop it in the comments. Half the value of these threads is comparing the weird rejection reasons everyone has hit.
Top comments (1)
Cosigned on the dependency-tree pull. One thing I'd add: if your app's differentiator is that it's local-only, the form's framing actually penalizes honesty. I just shipped a screen-off camera app where literally nothing leaves the device, and the binary "is data collected?" yes/no questions made it surprisingly hard to communicate "no, really, none of this is collected" without it looking suspicious. Ended up leaning hard on the optional explainer field for almost every section.
Did Google ever push back on the encryption-at-rest answer for the case where the app never persists user data off-device at all? That one tripped me up — the question presumes a server-side store that doesn't exist, and "N/A" isn't an option.—