
As an overseas company, the ban of Google Play developer account is probably one of the problems that everyone least wants to encounter. Once the account is banned, it is highly likely that it cannot be restored. There are several common reasons for account ban, among which the account association with opaque rules ranks first.
Malware
Deceptive behavior
High risk
Account association
Others (repeated violations, infringement, etc.)
Many financial companies have experienced account bans, so how to prevent account association has also become a focus of general research in the industry. To prevent account association, you must first understand what is the review mechanism of Google Play account association?
Google Play’s review team is closed, and people outside the review team of Google know little about Google Play’s risk control review strategy. The following is the conclusion drawn from our years of practical experience and some discussions with friends, not the official interpretation of Google.
Google Play account association review mechanism
1、Play account information review
- Account password
- Name and phone number
- Registration email and auxiliary email
- Payment card information (do not use virtual cards)
- Debit card information (do not use virtual cards)
- Machine identification
- Browser
- Network environment
- Repeated violations
- User complaints
2、Play Console Submission Review
3、App package review
- Server IP address and domain name (domain name subject)
- Api interface information (fields and structure)
- SSL certificate (SSL certificate subject)
- App information:
- Code review (machine review):
- UI interface
- Adjsut/Appsflyer and other third-party attribution
- Firebase
- Google Ads/Analysis and other Google third-party
- Admob
- Other third-party accounts
- Service email
- Customer service phone number
- Contact address
- Other information
Regarding the account association review mechanism, we will discuss it from three aspects this time: Google Play account information review, Google Play Console review material review, and App package review.
Google Play account information review
(1) For account registration information, you need to pay attention to the account password, name, phone number, registration email and auxiliary email, payment card information, receiving card information, etc., especially payment card information. Do not use one card for multiple purposes or use a virtual card. Account passwords are also easily overlooked. Due to personal habits, we may use one password for a certain type of account, but this is also extremely dangerous.
(2) The problem at the IP level is more complicated but cannot be ignored. Most of the IPs we use come from third parties. Due to the limitation of the number of IPv4, many IPs will be reused, and even some IPs will be used by multiple people, even though these people use different application packages. , but Google can still associate it and remove it from the shelves. It is speculated that Google has established a powerful IP database to ensure that the IP of the listed application is independent and reliable. Therefore, we should try our best to ensure that the IP of our account registration and login is clean to reduce the risk of ban caused by account association. The IP problem is the most important issue, and the specific measures for IP prevention will be explained separately later.
(3) Account behavior is relatively abstract. Imagine that if the registration time of several developer accounts is very close, and the registration behavior patterns are very similar, such as the order and speed of filling in information, the frequency of clicks, the fingerprint and IP of the device, etc., these are obvious and easy to increase the risk of association. Many account merchants use automated tools to register, so for account registration, we try to register the account ourselves or find a reliable account merchant to buy it.
(4) Operating environment, that is, machine identification, browser environment, network environment, etc.
(5) Account reputation, Google Play will establish a separate reputation rating system for each developer, and evaluate it based on its historical application violation records, user reviews and complaints and other factors. Developer accounts with high reputation will be reviewed faster and have a lower probability of being banned. Those with low reputation need to undergo more stringent review. Many old accounts were suddenly found to have account associations, that is, because of their own repeated violations, their developer account reputation dropped to the threshold of Google Play’s strict inspection, thus triggering a stricter review. Therefore, in daily work, we must try to reduce violations, take user complaints seriously, and manage sensitive words in the Google Play comment area, especially sensitive words such as “fake activities”, “high interest rates”, “fraud”, and “deception”. GP will scan them regularly. Such comments must be responded to and appeased. If necessary, such complaining customers can be located and marked for manual intervention.
Review of Google Play Console submission materials
Regarding Google Play Console submission materials, that is, filling in the content in the Google Play backend, is also one of the account association inspection items.
(1) For the App name, Logo, top picture, five pictures and promotional videos, they must be remade.
(2) In terms of metadata, rewrite as much as possible to keep it different from the original package.
(3) For the privacy agreement, it is best to create a new web interface style to declare and ensure that the content is different.
(4) The developer information and contact information provided to Google must be brand new.
(5) Google Play review accounts and internal tester accounts are often overlooked. New packages must create new review accounts. The internal tester email address, i.e. the Google test account, must be a new and clean Google account.
(6) Financial products and services can be provided as required. If false information is found or minor actions are passed, repeated warnings may result in strict review and account association suspension.
(7) Sensitive permission declarations: Google Play will check whether the permissions requested by the application are reasonable and comply with Google’s permission policy. If the permissions requested by the application exceed the scope required for its function, it may cause review issues. Repeated warnings may result in strict review and account association suspension.
App package review
In addition to the association caused by account information, the association caused by App package information is also a point that needs attention. We analyze Google Play’s review of App packages from four aspects: server, client, third-party account information, and other information.
Server
(1) The server domain name and IP address must meet the one package one set principle. The domain name and IP of the problematic package cannot be reused, and the domain name subject must also be changed.
(2) The SSL certificate cannot be reused, and the certificate subject must also be changed.
(3) The interface path and Json fields and structures must also be reconstructed to avoid being the same as the problematic package.
Client
(1) First of all, in terms of App information, the App signature must be new, and the signature information must use the local compliance information of the business. The relevant information in the Manifest must also be kept single and not be the same as the historical package.
(2) Code review is also the main content of client review.
The form is mainly machine review, and the review content is java/kotlin/flutter code and api call chain, So code and api call chain, resource files, etc. During the coding process, programmers must pay special attention to not sharing code with other packages. Resource files must also be paid attention to. Google will use the hash value of the file to determine similar programs, so they must be obfuscated.
Code association is the most important part of App package review. Code isolation must be handled well, whether it is reinforcement or rewriting the code. For reinforcement, it is best to develop your own reinforcement or use customizable third-party reinforcement, because the association caused by the consistency of shell code is also a problem we have to consider. We will discuss this issue in detail in another article later.
(3) UI interface, the form is mainly machine review + human review, which is relatively easy to understand. The interface theme and business process logic of the new package must not copy the old package or other competing products, and must have your own design creativity.
(4) Third-party account information, including but not limited to Adjsut, Appsflyer, Firebase, Facebook, Google Ads/Analysis, Admob, WhatsApp, etc., must be kept in one package and one set of accounts, and do not mix them.
(5) User contact information, that is, the service email, customer service phone number, contact address, etc. provided in the privacy agreement and anywhere in the App must not be the same as the historical package. This is also a place we often overlook.

As the world’s largest Android application store, Google Play is an extremely important promotion channel for any overseas company. How to prevent account association problems is particularly important for the company’s business development. This article mainly analyzes and explains the Google Play account association review mechanism. If you have any comments or different opinions, please leave us a message.