Julien Reszka
Love Score got banned from the Google Play Store today.
Thomas Jannaud and I built it in 2014. It reads SMS metadata (who you message, how often, in which direction) and plots your contacts on a two-axis chart of balance and passion. No message content. No server. No account. Everything ran on the device.
The app had no internet permission in the manifest. It could not have sent data anywhere even if we had wanted it to. The analysis was local. The output was local. Nothing left the phone.
Google banned it anyway. The reason was that it accessed SMS data.
Not that it misused it. Not that it transmitted it. Not that it violated any specific user's privacy. The category of data was sufficient.
What this makes clear:
- Platform policies are written around categories, not behaviors. "Accesses SMS" is a category. What you do with that access is irrelevant to enforcement.
- Being technically harmless is not a defense. The policy is not about harm. It is about liability surface for the platform.
- On-device processing does not protect you from platform rules. The distinction between local and server-side matters to engineers. It does not map onto platform policy language.
- There is no appeals process that a small developer can meaningfully engage with. The ban is the decision.
- If your product depends on a data category a platform considers sensitive, you should assume access can be revoked at any time regardless of how you use it.
I am not angry about it. The decision is consistent with how large platforms manage risk. They do not have the capacity to audit intent or implementation for every app. They draw broad lines and enforce them uniformly.
But it is worth being clear about what happened: a privacy-respecting app with no network access was removed for accessing a sensitive data category. The fact that it was doing so in the most privacy-preserving way possible was not part of the evaluation.
Discussion