Accrescent has certain minimum requirements for all apps submitted to it to ensure the privacy and security of its users. This page documents these requirements for developers to reference before submitting their app so they know how to best improve their chances for acceptance.
These requirements are not exhaustive and Accrescent reserves the right to modify them at any time. However, the Accrescent developers attempt to make this list as thorough as possible and give notice to developers well in advance for major requirement updates. If you see something missing or incorrect, please submit a pull request at this site's GitHub repository.
The following checks are run automatically on all apps before the developer submits them. If any of them fail, an error will show in the developer console and the app cannot be submitted.
The size of the uploaded APK set must be no more than 128 MiB.
bundletool version used to generate uploaded APK sets must be
newer to ensure Accrescent can take advantage of newer features.
Accrescent currently follows Google Play's target SDK requirements with a few major changes:
- there are no formal timeline extension requests
- Accrescent will remove apps when they don't meet the target SDK requirements for existing apps, not just make them less discoverable
android:debuggable attribute in the Android manifest must not be "true".
android:usesCleartextTraffic attribute in the Android manifest must not
be "true". This check may move to manual review in the future.
The following are checks done by reviewers in reference to this document when manually reviewing an app.
Apps may not be signed with a debug certificate. They are insecure by design and so are not permitted in Accrescent. This check will eventually be automated.
Addition of any of the following permissions in an app update will trigger a manual review and their usage will also be reviewed in new apps:
Review will fail if an app requests a permission it does not reasonably require to function or uses a permission to share sensitive user data without informed consent. More specific requirements are laid out below for the following permissions:
MANAGE_EXTERNAL_STORAGE permission may only be requested for one or more
of the following use cases:
- file management, such as for a file manager app
MANAGE_EXTERNAL_STORAGE is highly invasive and almost always unnecessary.
Developers should heavily consider using internal app storage, the
API, and/or the Storage Access Framework instead.
REQUEST_INSTALL_PACKAGES permission may only be requested for one or more
of the following use cases:
- web browsers
- file sharing
- messengers which support sending APKs
REQUEST_INSTALL_PACKAGES may not be used for self-updating or updating or
installing other apps.
Service intent filters
Adding any of the following actions to a service's intent filter will trigger a manual review:
More specific requirements for the following actions are laid out below:
Accessibility services are highly invasive, presenting a security and privacy risk to users. As such, they are heavily restricted on Accrescent and may only be used to help users with disabilities interact with the device.
VPN services may only be used by apps that have a VPN as their core functionality. They must encrypt all data between the device and the VPN tunnel endpoint. They may not be used to collect sensitive user data without informed consent.