Google Play

    Google Play Protect Appeal Taking Too Long

    A Google Play Console appeal form disputing a Play Protect harmful-app classification while a corrected build is resubmitted.

    If your Google Play Protect appeal is taking too long, it usually means the review is still in progress, since appeals can take several days and Google does not promise a fixed time. Appeals are evaluated by Google's review process, which combines automated analysis with human reviewers for cases that need a closer look, so a genuine false positive can still take time to overturn. Submit the false-positive report through the official channel with a specific justification, and while you wait, fix the most likely trigger, such as a flagged SDK or an unjustified permission, and resubmit. Acting on the cause is often faster than waiting on the appeal alone.

    Short answer

    A slow Play Protect appeal is normally just a review still in progress, not a lost request. Per Google's Play Protect documentation, flagged apps are assessed against its harmful-app criteria, and appeals go through a review that can involve human reviewers, so they are not resolved instantly. Submit a false-positive report through the official appeal channel in the Play Console or the Play Protect form, with a specific explanation of the flagged behavior and why it is legitimate. Because appeals take time, do not only wait: identify and remove the likely trigger, often a third-party SDK or a dangerous permission, and resubmit. Follow up through the Console if you clearly exceed the typical window.

    How the Play Protect appeal works

    When Google Play Protect classifies an app as potentially harmful, you can dispute that classification through an appeal, and the appeal asks Google to re-examine the app against its criteria. The request enters a review queue, where Google evaluates whether the flag was correct, and either upholds it or clears the app. Until that review completes, the classification stands, which is why the app remains affected while you wait.

    The important framing is that an appeal is a re-review, not an instant override. Submitting it does not immediately lift the warning; it starts a process. Understanding that helps set expectations: the goal of the appeal is a corrected decision, and the time it takes is the time Google needs to look again, not a delay you can remove from your side.

    Is the appeal reviewed by a human?

    It can be. Google's review process combines automated analysis with human reviewers, and appeals in particular are the kind of case where a person may look at the app, especially when you argue the automated flag was wrong. So the answer is that it is not purely automated: automation does the initial classification, and a human can be involved in reconsidering it.

    This is why a well-argued appeal matters. Because a person may read your explanation, a specific, factual account of what the flagged behavior is and why it is legitimate gives the reviewer something concrete to evaluate. A vague assertion that the app is safe gives them nothing to act on, so the quality of your submission can genuinely affect the outcome.

    How to submit a false-positive report

    You submit a false-positive report through the official channel rather than by editing anything on the device. For a developer whose published app is flagged, the appeal path is in the Play Console, through the policy notification or the Policy Center, and Google also provides a form to report an incorrect Play Protect warning. Use the channel that matches your case, and submit one clear report rather than several.

    Make the report specific. Identify the exact behavior, permission, or SDK that was likely flagged, explain its legitimate purpose in your app, and describe any change you have already made, such as removing a library. Attach or reference evidence where you can. A concrete report that names the trigger and justifies it is far more effective than a general request to clear the warning.

    How long the appeal takes

    Expect it to take time, often several days, and understand that Google does not publish a guaranteed turnaround. A day or two without a response is normal, and it does not mean the appeal was ignored. Review of an appeal, especially one that may involve a human, simply takes as long as it takes, and refreshing for an update does not speed it up.

    If you clearly pass the typical window with no response, following up through the Play Console is reasonable, referencing your original appeal. Keep expectations realistic, though: a follow-up asks for attention, but it does not guarantee an immediate decision, particularly if there is a backlog. The more productive use of the waiting time is usually to address the likely cause in parallel.

    What to do while you wait

    Do not treat the appeal as your only move. In most cases the fastest route back to a clean state is to identify the likely trigger and remove it, then resubmit a corrected build, rather than waiting solely for the appeal to succeed. If the flag was caused by a real issue, fixing it resolves the problem regardless of the appeal's outcome.

    Focus on the two most common triggers. A third-party SDK that Google classifies as unwanted software, or a dangerous permission requested without a clear justification, causes many flags, so auditing and removing or justifying those is high-value work. Even if you believe the flag is a false positive, tightening these reduces the chance of a repeat and strengthens your position if the appeal is reviewed.

    Appeal or fix?

    The right emphasis depends on whether the flag reflects a real issue or a genuine mistake. The table below sorts common situations into where to put your effort.

    SituationBest action
    Genuine false positiveSubmit a false-positive report and wait
    A flagged SDK is the causeRemove or replace it, then resubmit
    A dangerous permissionJustify or remove it, then resubmit
    Appeal past the typical windowFollow up through the Play Console
    Cause unclearAudit the build, then fix and appeal

    The pattern is that a real trigger is best fixed directly, while a true false positive needs the appeal. When you are unsure, doing both, appealing and fixing the most likely cause, gives you the fastest path back regardless of which was right.

    Strengthen your appeal

    A stronger appeal is more likely to succeed and less likely to stall. The checklist below covers what makes one credible.

    CheckActionDone?
    Right channelSubmit through the correct Play Console or Play Protect path[ ]
    Specific justificationName the flagged behavior, permission, or SDK and its purpose[ ]
    EvidenceDescribe what you changed or why it is legitimate[ ]
    Parallel fixRemove the likely trigger and resubmit a corrected build[ ]
    Follow upContact support if you clearly exceed the typical window[ ]

    The two that matter most are a specific justification and a parallel fix. Naming the trigger gives a reviewer something to evaluate, and fixing the likely cause means you are not depending solely on the appeal, which is what turns a long wait into a resolved one.

    Find the trigger with a scan

    Because the most effective step is often removing the real trigger, finding it quickly matters, and a flagged SDK or over-broad permission can be hard to spot by hand, especially when a library is pulled in as a dependency.

    A scanner like PTKD.com analyzes your app build and reports findings ordered by severity and mapped to OWASP MASVS, including over-broad permissions and risky third-party code, so you can identify the likely cause of a flag. To be clear about the boundary: PTKD does not submit your appeal, contact Google, or overturn a Play Protect verdict. It helps you find and fix the permission or SDK issue that is often what triggered the flag in the first place.

    What to take away

    • A slow Play Protect appeal is usually a review still in progress; appeals can take several days and Google does not promise a fixed time.
    • Appeals are not purely automated, so a specific, factual justification gives a human reviewer something concrete to act on.
    • Submit the false-positive report through the official Play Console or Play Protect channel, naming the flagged behavior and why it is legitimate.
    • Do not only wait: identify and remove the likely trigger, often a flagged SDK or an unjustified permission, and resubmit in parallel.
    • Use a scan with PTKD.com to find the permission or SDK that likely caused the flag.
    • #play protect
    • #appeal
    • #false positive
    • #play console
    • #harmful app

    Frequently asked questions

    Why is my Play Protect appeal taking so long?
    Usually because the re-review is still in progress. An appeal asks Google to re-examine the app against its criteria, which enters a review queue that can take several days, especially when a human reviewer is involved. Google does not publish a guaranteed turnaround, so a day or two without a response is normal and does not mean the appeal was ignored.
    Is the Play Protect appeal reviewed by a human?
    It can be. Google's review process combines automated analysis with human reviewers, and appeals are the kind of case where a person may reconsider the flag, particularly when you argue the automated classification was wrong. This is why a specific, factual explanation of the flagged behavior and why it is legitimate can genuinely affect the outcome.
    How do I submit a false-positive report?
    Through the official channel, not by editing anything on the device. For a flagged published app, the appeal path is in the Play Console via the policy notification or Policy Center, and Google also provides a form to report an incorrect Play Protect warning. Submit one clear report that names the likely trigger, explains its legitimate purpose, and describes any fix you made.
    How long should a Play Protect appeal take?
    Often several days, with no guaranteed turnaround from Google. A day or two without a response is normal. If you clearly pass the typical window with no reply, following up through the Play Console referencing your original appeal is reasonable, though a follow-up asks for attention rather than guaranteeing an immediate decision, especially during a backlog.
    What should I do while waiting for the appeal?
    Do not treat the appeal as your only move. Identify the most likely trigger and fix it, then resubmit a corrected build in parallel. The two most common triggers are a third-party SDK Google classifies as unwanted software and a dangerous permission requested without justification. Removing or justifying those often resolves the flag faster than waiting on the appeal alone.
    How do I find what triggered the Play Protect flag?
    A flagged SDK or over-broad permission can be hard to spot by hand, especially a library pulled in as a dependency. A scanner like PTKD.com (https://ptkd.com) analyzes your build and reports over-broad permissions and risky third-party code, mapped to OWASP MASVS. It does not submit your appeal or overturn a verdict, but it helps you find and fix the likely cause.

    Keep reading

    Scan your app in minutes

    Upload an APK, AAB, or IPA. PTKD returns an OWASP-aligned report with copy-paste fixes.

    Try PTKD free