Google Play

    Google Play Console Unity 3D SDK Data Collection Warning

    A Google Play Console warning that the Unity Ads SDK collects the advertising ID not declared in the app's Data safety form.

    The Google Play Console warning about Unity 3D SDK data collection means Google detected that a Unity SDK in your app, most often Unity Ads or Unity Analytics, collects user data such as the advertising identifier and device information that your Data safety form does not declare. Since April 2022, Google requires you to declare all data your app collects, including data collected by third-party SDKs, and you are solely responsible for that declaration even for code you did not write. The fix is to identify what your Unity services actually collect, using Unity's per-service Data safety guidance, and either update your Data safety form to declare it or disable the Unity services you do not use so the collection stops.

    Short answer

    This is a Data safety declaration problem, not a bug in your game, so you resolve it by making your form match what your SDKs do. Per Google's Data safety guidance, if a third-party SDK in your app collects or shares user data, you must reflect that in the Data safety form, and you are responsible for it. Unity's services collect data: per Unity's Data safety documentation, Unity Ads collects the advertising ID and device information and shares it with ad networks. So either declare what your Unity services collect on the form, or remove the services you do not need so nothing undeclared is collected.

    What the warning means

    The warning is Google's automated check telling you that a software library bundled in your app collects user data that your Data safety declaration does not account for. Google scans apps for the SDKs they include, knows what common SDKs like Unity's collect, and compares that against the collection you declared. When a Unity SDK is present but your form says you collect less than it does, the declaration is inaccurate, and Google flags it, because an accurate Data safety label is a policy requirement.

    So the message is not that Unity is doing something wrong or that your game is malicious; it is that your declaration and your app's actual data collection do not line up. The Data safety section is what users see to understand what an app collects, so Google holds you to declaring everything the app collects, including through third-party code. That framing points you at the fix, which is reconciling the form with what Unity actually collects, rather than at changing your game's logic.

    Why a Unity game triggers this

    Many Unity developers are surprised by this warning because they feel their game does not collect data, but the Unity engine and its services often collect data by default, and that counts as your app collecting it. A typical Unity project can include Unity Ads, Unity Analytics, or other Unity Gaming Services, and these are designed to gather information, so even a simple game that added monetization or analytics is collecting user data through them. The collection is real even though you never wrote code to do it.

    That is the crux of the surprise: from a policy standpoint, data collected by an SDK you chose to include is data your app collects. So a game that shows ads through Unity Ads is collecting and sharing the advertising ID, and a game with Unity Analytics is collecting usage and device data, regardless of the developer's intent. Recognizing that the Unity services in your project are collecting on your behalf is the mental shift that makes the warning, and its fix, make sense.

    What data does Unity collect?

    What Unity collects depends on which Unity services your project uses, so the first step is to know what you have integrated. Unity Ads, the monetization service, collects the advertising identifier and device information and shares it with ad networks to serve and measure ads. Unity Analytics collects app usage and event data along with device identifiers and information. Other Unity Gaming Services, such as in-app purchasing and player services, collect their own categories of data related to their function.

    Because the exact data types differ per service, Unity publishes Data safety documentation for each of its services that lists precisely what that service collects, whether it is shared, and the purpose, specifically to help you complete Google's form. So rather than guessing, identify every Unity service in your build and consult its Data safety page. That gives you an accurate list of data types, such as device or other identifiers and app activity, to declare, which is far more reliable than assuming a game collects nothing.

    The Data safety form and third-party SDKs

    The rule underneath this warning is that the Data safety form covers your whole app, including third-party SDKs, and the responsibility is entirely yours. Google states plainly that if a third-party SDK or library in your app collects or shares user data, you must reflect that collection and sharing in the Data safety form, and that you are solely responsible for how you complete it. So an explanation that the collection comes from Unity rather than your own code does not exempt you; you still have to declare it.

    The practical consequence is that completing the Data safety form is not just about your own logic but an inventory of every library that touches user data. For a Unity game, that means treating the Unity services as part of your app's data collection and declaring them, which is exactly what clears the warning.

    How to fix it: update the Data safety form

    The direct fix is to update your Data safety form so it accurately reflects what your Unity services collect. In Play Console, open App content under Policy and go to the Data safety section, then work through the data types. Using the Data safety guidance for each Unity service you include, declare the data types they collect, such as device or other identifiers and app activity, mark whether each is collected or shared, and set the purposes, for example advertising or analytics, to match how the service uses the data.

    Once your declaration matches the SDKs in your app, submit the updated form, and the mismatch that triggered the warning is resolved. This is a self-service correction that does not change your game, only its label. So the moment your Data safety section honestly represents the Unity services collecting data, including the advertising ID from Unity Ads and usage data from Unity Analytics, the app's declaration is accurate and the warning clears.

    Or stop collecting the data

    If you would rather not collect or declare this data, the alternative fix is to remove or disable the Unity services responsible for it, so the collection genuinely stops. If your game does not need ads, not including Unity Ads means the advertising ID is not collected through it; if you do not need analytics, disabling Unity Analytics stops that usage and device data collection. With the collecting services gone, a declaration that your app does not collect those data types becomes true.

    The key is that your Data safety form must match reality either way: you can collect the data and declare it, or not collect it and declare that, but you cannot include a data-collecting SDK while declaring no collection. So choose deliberately, remove what you do not need, and declare what remains.

    Common causes and fixes

    Matching the source of the collection to its fix makes this quick to resolve. The table below maps the common ones.

    CauseWhat it collectsFix
    Unity Ads includedAdvertising ID, device info, sharedDeclare it, or remove ads if unused
    Unity Analytics enabledUsage data, device identifiersDeclare it, or disable analytics
    Other Unity servicesService-specific dataDeclare per Unity's guidance
    Form says no collectionContradicts the bundled SDKsUpdate the form to match reality
    Unsure what is integratedUnknown collectionInventory your SDKs and their data

    Read the last two rows first, since a form that claims no collection while the app bundles Unity services, or uncertainty about what is integrated, is what usually causes the warning.

    Fix checklist

    Working through these steps clears the warning. The checklist below covers them.

    StepActionDone?
    Inventory Unity servicesList Ads, Analytics, and other services used[ ]
    Check what each collectsUse Unity's per-service Data safety guidance[ ]
    Decide collect or removeKeep and declare, or disable what is unused[ ]
    Update the Data safety formDeclare data types, sharing, and purposes[ ]
    Confirm consistencyEnsure the form matches the SDKs present[ ]
    Submit and re-checkSave the form and confirm the warning clears[ ]

    The step teams skip most is inventorying which Unity services are actually integrated, since you cannot declare accurately without knowing what your build includes.

    Where a scan fits

    Declaring accurately depends on knowing what your app actually collects and which third-party code is inside it, and that is far easier to see when you can inventory it rather than rely on memory.

    A scanner like PTKD.com analyzes your Android build and reports the third-party SDKs it contains and the data-related behavior in it, such as identifiers and network endpoints, alongside security issues like exposed keys, by severity and mapped to OWASP MASVS. To be clear about the boundary: PTKD does not complete your Data safety form or change your Unity configuration, which are yours to manage. It helps you see what SDKs and data collection are actually in your app, so the Data safety declaration you make reflects reality rather than guesswork.

    What to take away

    • The Unity SDK data collection warning means a Unity service in your app collects data, such as the advertising ID, that your Data safety form does not declare.
    • Since April 2022, you must declare all data your app collects, including through third-party SDKs like Unity, and you are solely responsible for the declaration.
    • Unity Ads collects the advertising ID and device info and shares it with ad networks, and Unity Analytics collects usage and device data, so a Unity game does collect data.
    • Fix it by updating your Data safety form to match what your Unity services collect, using Unity's per-service Data safety guidance to declare accurately.
    • Alternatively, remove Unity services you do not use so the collection stops, and use a tool like PTKD.com to see what SDKs and data are actually in your build.
    • #google play
    • #unity
    • #data safety form
    • #third-party sdk
    • #data collection

    Frequently asked questions

    Why is Google Play warning about Unity SDK data collection?
    Because a Unity SDK bundled in your app, commonly Unity Ads or Unity Analytics, collects user data that your Data safety form does not declare. Google scans apps for the SDKs they include, knows what those SDKs collect, and flags a mismatch when your declared collection is less than what the SDK actually does. It is not that Unity or your game is malicious; it is that your Data safety declaration and your app's real data collection do not line up. The fix is to reconcile the form with what Unity collects, not to change your game.
    What data does Unity collect?
    It depends on which Unity services you use. Unity Ads, the monetization service, collects the advertising identifier and device information and shares it with ad networks to serve and measure ads. Unity Analytics collects app usage and event data along with device identifiers. Other Unity Gaming Services, such as in-app purchasing and player services, collect their own categories of data. Unity publishes Data safety documentation for each service that lists exactly what it collects, whether it is shared, and the purpose, so inventory your services and consult each one's page rather than guessing.
    Do I have to declare third-party SDK data in the Data safety form?
    Yes. Google states that if a third-party SDK or library in your app collects or shares user data, you must reflect that collection and sharing in the Data safety form, and you are solely responsible for how you complete it. So the fact that the collection comes from Unity rather than your own code does not exempt you. This applies to every SDK, including analytics, advertising, crash reporting, and backend libraries, so completing the form is really an inventory of every library that touches user data, which for a Unity game means declaring its services.
    How do I fix the Unity data collection warning?
    Update your Data safety form to match what your Unity services collect. In Play Console, open App content under Policy, go to the Data safety section, and using Unity's per-service Data safety guidance, declare the data types each service collects, such as device or other identifiers and app activity, mark whether each is collected or shared, and set the purposes like advertising or analytics. When your declaration matches the SDKs in your app, submit the form and the mismatch clears. This changes only the app's label, not your game.
    Can I stop Unity from collecting data instead of declaring it?
    Yes, by removing or disabling the Unity services responsible. If your game does not need ads, not including Unity Ads means the advertising ID is not collected through it, and if you do not need analytics, disabling Unity Analytics stops that usage and device data collection. With the collecting services gone, a declaration that your app does not collect those data types becomes true. The key is that your Data safety form must match reality either way: collect and declare, or do not collect and declare that, but never bundle a collecting SDK while declaring no collection.
    My game does not collect data. Why is it flagged?
    Because the Unity engine and its services often collect data by default, and from a policy standpoint data collected by an SDK you chose to include is data your app collects, even though you never wrote code to do it. A typical Unity project can include Unity Ads, Unity Analytics, or other services designed to gather information, so a game that added monetization or analytics is collecting user data through them. Recognizing that the Unity services in your project collect on your behalf is what makes the warning, and the fix of declaring or removing them, make sense.

    Keep reading

    Scan your app in minutes

    Upload an APK, AAB, or IPA. PTKD returns an OWASP-aligned report with copy-paste fixes.

    Try PTKD free