App Store RejectionGuideline Google Play — VPN ServicesVPN Services Policy

Your VPN App Doesn't Meet Google's Strict Disclosure Requirements

VPN apps on Google Play are under intense scrutiny. Using VpnService without being a real VPN, or being a VPN without the required disclosures, both lead to rejection. Here's what Google actually requires.

What Apple said

Your app uses the VpnService API but does not meet the requirements for VPN apps on Google Play. Apps using VpnService must be a legitimate VPN application, must clearly disclose what network traffic is routed through the VPN, and must not use VPN capabilities for advertising, data collection, or purposes other than providing VPN functionality.

What this actually means

Google Play has strict rules for VpnService API usage because it can be abused to intercept traffic. Legitimate VPN apps can publish, but they must clearly disclose that they route network traffic, what the traffic is used for, and must not collect or use the traffic data for any purpose other than providing VPN service. Non-VPN apps that use VpnService for other purposes (like parental controls or ad blocking) face heavy scrutiny.

What Apple needs to see

  • Clear disclosure in the app and listing that the app routes device network traffic through a VPN
  • A privacy policy that explicitly states user traffic is not logged, sold, or used for advertising
  • Legitimate VPN functionality as the primary app purpose — not VpnService used as a side feature for another purpose
  • No data collection, traffic analysis, or advertising uses from the VPN traffic
  1. 1Add a clear disclosure screen shown before VPN connection explaining that traffic is routed through your servers
  2. 2Update your privacy policy at yourapp.baseterms.com/privacy with an explicit no-logging policy or an accurate description of what you do log
  3. 3Complete Google's VPN app declaration in the Play Console under Policy > App content
  4. 4If you're using VpnService for non-VPN purposes (ad blocking, content filtering), carefully review Google's policy on whether your use case is permitted
  5. 5Ensure your app listing description accurately describes what the VPN does and doesn't do with user traffic

While you're at it — Apple also requires these pages for every app.

Fix this rejection, then make sure you're covered on the compliance side too. Apple requires every app to link to a hosted Privacy Policy, Terms of Service, Support page, and Data Deletion page. No link means another rejection — just for a different reason.

Privacy Policy
Terms of Service
Support Page
Data Deletion Page
Generate my compliance pages — FREE

Common questions

Can I build an ad blocker using VpnService?
Ad blockers using VpnService are permitted on Google Play if they follow the VPN policy — meaning you must disclose the traffic routing, not collect the traffic data, and be transparent about what you're filtering. Many ad blocker apps successfully publish this way.
Does my VPN app need to go through special approval like gambling apps?
VPN apps don't have a separate pre-approval process like gambling, but they do require completing the VPN declaration in Play Console and having a strong privacy policy. Google reviews VPN apps carefully at submission. Being transparent upfront is essential.
My no-log VPN got rejected for the privacy policy — what's wrong?
Common issues: the privacy policy isn't at a stable public URL, the no-log policy language is vague, or the policy doesn't specifically address what happens with connection metadata (even no-log VPNs often keep some metadata). Make sure your policy at yourapp.baseterms.com/privacy explicitly addresses traffic logs, connection logs, and any metadata retention.