Google Play - app removed due to Malicious Content

Our organization has had our app in the Google Play store for a couple months running an internal test group (app is not publicly available). Just within the last few days, the app was suspended due to Malicious Behavior. Our app is only web components at this time with the use of a few Cordova plugins:

cordova-plugin-whitelist
cordova-plugin-statusbar
cordova-plugin-device
cordova-plugin-splashscreen
cordova-plugin-ionic-keyboard
cordova-plugin-touch-id
cordova-plugin-code-push
cordova-plugin-file
cordova-plugin-file-transfer
cordova-plugin-zip
cordova-plugin-app-version
cordova-plugin-secure-storage
cordova-plugin-fingerprint-aio
cordova-plugin-ionic-webview

We’ve appealed the suspension asking for more detail (as we have no idea what in our app could be considered malicious) but the only response we got back was the same link to the Malicious Behavior policy. We have looked at this in depth and find no reason to believe our app is malicious.

Has anyone else faced a similar issue? Without any additional information we have no course of remediation and are not able to move forward. Can anyone suggest a means of elevating the appeal, or a means to contact Google Play and get more concrete information? The only way we have now is through their support email (not very helpful).

Thank you.

More detail. We’re pretty current with dependencies–listed below.

"dependencies": {
	"@angular/common": "^7.2.6",
	"@angular/core": "^7.2.6",
	"@angular/forms": "^7.2.6",
	"@angular/http": "^7.2.6",
	"@angular/platform-browser": "^7.2.6",
	"@angular/platform-browser-dynamic": "^7.2.6",
	"@angular/router": "^7.2.6",
	"@ionic-native/app-version": "^5.2.0",
	"@ionic-native/code-push": "^5.2.0",
	"@ionic-native/core": "^5.2.0",
	"@ionic-native/device": "^5.2.0",
	"@ionic-native/fingerprint-aio": "^5.2.0",
	"@ionic-native/keyboard": "^5.2.0",
	"@ionic-native/secure-storage": "^5.2.0",
	"@ionic-native/splash-screen": "^5.2.0",
	"@ionic-native/status-bar": "^5.2.0",
	"@ionic-native/touch-id": "^5.2.0",
	"@ionic/angular": "^4.0.2",
	"@ngrx/effects": "^7.2.0",
	"@ngrx/store": "^7.2.0",
	"@ngrx/store-devtools": "^7.2.0",
	"code-push": "^2.0.6",
	"cordova-android": "8.0.0",
	"cordova-browser": "6.0.0",
	"cordova-ios": "5.0.0",
	"cordova-plugin-add-swift-support": "^1.7.2",
	"cordova-plugin-app-version": "^0.1.9",
	"cordova-plugin-code-push": "^1.11.17",
	"cordova-plugin-device": "^2.0.2",
	"cordova-plugin-dialogs": "^2.0.1",
	"cordova-plugin-file": "^6.0.1",
	"cordova-plugin-file-transfer": "^1.7.1",
	"cordova-plugin-fingerprint-aio": "^1.6.0",
	"cordova-plugin-ionic-keyboard": "^2.1.3",
	"cordova-plugin-ionic-webview": "^4.0.0",
	"cordova-plugin-secure-storage": "^3.0.1",
	"cordova-plugin-splashscreen": "^5.0.2",
	"cordova-plugin-statusbar": "^2.4.2",
	"cordova-plugin-touch-id": "^3.4.0",
	"cordova-plugin-whitelist": "^1.3.3",
	"cordova-plugin-zip": "^3.1.0",
	"core-js": "^2.6.3",
	"ionicons": "^4.5.5",
	"ng2-dragula": "^2.1.1",
	"rxjs": "^6.4.0",
	"zone.js": "~0.8.29"
}

We are facing the same, any solution you have ?

I’ve been publishing apps in stores for about three years, and I haven’t received any complaints from Google Stores.

Crap. Yep, this just happened to me for a new app I just submitted! I use ionic deploy and looks like remote app updates are no longer supported!!