I All, I have created a very simple app for Auto SMS reply. The main objective of this application is to automatically send back a SMS when someone is unavailable to read or respond to that SMS.
The main issue is that It's not getting approved on Google Play Store as it is not fall under their policy.
I have implemented the disclosure form or activity about SMS permissions also that user without using granting that permission not able use that app. Added the privacy policy also that it's collecting or transferring any information to third party.
Can someone help me on this? How can I get approval for this android app on Google Play Store? Under which category I can put my app for approval?
Thanks,
Gaurav Kapoor
Google restricts the usage of the SMS permissions group to either the default SMS app or the one of permitted use-cases.
You can check the list of permitted use-cases here:
https://support.google.com/googleplay/android-developer/answer/10208820?hl=en
When you submit an app to Google Play that requests the user for the SMS permission, you must fill out a form in Google Play Console with the specific use-case your app is using, or else it'll be automatically denied.
From your explanation of the app's purpose it might go under 2 permitted use-cases: Device automation or In-vehicle hands-free use, but you probably know best which one to choose.
Then, it will be up to the Google reviewer that will check your app to decide whether or not your app's use-case is indeed what you claim it to be and is permitted to use SMS.
Related
I have an app that reads the call log and count the SMS messages to make statistics as graphic charts, and the app requires SMS permissions and phone call log permission, and when i uploaded it on google play store ,I didn't find the approbate choice from the permissions declaration list , so i send through Google play console why i'm using these permissions and i explained to them how my app works and what it does, and the message to them was this :
"The App uses the permissions selected above to count the numbers or SMS and read phone calls log to show statistics to the user as a graphic charts.The App doesn't read, send, or receive SMS , violate user privacy or backup/store any personal information."
and they replied after days:
"We reviewed your exception request and found that it does not qualify for use of the requested permissions.
Per the Permissions policy, you may only request permissions that are necessary to implement critical current features or services in your application. You may not use permissions that give access to user or device data for undisclosed, unimplemented, or disallowed features or purposes."
any suggestions?
Screenshots:
https://cdn1.imggmi.com/uploads/2019/6/6/baa1a74029f0da2564a3f596d525ec33-full.png
https://cdn1.imggmi.com/uploads/2019/6/6/4a4b61f5d5470520a0a55eba35a642ac-full.png
You cannot upload your app on Google Play store unless they grant you permission after you explain them why you actually need access to the data.
Google has started removing apps which use SMS or Call Log permission, which they consider dangerous, and will send notice to developers 90 days prior about sending a Permission Declaration form, which if accepted by Google will make your app visible in the Play Store.
They clearly state in their blog post:
Our new policy is designed to ensure that apps asking for these
permissions need full and ongoing access to the sensitive data in
order to accomplish the app's primary use case, and that users will
understand why this data would be required for the app to function.
So, they'll accept your app:
If you remove the permissions mentioned above.
If the permissions are appropriate for the primary use case of the app.
Also, if your app is useless without these permissions, and Google's review team isn't granting you permission to publish on Play Store, you can do nothing about it, except maybe publish your app on different App Stores.
Please Go through
https://android-developers.googleblog.com/2019/01/reminder-smscall-log-policy-changes.html
Google has restricted apps with sms and call log permissions.
Here I have an android application its core functionality is forwarding incoming text messages (SMS) to E-Mail Inbox, there it requires RECEIVE_SMS permission. my app is removed from the play store due to the google play policy violation. SMS_permission is mandatory in my application.
I submitted an appeal to google play, their response is given below
...
I’ve reviewed your appeal request and found that your app still violates Google Play Policy. I’ve included details below about the specific issue with your app and what you can do to get your app back on Google Play.
Issue
During review, we found that your app violates the Permissions policy :
You may only request permissions that are necessary to implement critical features or services currently available in your app. You may not use permissions that give access to user or device data for undisclosed, unimplemented, or disallowed features or purposes. SMS and Call Log Permissions are subject to additional restrictions; in order to use these permissions, you must first receive approval from Google Play.
For example, we found that your app contains :
RECEIVE_SMS
...
please tell how can I republish the application in to playstore with those sms permissions
Yes Google removed apps which have READ_SMS permission.
Try to implement using Google API,
You don't need READ_SMS permission anymore after that.
Have a look at this Google code,
https://developers.google.com/identity/sms-retriever/overview
There are quite a few rules regarding privacy around these permissions and sometimes it's hard to understand, but maybe this will help. First of all:
Google Play restricts the use of high risk or sensitive permissions, including the SMS or Call Log permission groups.
Assuming that your app needs some of these permissions in order to work properly, Google says that it needs to be set as the default phone/sms handler. The app has to be registered as the default handler BEFORE the permission is requested and stop using them once the app is not the default handler anymore.
However, this is not the case for your app. You need access to that information, but your app cannot be set as a handler for sms/calls. In this case, an exception can be made for your app, provided that you satisfy two requirements: you have no other way to achieve the same behaviour (checks for your app) and the use case you implement can be found in the list of excepted use cases (see the Exceptions section from the link above). Here is a little bit tricky because there is no use case that clearly matches your app, but I think that you might be able to use Cross-device synchronization or transfer of SMS or calls (make sure that you check the list in detail and select the one that best fits your app).
Now, the final step is here:
If you believe your app meets the policy requirements for acceptable use or is eligible for an exception, you should declare any Call Log or SMS permissions directly through the Play Console.
Details about the process can be found here and if you did all of these, then your request will be sent to the Google Play team, they will review it and decided if your app will be published or not.
P.S. Make sure that you clearly indicate why your app needs those permissions.
I am working on an Emergency app that will send SMS alerts.When i try to publish it ,it shows a form and i need to select option from it. Acc to my app i have selected "Physical Safety/Emergency SMS alerts App" option and submit the app,but Problem is Google rejects my submision. I have SEND_SMS permission in Manifest file and that too comes under Exception category of updated permission policy.What should be done inside code or on play console to make it live?
I have gone through all the queries regarding SMS permission or Google permission policy ,but not able to find any solution that can work for me.All are providing same google permission policy link.
Don't expect any approval.
I am the author of Medical ID app, with more than 100k active users. The app includes an SMS alert as a core feature. I submitted the exception form multiple times, including a video, step-by-step explanations, etc. and the exception was rejected multiple times.
How can an emergency app with a clear and core SMS alert feature not meet their SAFETY_EMERGENCY_ALERT guidelines?
That's a great question they don't want to answer. What is really crazy is that real people review submitted forms and messages. However, and most probably for legal reasons, they answer with a very generic message so that nobody can take any actions and claim an arbitrary rejection.
What I noticed is that only highly popular apps have a chance to get the approval. For instance, Tasker got an approval even though their usage is completely generic!
Today I got a mail like this, according to this I’m not able to use RECEIVE_SMS READ_SMS anymore in my app. In my app I’m using auto read OTP. Is there any solution for this?
Hello Google Play Developer,
In October, we announced updates to our Permissions policy that will
limit which apps are allowed to request Call Log and SMS permissions.
This policy will impact one or more of your apps.
Only an app that has been selected as a user's default app for making
calls or text messages, or whose core functionality is approved for
one of the exception use cases, will be able to request access to Call
Log or SMS permissions.
Action required
Below, we've listed apps from your catalog which do not meet the
requirements for permission requests. Please remove any disallowed or
unused permissions from your app's manifest (specified below), migrate
to an alternative implementation (e.g. SMS Retriever API for most
cases of OTP verification), or evaluate if your app qualifies for an
exception.
Next steps
Read through the Permissions policy and the Play Console Help Center
article, which describes intended uses, exceptions, invalid uses, and
alternative implementation options for usage of Call Log or SMS
permissions.
Update your app or submit a Permissions Declaration Form.
Option 1) If your app does not require access to Call Log or SMS
permissions: Make appropriate changes to your app by removing the
specified permissions from your app's manifest or migrating to an
available alternative implementation by January 9, 2019.
Option 2) If your app is a default handler or you believe your app
qualifies for an exception: Please submit a request via the
Permissions Declaration Form. You do not need to have implemented APK
changes in order to submit a form. Declaration Forms received by
January 9, 2019 may be eligible for additional time to make changes to
bring their app(s) into compliance. If you have recently submitted a
Permissions Declaration Form, we are in the process of reviewing your
information and will respond to your application.
Make sure that your app is otherwise compliant with all other
Developer Program Policies to prevent your app from being removed.
Alternatively, you can choose to unpublish the app.
Our Developer Program Policies are designed to provide a safe and
secure experience for our users while also giving developers the tools
they need to succeed. That is why we will remove apps that violate our
policies. In cases of repeated or serious violations of our policies,
we may also terminate your developer account and any related developer
accounts.
We appreciate your willingness to partner with us as we make these
improvements to better protect users.
Affected apps
Affected apps and permissions are listed below, up to 20; if you have
additional apps, please ensure that they are also compliant with the
Permissions policy.
this one is also a solution.. without submitting form we have another solution .. for this we need to genarate app id..
SMS Retriever Api
This is really new headache for developers
While updating my app to play store with new version code i can't found to fill permission declaration form.
I'm not using SMS and call log permissions any more but still i can't able to update my app.
How I solve this problem hope it helps some one
First check if you have any alpha,beta or any other active testing tracks.
If you have then go to artifact library and see how many active artifacts you have.
Go through permissions of each of them if you find the sms or call log permission in any of them then that means you found the problem.
Deactivated the track if you can.
If you can't able to deactivate them create an APK with those permission and upload it to the track which contain APK with those permission previously in the artifact library.
Then you will see the permission declaration form fill that form choose no when it asked did your app follow Google play store permission policy then roll out your application.
Then do same for all the active tracks without permission and this time you can choose Yes in declaration form and choose the option for which you use those permission previously I'm using for OTP verification so I choose that one.
After updating these all tracks you need to promote your app to production one by one with increasing order of version code at last only one active artifact track, only production and now you can update in that track only.
Hope it help some one.......
If your app not using those permissions and the third-party library using some kind of those permission use below code for avoiding those permissions. it may affect those library smooth functioning
<uses-permission
android:name="android.permission.RECEIVE_SMS"
tools:node="remove" />
<uses-permission
android:name="android.permission.READ_SMS"
tools:node="remove" />
<uses-permission
android:name="android.permission.SEND_SMS"
tools:node="remove" />
or else you can use alternate methods in the answers, example
SMS Retriever Api
Its not like that you are thinking about. Go to this link
and fill up and submit the from. If you app's default function is to show SMS inbox or just OTP account verification, then they will not remove your app.
Google is no more allowing more apps with SMS permission due to security and privacy issue. So if you need Phone No verification then
Firebase Auth is the best option. It's almost free
Limit:Verification code SMS messages 50 messages/IP address/minute, 500 messages/IP address/hour
https://firebase.google.com/docs/auth/android/phone-auth
According to google "You may only request permissions that are necessary to implement critical current features or services in your application. You may not use permissions that give access to user or device data for undisclosed, unimplemented, or disallowed features or purposes".
Click Here To Read Official Google Permission Doc
If your app need to read sms for SMS-based user verification / OTP verification please use SMS Retriever API which does not needed any sms permission and your app can still read SMS for OTP verification.
Currently am Working on to read user SMS from Telephony.Sms.Inbox, fetch offer related SMS and Categories it, then showing to user in Proper way to utilize the offers.
Recently Google announced they have made some changes in Google Play to Protecting User. In blogs they said in future full access of reading user SMS by only the App as Default SMS App. Even user Allow the permission to read SMS .
To Providing a safe and secure experience for our users we made these changes.
My Question is
Any other way to took OTP from SMS which is received by user?
If my App wants to read SMS means, my App should be a default SMS App. No other way to read SMS
Whats is the Exact date of this feature Roll out in Google Play.
Update
Reddit thread
Any other way to took OTP from SMS which is received by user?
You need to use SMS Retriever API, you can perform SMS-based user verification in your app automatically, without requiring the user to manually type verification codes, and without requiring any extra app permissions.
More info on API can be found over https://developers.google.com/identity/sms-retriever/overview
If my App wants to read SMS means, my App should be a default SMS App. No other way to read SMS
Google Play may provide a temporary exception to apps that aren't Default SMS, Phone, or Assistant handlers when:
Use of the permission provides core app functionality to users
There is currently no alternative method to provide the core functionality
you must fill this form and google must approve it
Whats is the Exact date of this feature Roll out in Google Play.
Right now I am not sure I will try to find more info
Edit
You must submit form by January 9, 2019
Apps that fail to meet policy requirements or submit a Permissions Declaration Form by January 9, 2019 may be removed from Google Play.
more info can be found over here ,Reddit thread