this is regarding new permission changes. So, in the previous build, we needed SMS and call permission so we filled a form while uploading to play store and those permissions were in the manifest. But, now we have removed that permission. It is still showing that older declared permission. There is no way to edit declaration form that we don't have those permissions now.
And it wants us to select a core functionality.
this is the error we are seeing:
Declare sensitive permissions
All apps requesting to use sensitive permissions, such as SMS or Call Log permission groups, must complete the Permissions Declaration Form. Failing to report any app functionality that uses these permissions can lead to app suspension.
We don't allow these permissions to be used for contact prioritization, affinity profiles, or social graphs.
If you're using SMS or Call Log permissions for account verification, sharing content, or initiating a text message or phone call, you can use alternative methods to get the same functionality. Learn more
Previously declared permissions (3 permissions)
You do not have to edit Declaration form. What is perhaps happening here is you are directly releasing (permission free app) to Production Mode while your Internal Release or Alpha or Beta still has an apk which requires permission. PlayStore Review mechanism does not distinguish between mode of APKs and keep rejecting updates if it finds an active APK which has sensitive permissions. I would suggest you to first upload your new APK to Internal Test and then promote it to Aplha/Beta and then to Production. This will solve your problem and you would not be getting the Declaration form again.
Get all the tracks to the same version
Related
For months I've been trying to publish an app with READ_CALL_LOG permission to no avail.
App is a contact management app including scheduled meetings, calendar and other events.
I only need to be able to get incoming call number, but since it's not allowed, I've implemented full InCallService that launches activity to display calling window with common answer/hang up buttons and few that redirect to our main app.
I've updated "App content" section "Sensitive app permissions" with checked "Default phone handler", provided instructions for review.
Latest version of the app is deployed in internal track. But I also have older rejected versions in beta, alpha and production tracks
App itself on first launch asks permissions to become a default Call App, otherwise won't even start.
And yet, no matter how much I try, I keep getting "App rejected" in Play store "Policy status" section. Going to see further details I get:
Issue: Violation of Permissions policy After reviewing your app, we
found that it doesn’t qualify to use the requested permissions for the
following reason(s): Requested permissions do not match core
functionality of the app You declared Default Phone handler (and any
other core functionality usage while default handler) as the core
functionality of your app. However, after review, we found that your
app does not match the declared use case(s). Learn more about
permitted uses and exceptions. Please either: • Make changes to your
app so that it meets the requirements of the declared core
functionality or, • Select a use case that matches your app’s
functionality
With "Eligibility issue" below:
Sensitive permission Your app does not qualify for use of the
requested permissions. Permission requests should make sense to users.
You may only request permissions that are necessary to implement
critical current features or services in your application. You may not
use permissions that give access to user or device data for
undisclosed, unimplemented, or disallowed features or purposes.
To my understanding if I declare the intent of using app as a default phone call handler and make that explicitly clear to the user I should be able to publish this app? Being able to detect call number is a core functionality for the app.
I've tried reaching out to support multiple times, but they just write, that they'll contact me via email to never be heard from again.
Any suggestions on what could be improved?
I have an app that reads the call log and count the SMS messages to make statistics as graphic charts, and the app requires SMS permissions and phone call log permission, and when i uploaded it on google play store ,I didn't find the approbate choice from the permissions declaration list , so i send through Google play console why i'm using these permissions and i explained to them how my app works and what it does, and the message to them was this :
"The App uses the permissions selected above to count the numbers or SMS and read phone calls log to show statistics to the user as a graphic charts.The App doesn't read, send, or receive SMS , violate user privacy or backup/store any personal information."
and they replied after days:
"We reviewed your exception request and found that it does not qualify for use of the requested permissions.
Per the Permissions policy, you may only request permissions that are necessary to implement critical current features or services in your application. You may not use permissions that give access to user or device data for undisclosed, unimplemented, or disallowed features or purposes."
any suggestions?
Screenshots:
https://cdn1.imggmi.com/uploads/2019/6/6/baa1a74029f0da2564a3f596d525ec33-full.png
https://cdn1.imggmi.com/uploads/2019/6/6/4a4b61f5d5470520a0a55eba35a642ac-full.png
You cannot upload your app on Google Play store unless they grant you permission after you explain them why you actually need access to the data.
Google has started removing apps which use SMS or Call Log permission, which they consider dangerous, and will send notice to developers 90 days prior about sending a Permission Declaration form, which if accepted by Google will make your app visible in the Play Store.
They clearly state in their blog post:
Our new policy is designed to ensure that apps asking for these
permissions need full and ongoing access to the sensitive data in
order to accomplish the app's primary use case, and that users will
understand why this data would be required for the app to function.
So, they'll accept your app:
If you remove the permissions mentioned above.
If the permissions are appropriate for the primary use case of the app.
Also, if your app is useless without these permissions, and Google's review team isn't granting you permission to publish on Play Store, you can do nothing about it, except maybe publish your app on different App Stores.
Please Go through
https://android-developers.googleblog.com/2019/01/reminder-smscall-log-policy-changes.html
Google has restricted apps with sms and call log permissions.
Here I have an android application its core functionality is forwarding incoming text messages (SMS) to E-Mail Inbox, there it requires RECEIVE_SMS permission. my app is removed from the play store due to the google play policy violation. SMS_permission is mandatory in my application.
I submitted an appeal to google play, their response is given below
...
I’ve reviewed your appeal request and found that your app still violates Google Play Policy. I’ve included details below about the specific issue with your app and what you can do to get your app back on Google Play.
Issue
During review, we found that your app violates the Permissions policy :
You may only request permissions that are necessary to implement critical features or services currently available in your app. You may not use permissions that give access to user or device data for undisclosed, unimplemented, or disallowed features or purposes. SMS and Call Log Permissions are subject to additional restrictions; in order to use these permissions, you must first receive approval from Google Play.
For example, we found that your app contains :
RECEIVE_SMS
...
please tell how can I republish the application in to playstore with those sms permissions
Yes Google removed apps which have READ_SMS permission.
Try to implement using Google API,
You don't need READ_SMS permission anymore after that.
Have a look at this Google code,
https://developers.google.com/identity/sms-retriever/overview
There are quite a few rules regarding privacy around these permissions and sometimes it's hard to understand, but maybe this will help. First of all:
Google Play restricts the use of high risk or sensitive permissions, including the SMS or Call Log permission groups.
Assuming that your app needs some of these permissions in order to work properly, Google says that it needs to be set as the default phone/sms handler. The app has to be registered as the default handler BEFORE the permission is requested and stop using them once the app is not the default handler anymore.
However, this is not the case for your app. You need access to that information, but your app cannot be set as a handler for sms/calls. In this case, an exception can be made for your app, provided that you satisfy two requirements: you have no other way to achieve the same behaviour (checks for your app) and the use case you implement can be found in the list of excepted use cases (see the Exceptions section from the link above). Here is a little bit tricky because there is no use case that clearly matches your app, but I think that you might be able to use Cross-device synchronization or transfer of SMS or calls (make sure that you check the list in detail and select the one that best fits your app).
Now, the final step is here:
If you believe your app meets the policy requirements for acceptable use or is eligible for an exception, you should declare any Call Log or SMS permissions directly through the Play Console.
Details about the process can be found here and if you did all of these, then your request will be sent to the Google Play team, they will review it and decided if your app will be published or not.
P.S. Make sure that you clearly indicate why your app needs those permissions.
I'm publishing an Android app on Google Play Store and I have enabled sms permission in the manifest. After publishing it, Google rejected the app with the below information:
Issue: Violation of Permissions policy After reviewing your app, we
found that it doesn’t qualify to use the requested permissions for the
following reason(s):
Based on our review, we found your app’s expressed user experience did
not match your declared core functionality {Default SMS handler (and
any other core functionality usage while default handler), Default
Phone handler (and any other core functionality usage while default
handler)}. Please remove these permissions from your app.
Default handler capability was listed on your declaration form, but
your app does not appear to have default handler capability. Please
submit a revised declaration form.
As of the recent change to the application privacy policy, to view sms messages, your application must be the default sms handler. As stated in this reminder by Google.
You can submit a declaration for outlining why your app uses the sms permissions but it's unlikely that they will accept it, only a few use cases get approved.
You can remove this permission from manifest and remove run-time asking permissions and after updating your version code and version name. you have to push your app on alpha,beta or Internal test track first and then move it to production.
just add sms call permission in your manifest with tools:node="remove" tag and remove it from asking at run-time.
<uses-permission android:name="android.permission.SEND_SMS" tools:node="remove" />
after adding this Google play console will not ask you to fill up the permission declaration form.
if you still faces any issues you can chat live with google play console team or communicate with them through mail
https://support.google.com/googleplay/android-developer/answer/7218994?hl=en
Wait for some time if you get message like "Chat support is currently not available." it will update after some time.
If you're using any SMS or CALL_LOG related permission you need to submit a Permissions Declaration Form for your app.
check this and this for more info
There are two answers to this question
Answer 1.
If you roll out a release using the Google Play Developer Publishing API and Google Play has not previously approved your APK or App Bundle's use of high risk or sensitive permissions, you will receive an error.
To continue managing releases using the Publishing API, you must either remove any high risk or sensitive permission requests from your app and create a new release with the revised APK or App Bundle or prepare and roll out your release using the Play Console web UI, following these steps:
Upload your APK or App Bundle with high risk or sensitive permissions requested
Complete the Permissions Declaration Form as above
Complete the rollout of the release using the Play Console web UI
If you still need the sms permission as well as other sensitive permission declaration in you manifest,
You can also Fill and submit a Permissions Declaration Form for your app and create a new case during the process. Google will review your reasons for requesting those permissions and get back to you. Do not rollout a new update until you've received a reply from Google else, your app will be rejected again.
If you still need the sms permission to be declared in your manifest, you can fill the Permissions Appeal Form by clicking on the link below:
https://support.google.com/googleplay/android-developer/contact/permissions
Today I got a mail like this, according to this I’m not able to use RECEIVE_SMS READ_SMS anymore in my app. In my app I’m using auto read OTP. Is there any solution for this?
Hello Google Play Developer,
In October, we announced updates to our Permissions policy that will
limit which apps are allowed to request Call Log and SMS permissions.
This policy will impact one or more of your apps.
Only an app that has been selected as a user's default app for making
calls or text messages, or whose core functionality is approved for
one of the exception use cases, will be able to request access to Call
Log or SMS permissions.
Action required
Below, we've listed apps from your catalog which do not meet the
requirements for permission requests. Please remove any disallowed or
unused permissions from your app's manifest (specified below), migrate
to an alternative implementation (e.g. SMS Retriever API for most
cases of OTP verification), or evaluate if your app qualifies for an
exception.
Next steps
Read through the Permissions policy and the Play Console Help Center
article, which describes intended uses, exceptions, invalid uses, and
alternative implementation options for usage of Call Log or SMS
permissions.
Update your app or submit a Permissions Declaration Form.
Option 1) If your app does not require access to Call Log or SMS
permissions: Make appropriate changes to your app by removing the
specified permissions from your app's manifest or migrating to an
available alternative implementation by January 9, 2019.
Option 2) If your app is a default handler or you believe your app
qualifies for an exception: Please submit a request via the
Permissions Declaration Form. You do not need to have implemented APK
changes in order to submit a form. Declaration Forms received by
January 9, 2019 may be eligible for additional time to make changes to
bring their app(s) into compliance. If you have recently submitted a
Permissions Declaration Form, we are in the process of reviewing your
information and will respond to your application.
Make sure that your app is otherwise compliant with all other
Developer Program Policies to prevent your app from being removed.
Alternatively, you can choose to unpublish the app.
Our Developer Program Policies are designed to provide a safe and
secure experience for our users while also giving developers the tools
they need to succeed. That is why we will remove apps that violate our
policies. In cases of repeated or serious violations of our policies,
we may also terminate your developer account and any related developer
accounts.
We appreciate your willingness to partner with us as we make these
improvements to better protect users.
Affected apps
Affected apps and permissions are listed below, up to 20; if you have
additional apps, please ensure that they are also compliant with the
Permissions policy.
this one is also a solution.. without submitting form we have another solution .. for this we need to genarate app id..
SMS Retriever Api
This is really new headache for developers
While updating my app to play store with new version code i can't found to fill permission declaration form.
I'm not using SMS and call log permissions any more but still i can't able to update my app.
How I solve this problem hope it helps some one
First check if you have any alpha,beta or any other active testing tracks.
If you have then go to artifact library and see how many active artifacts you have.
Go through permissions of each of them if you find the sms or call log permission in any of them then that means you found the problem.
Deactivated the track if you can.
If you can't able to deactivate them create an APK with those permission and upload it to the track which contain APK with those permission previously in the artifact library.
Then you will see the permission declaration form fill that form choose no when it asked did your app follow Google play store permission policy then roll out your application.
Then do same for all the active tracks without permission and this time you can choose Yes in declaration form and choose the option for which you use those permission previously I'm using for OTP verification so I choose that one.
After updating these all tracks you need to promote your app to production one by one with increasing order of version code at last only one active artifact track, only production and now you can update in that track only.
Hope it help some one.......
If your app not using those permissions and the third-party library using some kind of those permission use below code for avoiding those permissions. it may affect those library smooth functioning
<uses-permission
android:name="android.permission.RECEIVE_SMS"
tools:node="remove" />
<uses-permission
android:name="android.permission.READ_SMS"
tools:node="remove" />
<uses-permission
android:name="android.permission.SEND_SMS"
tools:node="remove" />
or else you can use alternate methods in the answers, example
SMS Retriever Api
Its not like that you are thinking about. Go to this link
and fill up and submit the from. If you app's default function is to show SMS inbox or just OTP account verification, then they will not remove your app.
Google is no more allowing more apps with SMS permission due to security and privacy issue. So if you need Phone No verification then
Firebase Auth is the best option. It's almost free
Limit:Verification code SMS messages 50 messages/IP address/minute, 500 messages/IP address/hour
https://firebase.google.com/docs/auth/android/phone-auth
According to google "You may only request permissions that are necessary to implement critical current features or services in your application. You may not use permissions that give access to user or device data for undisclosed, unimplemented, or disallowed features or purposes".
Click Here To Read Official Google Permission Doc
If your app need to read sms for SMS-based user verification / OTP verification please use SMS Retriever API which does not needed any sms permission and your app can still read SMS for OTP verification.