Google to Remove Apps That Require Call Log, SMS Permission From Play Store

Desmond · Jan 16, 2019

Source: Google Play to Start Evicting Apps Asking for Call Log, SMS Permission

After showing the door to apps involved in ad-fraud and those which seed malware, Google is now cracking down on Android apps which require permission to access call logs and SMS. Google has notified developers that over the course of the next few weeks, apps whose core functionality does not require SMS and call log permission will be removed from the Android app store repository. Google has revealed that until an app has been reviewed and certified that it requires the aforesaid permissions to justify its primary function, it will be under the scanner and might be removed from the Play Store.

Back in October last year, Google informed developers to update their apps to API level 26 and also tweak the permissions required by them to fall in line with the new guidelines aimed at protecting users. Developers were given 90 days to review their app's permissions and make the necessary changes or justify the necessity using a permission declaration form, after which Google's team will review those apps.

Now that the 90-days span has expired, Google has announced that its team will soon begin removing apps which require call logs and SMS permissions from the Play Store. However, only those apps will be booted off for which the developers are yet to submit a permission declaration form. Google has pointed that its team assesses factors such as user benefit of the permissions, availability of more narrow alternatives, risks presented by the app and the sheer importance of the permissions for helping an app accomplish its core objective. Also, developers should be able to explain why an app requires permission to access such sensitive data.

However, Google has not revealed a specific date when the app eviction process would commence. As for developers whose apps are kicked off in compliance with the new guideline, they will get the opportunity to submit an updated version of their app without the permissions. Alternatively, they can choose to submit a permission declaration form to keep their app listed on the Play Store temporarily until March 9, during which it will be reviewed and receive the final nod if deemed reasonable. Google has also mentioned that rather than relying on permissions, app developers can opt for narrower APIs to accomplish the required task. Take for example the SMS retriever API, which can be used for account verification via SMS without requiring extra app permissions.

About time I say.

whitestar_999 · Jan 16, 2019

Maybe for those who use such apps that can not function correctly without giving all the permissions.I always disable contacts/sms permission from paytm app & it works without that too but I doubt it will be affected by this rule as its "core functionality" does require access to contacts(& thus call log too).

Desmond · Jan 16, 2019

Yeah, app permissions is godsend for apps like these. I just deny all requests if they are not justified.

meetdilip · Jan 17, 2019

Jio apps asks for almost all permissions.

Anorion · Jan 17, 2019

nooo... this was one of the reasons where I believed Android had an edge. Walnut is one of my favourite Android apps, it requires access to SMS, and it is not available on iOS

Don't see what the problem is, there are options for granular permissions.

meetdilip · Jan 17, 2019

It could be linked to OTP stealing.

Vyom · Jan 17, 2019

Anorion said:
nooo... this was one of the reasons where I believed Android had an edge. Walnut is one of my favourite Android apps, it requires access to SMS, and it is not available on iOS
Don't see what the problem is, there are options for granular permissions.

From the article:

...apps whose core functionality does not require SMS and call log permission will be removed from the Android app store repository...

I am sure big apps like Walnut will have the reasons to justify the use case. In fact majority of the apps can justify the use case "we need to read the OTP sent to the user". Well, unless Google believe that the requirement to only read the OTP is not justified, almost every apps can save itself from being removed.

meetdilip · Jan 18, 2019

Why can't we manually enter OTP ?

Desmond · Jan 18, 2019

Agreed, OTP can be entered manually. It's not worth giving access to every SMS that a user receives just for a few seconds of convenience.

Anorion · Jan 18, 2019

Vyom said:
From the article:

I am sure big apps like Walnut will have the reasons to justify the use case. In fact majority of the apps can justify the use case "we need to read the OTP sent to the user". Well, unless Google believe that the requirement to only read the OTP is not justified, almost every apps can save itself from being removed.

Oh, then its good. Missed that bit.

vikas1983 · Jan 27, 2019

This is excellent step by Google to protect users. And the genuine apps anyways would be given access. I use finart app to track my expenses based on SMS data. Similarly there would be many such apps which need this access for genuine need

Mod edit: Removed URL on suspicion of spam. Kept the app name since it's not offtopic.

billubakra · Jan 29, 2019

vikas1983 said:
This is excellent step by Google to protect users. And the genuine apps anyways would be given access. I use finart app to track my expenses based on SMS data. Similarly there would be many such apps which need this access for genuine need

Mod edit: Removed URL on suspicion of spam. Kept the app name since it's not offtopic.

Who will protect users from Google aka skynet?

Google to Remove Apps That Require Call Log, SMS Permission From Play Store

Desmond

Destroy Erase Improve

whitestar_999

Super Moderator

Desmond

Destroy Erase Improve

meetdilip

Computer Addict

Anorion

Sith Lord

meetdilip

Computer Addict

Vyom

The Power of x480

meetdilip

Computer Addict

Desmond

Destroy Erase Improve

Anorion

Sith Lord

vikas1983

Right off the assembly line

billubakra

Conversation Architect