Removing the READ_SMS permission on Android for Google Play's new policy


#21

Ok thanks, I’ve updated the apk on the app store but my artefact library still has READ_SMS as a required permission. It sounds like I just have to wait for that to be removed


#22

just built with expo build:android, no permissions specified in app.json and READ_SMS is in the AndroidManifest.xml file :frowning:


#23

Sorry, I misspoke earlier. The READ_SMS permission has been removed only from SDK 32 builds. For SDK 31 and older, you’ll need to set "permissions": [] – or list out the permissions you use, if you do use extra permissions – in your app.json file.


#24

I’m using sdk 30 and 31, I can confirm that the alert is still there even after some time. I’ve this in one of apps:

"permissions":["READ_EXTERNAL_STORAGE", "WRITE_EXTERNAL_STORAGE","CAMERA"]

and this in the other:

"permissions":[]

I need to contact Google and explain the situation or is a bug in Google Play Console?


#25

The alert on the Google Play dashboard appears even if your latest uploaded APK is compliant. Checking your APK manifest is the best way to see the source of truth.


#26

I noticed that although the "permissions":[] trick works, the in-app permissions that I have configured (such as LOCATION and NOTIFICATIONS) are ignored. If I update the SDK to latest version, and remove the empty array from app.json, will this get solved?


#27

@ide I am include to give permissions:[] in app.json, but I am afraid that will disable PushNotification permission. How do I ensure I dont loose push notification permission ?


#28

My Push Notification permission got disabled. How do I “whitelist” it? I tried including "com.google.android.c2dm.permission.RECEIVE" in the app.json file to no avail.


#29

Hi,

I have an issue with an APK and Expo SDK 32 and don’t have READ_SMS permission in APK.

Play console says that I can’t publish until I declare sensitive permissions.

Where can I declare this thing? I don’t see anything about it (ie. form or permissions related thing) in the console?

I’m stuck with this! :tired_face:

List of permissions of my APK from play console:

  • android.permission.ACCESS_COARSE_LOCATION
  • android.permission.ACCESS_FINE_LOCATION
  • android.permission.ACCESS_NETWORK_STATE
  • android.permission.CAMERA
  • android.permission.INTERNET
  • android.permission.MANAGE_DOCUMENTS
  • android.permission.MODIFY_AUDIO_SETTINGS
  • android.permission.READ_CALENDAR
  • android.permission.READ_CONTACTS
  • android.permission.READ_EXTERNAL_STORAGE
  • android.permission.READ_INTERNAL_STORAGE
  • android.permission.READ_PHONE_STATE
  • android.permission.RECORD_AUDIO
  • android.permission.SYSTEM_ALERT_WINDOW
  • android.permission.USE_FINGERPRINT
  • android.permission.VIBRATE
  • android.permission.WAKE_LOCK
  • android.permission.WRITE_CALENDAR
  • android.permission.WRITE_EXTERNAL_STORAGE
  • android.permission.WRITE_SETTINGS
  • ch.health.docdok.permission.C2D_MESSAGE
  • com.anddoes.launcher.permission.UPDATE_COUNT
  • com.android.launcher.permission.INSTALL_SHORTCUT
  • com.google.android.c2dm.permission.RECEIVE
  • com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
  • com.google.android.gms.permission.ACTIVITY_RECOGNITION
  • com.google.android.providers.gsf.permission.READ_GSERVICES
  • com.htc.launcher.permission.READ_SETTINGS
  • com.htc.launcher.permission.UPDATE_SHORTCUT
  • com.majeur.launcher.permission.UPDATE_BADGE
  • com.sec.android.provider.badge.permission.READ
  • com.sec.android.provider.badge.permission.WRITE
  • com.sonyericsson.home.permission.BROADCAST_BADGE
  • host.exp.exponent.permission.C2D_MESSAGE

#30

Find a solution:

  • create a release by retaining a previous version that way we can see permission form.

#32

I am running into the same issue with SDK 32. Did you find a solution to this problem?


#33

Do I need to remove permission of RECEIVE_SMS as I am using it for receiving OTP for PayUMoney payment becuase per new privacy policy which will remove such apps from MARCH 2019?


#34

I’m not sure what the sensitive permission is. This thread is about READ_SMS and if your APK doesn’t list it in AndroidManifest.xml, another permission is most likely causing the issue if you have uploaded a new APK without the READ_SMS permission.

This thread might be helpful if you have non-compliant APKs (ex: with READ_SMS) in other release tracks like alpha or beta: https://www.reddit.com/r/androiddev/comments/ajddj6/play_store_console_you_cant_edit_this_app_until/eeye216/


#35

SDK 32 has the READ_SMS permission removed. If you are seeing an error message in the Google Play developer console, it sounds like a couple things to check are that you’ve uploaded the new APK and are not editing the entry for an old APK, and that you don’t have APKs with READ_SMS in alpha or beta release tracks (see the link in the previous post right above).


#36

I’m incrementing the version code and building a new APK using expo:build android… is that what you mean by this? Because it still shows READ_SMS permission prompt here?

Here are what my permissions look like.

android.permission.ACCESS_NETWORK_STATE, android.permission.INTERNET, android.permission.MODIFY_AUDIO_SETTINGS, android.permission.SYSTEM_ALERT_WINDOW, android.permission.WAKE_LOCK, com.getshoppingo.shoppingo.permission.C2D_MESSAGE, com.google.android.c2dm.permission.RECEIVE, com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE, host.exp.exponent.permission.C2D_MESSAGE

Can anyone help? Is it cached? If so, I’ve been waiting for 2 days, it still hasn’t gone.


#37

If you’ve uploaded a new APK that doesn’t use the READ_SMS permission in AndroidManifest.xml — which has been working for others — the remaining causes of the issue are likely with the Google Play developer console. If the APK has the right permissions, expo build is working as intended.

If you have only one release track (production, no alpha/beta) that further narrows down the possible cause of the problem. You could contact Google with enough information to help you and they may have seen your issue at a wider scale.


#38

The same goes for my app. I have rebuilt the app with SDK32, uploaded, but Play Console ask always permission declaration, when I want to make a new release. Any progress on it?


#39

Feeling a bit relieved someone else is also stuck at the same place as me… I’ve tried contacting Google Play Developer support but they haven’t been replying to my emails.

I’m genuinely confused as to what I’m doing wrong because I’ve even checked my Manifest file using the APK explorer tool on Android Studio and the permission isn’t present there either. It’s been close to 3 weeks since my app was terminated from the Play Store… and I have no idea how to put it back there.


#40

Hi,

I’ve received this information now from the Play Console Support:

Hi,

Thanks for contacting Google Play Developer Support.

To upload a new APK, you need to submit the extension form for all the permissions that you’re currently using in your app.

Please see the following instructions to submit the extension form:

A1. Go to the Console > App release > Click ‘Create a release’ > Upload a new APK that you want to release

A2. Retain the current version of APK

A3. Click ‘Add from library’ > Upload all active APKs to cover all permissions across the tracks in your app

  1. You can find active APK in Release management > Artifact library

A4. Fill out the Permissions Declaration Form for extension

  1. ‘Compliance status’ > check “No, this release does not meet the SMS and Call log”

  2. ‘Declarations’ > check all

A5. Click “Save” at the bottom of the page

After that, please stay on the same page and follow the next steps:

B1. Deactivate and remove ONLY the old APKs which you do not want to release.

B2. Click “Save” again then select “Review”

B3. Then, you’ll be able to release a new version of APK by clicking “Start Roll Out” button.

After finished all the steps, if your APK does NOT have sensitive or high-risk permissions anymore, please skip the steps below(C1~4) and no additional action is required. However, if you uploaded the new APK with sensitive or high-risk permissions, please note that your app will be removed after Mar 9, 2019.

If your new APK has sensitive or high-risk permissions & you want to utilize the permission after Mar 9, you need to finish the additional step to submit the declaration form to enable further review.

C1. After the new APK release(Step B1~3), please go to the Console > App release > Click ‘Create a release’

C2. Click ‘Add from library’ > Select the APK(which will be utilized after Mar.9)

C3. Retain newly updated APK in step B3

C4. Fill out Permissions Declaration Form (not for extension),

  1. ‘Compliance status’ > check “Yes, this release meets the SMS and Call log”

  2. Choose core functionalities as well

C5. Submit the form by Clicking “Save” at the bottom of the page

Also, to make sure your app be safe after Mar 9, please do not forget to update all the APKs(with sensitive or high-risk permission) in other track with the same steps.

Thanks for working with us through this process and please let us know if you have any further questions regarding the steps above.

Thanks for supporting Google Play.

Regards,

Suraj

I will check it soon.
Paul


#41

It seems that this method works. I’ve updated my app without any issue.