Removing the READ_SMS permission on Android for Google Play's new policy

I’m also encountering the READ_SMS error. I added "permissions": [] to the Android key of my expo object in App.js.

I followed the Google instructions above (thanks for posting) and after completing Step B, my permissions are:

android.permission.ACCESS_NETWORK_STATE, android.permission.INTERNET, android.permission.MODIFY_AUDIO_SETTINGS, android.permission.SYSTEM_ALERT_WINDOW, android.permission.WAKE_LOCK, com.google.android.c2dm.permission.RECEIVE, com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE, org.lacted.lactfacts.permission.C2D_MESSAGE

But after Roll Out I get the same SMS Error

  • The declared functionality {Default Phone handler (and any other core functionality usage while default handler)} is determined to be unnecessary or not aligned with the core functionality of your app.
  • The declared function {Default Phone handler (and any other core functionality usage while default handler)} is allowed, but not approved for the specific permissions that are listed in your manifest {READ_SMS}. These excess permissions {READ_SMS} must be removed from your app manifest.

When I attempt to follow step C. There are no apks in the Library that I want to use. I can retain the current APK, but I do not have the "Compliance Status" checkbox. There is no instance of the word "compliance" on the page.

When I search for SMS in my repo, the only match is in this entry in yarn.lock:

expo-sms@~1.1.0:
  version "1.1.0"
  resolved "https://registry.yarnpkg.com/expo-sms/-/expo-sms-1.1.0.tgz#b04874ffdac9ebff209d6842b5f5f314ab05fe92"
  integrity sha512-Tb3zSrrXhUsWeaD5EiK3XmebMp++nbN5Fhc3dXqVbMJzb+Ua5LkbW612G0EGrcUNjnZwwQRUb2UpRvX1x91Obw==
  dependencies:
    expo-core "~1.2.0"
    expo-permissions-interface "~1.2.0"

Any suggestions appreciated…

For what its worth, I had the same issue with SDK 32 and seeing this error. I fixed the issue last night. In the console under contact, you can actually live chat with someone and they were able to help me figure out what the issue was. What my issue ended up being was I had an old release down in my internal test track that I never did anything with. Because this release relied on an old apk that requested the permission, that was the problem. What I had to do is create a new release in the internal test track and deactivate the old apk. Then I promoted that release through all of my environments until it was in production and that worked. So make sure you don’t have any stale releases in ANY of your tracks that rely on an old apk. You can also see what apks are still currently being used in the “Artifact Library”. I hope this helps anyone else out that was having the same issue as me.

1 Like

I’m still seeing this issue (my app was removed today from the store because of SMS/CALL_LOG permissions) even after it was rebuilt with SDK 32 the first time.

read the comment above you from @breadboxio and see if that helps

You should contact with google support, ii worked for me :slight_smile:

I had accidentally left the “sdkVersion” in app.json as “31.0.0” when I had upgraded to 32 and I think that caused the permissions to stay. I rebuilt it with 32 and re-submitted. Everything is fine for now, thanks.

Hello all,

I wanted to know if this was related to using LINKING?

All I’m doing is opening either the native phone app and pre-populating a number, or the email application likewise?

Thanks so much

You can run the following command to see the app permission on an apk:

~/Library/Android/sdk/build-tools/19.1.0/aapt dump permissions ~/Downloads/myApp.apk

This worked for me also, for some reason when I read this a few weeks back, I didn’t follow the steps - or thought I had deleted the release, so I ended doing something else, that made it worse. I eventually just released my latest version onto the Internal Test Track, and then it did not ask me for permissions any longer.

One thing you should check if nothing seems to be working is that you don’t have any older builds in your internal, alpha or beta release tracks. I just got an email that the version code that was offending was version code 1 which was still active in my internal release track despite having never been published.

So, it appears they may be evaluating any build that may even have a chance of getting out into production, not just the ones you’ve released.

wow. this has totally burned us. app removed from play store even tho latest should be ok because built using sdk32.
only issue is that old builds sitting in alpha and beta tracks.

edit: to those experincing this there is a way to kill off old releases in your non production tracks (i.e. internal, apha, beta, etc)
simply create a new release with 0 (zero) APKs specified. It will wipe out the old version and after saving, you should see a message that says “superceeded by Production”.
You will still need to save a new version of your app (even if there are no changes) to get your app re instatated in the play store

ref: android - Remove obsolete beta version from Google Play - Stack Overflow

<rant> Google Play Store docs on this topic really suck </rant>

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.