Use of SMS or Call Log permission groups

To help protect users and their data, Google Play restricts the use of high-risk or sensitive permissions, including SMS or Call Log permission groups. 

If your app doesn't qualify for access to Call Log or SMS permissions, you must remove these permissions from your app's manifest. This article includes details about policy-compliant alternatives

If you believe your app meets the policy requirements for acceptable use or is eligible for an exception, you must declare any Call Log or SMS permissions directly through Google Play Console.

Apps that fail to meet policy requirements or lack a Permissions Declaration Form may be removed from Google Play.

When to access these permissions

Only access Call Log or SMS permissions when your app falls within permitted uses and only to enable your app’s critical core functionality. 

Think of core functionality as the main purpose of your app. You may have one core feature or a set of them. Without which, the app is broken or rendered unusable. Make sure that your app’s description prominently documents and promotes its core feature(s). 

Collapse All Expand All

Permitted uses of the SMS and Call Log permissions

For apps requesting access to the SMS or Call Log permissions, the intended and permitted uses include default SMS handling, default Phone handling, or Assistant handling capability.

Apps must be actively registered as the default SMS, Phone, or Assistant handler before prompting users to accept any of SMS or Call Log permissions. Those apps must immediately stop using the permission when they're no longer the default handler. 

For apps that are actively set as the default handler, approved core functionality may include contact prioritization that presents the user with their most important contacts or improves recognition and understanding of names. Contact prioritization may use contact recency, frequency, and duration as part of enabling individual user-initiated calls, texts, and actions. Uses beyond contact prioritization, including using data from one user to directly influence another user's product experiences, are disallowed.

 

Use

Eligible permissions*

Example of permitted use
Default SMS handler (when app is the registered default handler for SMS and any other core functionality usage)

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, SEND_SMS, WRITE_SMS

A user relies on a default SMS app to receive and send SMS messages.
Default Phone handler (when app is the registered default handler for phone and any other core functionality usage)

SEND_SMS

PROCESS_OUTGOING_CALLS, READ_CALL_LOG, WRITE_CALL_LOG

A user often places international phone calls, so they set this app as the default dialer to avoid higher phone carrier rates.
Default Assistant handler (when app is the registered default handler for assistant and any other core functionality usage)

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, SEND_SMS, WRITE_SMS

READ_CALL_LOG

A user uses this app to receive, translate, and reply to SMS conversations in real-time in someone else’s native language.


* Subject to Google Play review and approval.

Exceptions

Google Play may provide a temporary exception to apps that aren't Default SMS, Phone, or Assistant handlers when:

  • Use of the permission enables the core app functionality listed in the following table and
  • there's currently no alternative method to provide the core functionality.

Use

Eligible permissions1

Account verification via phone call

Device may be verified by transmitting a phone call; receipt of a phone call is confirmed by verifying the number in a call log

READ_CALL_LOG

Anti-SMS phishing ("smishing")

You must have a track record of significant protection for users — as reflected in analyst reports, benchmark test results, industry publications, and other credible sources of information — to be eligible for implementing this use case.

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, WRITE_SMS

Backup and restore for users

User content backup, restore, and cloud storage

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, WRITE_SMS

READ_CALL_LOG, WRITE_CALL_LOG

Caller ID, spam detection, and/or spam blocking

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, SEND_SMS,

READ_CALL_LOG, PROCESS_OUTGOING_CALLS

Connected device companion apps that enable sending/receiving of SMS or calls

Apps that enable the user to connect a mobile device to a connected device (for example, a smartwatch, automotive technology, smart home device, etc.) and send/receive texts and phone calls

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, SEND_SMS, WRITE_SMS

PROCESS_OUTGOING_CALLS, READ_CALL_LOG, WRITE_CALL_LOG

Cross-device synchronization or transfer of SMS or calls

Apps that enable the user to sync texts and phone calls across multiple devices (such as between phone and laptop)

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, SEND_SMS

READ_CALL_LOG

Device automation

Apps that enable the user to automate repetitive actions across multiple areas of the OS, based on one or more conditions (triggers) set by the user

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, SEND_SMS, WRITE_SMS

 

READ_CALL_LOG, WRITE_CALL_LOG, PROCESS_OUTGOING_CALLS

Enterprise archive, business & enterprise customer relationship management (CRM), and/or enterprise device management

Device management for corporate entities for their employees; corporate login required for access

* For CRM use: only permissions marked with * are allowed

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, WRITE_SMS

READ_CALL_LOG*, PROCESS_OUTGOING_CALLS*, WRITE_CALL_LOG

In-vehicle hands-free use and projected display

Apps whose core functionality (like navigation), directly relates to driving/mobility, especially in situations where a user’s physical interactions with a device(s) are limited

RECEIVE_SMS, SEND_SMS,

RECEIVE_MMS, RECEIVE_WAP_PUSH, WRITE_SMS

PROCESS_OUTGOING_CALLS, WRITE_CALL_LOG, READ_CALL_LOG

Physical safety/emergency alerts to send SMS

Apps that send SMS alerts in emergency situations

SEND_SMS

Proxy calls 

Apps that provide an intermediary number to enable user calls/texts

PROCESS_OUTGOING_CALLS, READ_CALL_LOG, WRITE_CALL_LOG

SMS Cell Broadcast

Apps that use Cell Broadcast messaging for customer communications

RECEIVE_SMS

SMS-based financial transactions

For example, Unified Payments Interface (UPI), verifications for financial transactions

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, SEND_SMS

Call-based authentication and authorization in banking or brokerage apps

Banking or brokerage apps that facilitate secure device-based financial transactions for their service

READ_CALL_LOG, PROCESS_OUTGOING_CALLS

SMS-based money management

For example, apps that track and manage budget

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH

Write and show call history in default dialer app

Apps that document call history in a user’s dialer

WRITE_CALL_LOG
System Services that actively have the SYSTEM_UI_INTELLIGENCE role READ_SMS, READ_CALL_LOG


1 Subject to Google Play review and approval.

Note: Apps for carrier and OEM services may request permissions access for the cases in the preceding table, in addition to critical services that require access.

Policy exception

If you have old APKs with SMS/Call Log permissions and you're no longer able to make code changes to these APKs, you may apply for a policy exception. Enter the version code(s) separated by commas in the APK Exceptions field of the Permissions Declaration Form.

To qualify for an exception, you must meet all of the following requirements:

  • You must declare the specific APK(s) for which you'd like an exception.

  • Your APK(s) must have been published before January 1, 2019 to be granted an exception.

  • You must have alternative APKs served to users on Android Oreo (API Level 26) or higher, and these must be compliant with the Permissions policy.

  • The APKs requesting an exception must represent a very small percentage (no more than a low single-digit percentage) of your total install base.

Google Play will review your request and grant exceptions on a case-by-case basis. Alternatively, you can comply with the Permissions policy by unpublishing the specific APKs that caused the policy issue(s).
Invalid use cases

In some cases, apps may seek to access sensitive user data for purposes where a safer and more secure alternative exists, or where risk of data exposure doesn't warrant access. 

Here's a list of common use cases that won't be permitted to access sensitive user data associated with SMS and Call Log permissions: 

  • Account verification via SMS (see the following Alternatives section)
  • Content sharing or invites (see the following Alternatives section)
  • Contact prioritization (when the app is not the default handler)
  • Social graph and personality profiling
  • Call recorder
  • Device performance booster
  • Device space or data management
  • Family or device locator
  • Smart or predictive keyboard
  • SMS or calls appearing in wallpaper, launcher, and other tools
  • SMS translation (when the app is not the default handler)
  • Text to voice, speech/voice to text (when the app is not the default handler or an eligible exception)
  • SMS and contacts management (when the app is not the default handler or an eligible exception)
  • SMS or phone notification enhancement and alerts (when the app is not the default handler or an eligible exception)
  • Research (like market research based on SMS)
  • Remote control of user phone or other devices
  • Any transfer that results in a sale of this data (including SDKs that sell this data)

Note: This list is not exhaustive.

Alternatives to common uses

Use

Alternatives

SMS OTP & account verification

With the SMS Retriever API, you can perform SMS-based user verification in your app automatically, without requiring the user to manually type verification codes and without requiring any extra app permissions.

If the SMS Retriever API isn't an option for your app, users can also manually enter a verification code.

Initiate a text message

With the SMS Intent, your apps can initiate an SMS or MMS text message.

Share content

With the Share Intent, your app can enable users to share content or send invitations through a variety of supporting apps without requiring sensitive app permissions.

Initiate a phone call

With the Dial Intent, your app can specify a phone number and open the phone app. The user can then explicitly initiate the phone call.

The Dial Intent doesn't require the CALL_PHONE permission.

Important: If you change the way your app uses these restricted permissions, you must submit the Permissions Declaration Form again with updated and accurate information. Deceptive and non-declared uses of permissions may result in a suspension of your app and/or termination of your developer account.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu