Use of SMS or Call Log permission groups

Google Play restricts the use of high-risk or sensitive permissions, including the SMS or Call Log permission groups. 

If your app does not require access to Call Log or SMS permissions, you must remove these permissions from your app's manifest. Details on policy-compliant alternative implementation are also detailed below. 

If you believe that your app meets the policy requirements for acceptable use or is eligible for an exception, you should declare any Call Log or SMS permissions directly through the Play Console.

Apps that fail to meet policy requirements or submit a Declaration Form may be removed from Google Play.

When should you access these permissions

You should only access Call Log or SMS permissions when your app falls within permitted uses and only to enable your app’s critical core functionality. 

Core functionality is defined as the main purpose of the app. This may comprise of a set of core features, which must all be prominently documented and promoted in the app's description. Without the core feature(s), the app is 'broken' or rendered unusable. 

Collapse all Expand all

Permitted uses of the SMS & Call Log Permissions

For apps requesting access to the SMS or Call Log permissions, the intended and permitted uses include default SMS handling, default phone handling or Assistant handling capability.

Apps must be actively registered as the default SMS, Phone or Assistant handler before prompting users to accept any of the above permissions and must immediately stop the use of the permission when they no longer are the default handler. 

Use

Eligible permissions*

Default SMS handler (and any other core functionality usage while default handler)

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, SEND_SMS, WRITE_SMS

Default Phone handler (and any other core functionality usage while default handler)

SEND_SMS

PROCESS_OUTGOING_CALLS, READ_CALL_LOG, WRITE_CALL_LOG

Default Assistant handler (and any other core functionality usage while default handler)

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, SEND_SMS, WRITE_SMS

READ_CALL_LOG


* Subject to Google Play review and approval.

Exceptions

Google Play may provide a temporary exception to apps that aren't Default SMS, Phone or Assistant handlers when:

  • Use of the permission enables the core app functionality listed below; and
  • There is currently no alternative method to provide the core functionality

Use

Eligible permissions1

Account verification via phone call

Device may be verified by transmitting a phone call; receipt of phone call is confirmed by verifying number in call log

READ_CALL_LOG

Anti-SMS phishing ('smishing')

You must have a track record of significant protection for users, as reflected in analyst reports, benchmark test results, industry publications and other credible sources of information, to be eligible for implementing this use case.

Please submit relevant documentation through this form to obtain a pre-qualification from Google.

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, WRITE_SMS

Backup and restore for users

User content backup, restore and cloud storage

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, WRITE_SMS

READ_CALL_LOG, WRITE_CALL_LOG

Caller ID, spam detection and/or spam blocking

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, SEND_SMS,

READ_CALL_LOG, PROCESS_OUTGOING_CALLS

Connected device companion apps that enable sending and receiving of SMS or calls

Apps that enable the user to connect a mobile device to a connected device (for example, a smartwatch, automotive, smart home device, etc.) and send/receive texts and phone calls

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, SEND_SMS, WRITE_SMS

PROCESS_OUTGOING_CALLS, READ_CALL_LOG, WRITE_CALL_LOG

Cross-device synchronisation or transfer of SMS or calls

Apps that enable the user to sync texts and phone calls across multiple devices (such as between phone and laptop)

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, SEND_SMS

READ_CALL_LOG

Device automation

Apps that enable user to automate repetitive actions across multiple areas of the OS, based on one or more set conditions (triggers) by the user

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, SEND_SMS, WRITE_SMS

 

READ_CALL_LOG, WRITE_CALL_LOG, PROCESS_OUTGOING_CALLS

Enterprise archive, enterprise CRM and/or enterprise device management

Device management for corporate entities for their employees; corporate login required for access

* For enterprise CRM use: only permissions marked with * are allowed

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, WRITE_SMS

READ_CALL_LOG*, PROCESS_OUTGOING_CALLS*, WRITE_CALL_LOG

In-vehicle hands-free use and projected display

Apps directly related to core functionalities of driving/mobility (e.g. navigation), especially in situations where a user’s physical interactions with a device(s) are limited

RECEIVE_SMS, SEND_SMS,

RECEIVE_MMS, RECEIVE_WAP_PUSH, WRITE_SMS

PROCESS_OUTGOING_CALLS, WRITE_CALL_LOG, READ_CALL_LOG

Physical safety/emergency alerts to send SMS

Apps that send SMS alerts in emergency situations

SEND_SMS

Proxy calls 

Apps that provide an intermediary number to enable user calls/texts

PROCESS_OUTGOING_CALLS, READ_CALL_LOG, WRITE_CALL_LOG

SMS Mobile Broadcast

Apps that use Mobile Broadcast messaging for customer communications

RECEIVE_SMS

SMS-based financial transactions and money management

e.g. Unified Payment Interface (UPI), verifications for financial transactions, track and manage budget

READ_SMS, RECEIVE_MMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, SEND_SMS

Write and show call history in default dialler app

Apps that document call history in a user’s dialler

WRITE_CALL_LOG


1 Subject to Google Play review and approval.

Note: Apps for operator and OEM services may request permissions access for the above use cases, in addition to critical services that require access.

Policy Exception

If you have old APKs with SMS/Call Log permissions and you are no longer able to make code changes to these APKs, you may apply for a policy exception.

In order to qualify for the exception, you must meet ALL of the following requirements:

  • You must declare the specific APK(s) for which you would like an exception

  • The APKs requesting an exception must have been published before 1 January 2019

  • You must have alternative APKs served to users on Android Oreo (API Level 26) or higher, and these must be compliant with the SMS/Call Log policy

  • The APKs requesting an exception must represent a very small percentage (no more than low single-digit %) of your total install base

Google Play will review the request and grant exceptions on a case-by-case basis. Alternatively, you may choose to unpublish the violating APKs to be compliant with the SMS/Call Log permissions policy.
Invalid uses

In some cases, apps may wish to access sensitive user data for purposes where a safer and more secure alternative exists, or where risk of data exposure doesn't warrant access. 

Below is a list of common use cases that won't be permitted to access sensitive user data associated with SMS and Call Log permissions: 

  • Account verification via SMS (see Alternatives below)
  • Content sharing or invites (see Alternatives below)
  • Contact prioritisation, affinity profiles or social graphs
  • Call recorder

  • Device performance booster, space or data management

  • Family or device locator

  • Smart or predictive keyboard

  • SMS or calls appearing in wallpaper, launcher and other tools

  • SMS translation

  • Text to voice, speech/voice to text [when not default handler or eligible exception]

  • SMS and Contacts management [when not default handler or eligible exception]

  • SMS or Phone Notification Enhancement and Alerts [when not default handler]

Note: This list is not exhaustive.

Alternatives to common uses

Use

Alternatives

SMS OTP & account verification

With the SMS Retriever API, you can perform SMS-based user verification in your app automatically, without requiring the user to manually type verification codes, and without requiring any extra app permissions.

If the SMS Retriever API is not an option for your app, users can also manually enter a verification code.

Initiate a text message

With the SMS Intent, your apps can initiate an SMS or MMS text message.

Share content

With the Share Intent, your app can enable users to share content or send invitations through a variety of supporting apps, without requiring sensitive app permissions.

Initiate a phone call

With the Dial Intent, your app can specify a phone number and open the phone app. The user can then explicitly initiate the phone call.

The Dial Intent doesn't require the CALL_PHONE permission.

 

Important: If your app's usage of these restricted permissions changes, you must submit the form again with updated and accurate information. Deceptive and non-declared uses of these permissions may result in a suspension of your app and/or termination of your developer account.

Was this helpful?
How can we improve it?