Hi, i received a warning from Google Play and i am confused, the email says that one of my applications is requesting for a specific permission that will only be available for some apps:
> Only an app that has been selected as a user's default app for making > calls or text messages, or whose core functionality is approved for one of > the exception use cases, will be able to access Call Log or SMS permissions. The permission listed in the email for the application is this one: > *RECEIVE_SMS* The reason why i am confused is that my application doesn't require that permission in specific, these are the ones my app is using: > <uses-permission android:name="android.permission.*INTERNET*" /> > <uses-permission android:name="android.permission.*ACCESS_NETWORK_STATE*" > /> > <uses-permission android:name="android.permission.*ACCESS_FINE_LOCATION*" > /> > <uses-permission android:name="android.permission.*READ_EXTERNAL_STORAGE*" > /> > <uses-permission android:name="android.permission.*WRITE_EXTERNAL_STORAGE*" > /> > <uses-permission android:name="android.permission.*CALL_PHONE*" /> --------> > (This one is requested to make a call directly) The only feature related to SMS is the Firebase Automatic-retrieval <https://firebase.google.com/docs/auth/android/phone-auth> but, is my understanding that it doesn't require any specific permission. Reading the documentation, in the Use of SMS or Call Log permission groups <https://support.google.com/googleplay/android-developer/answer/9047303#alternatives> section, at the very end are listed some alternatives to common uses: - *OTP & account verification:* the alternative is the SMS Retriever API (something that if we implement we will have to modify some code) - *Initiate a phone call:* it mentions this case that uses the *CALL_PHONE* permission, but in the email is not specified as affected (we use this one and it has been changed even though is not listed in the email they send to us). The questions here would be: - Is the Firebase Automatic-retrieval using the *RECEIVE_SMS* permission? (we did some testing and if we include that permission the app works fine even with that permission denied) - Is the *CALL_PHONE* permission we need to review and modify? - Where can i get in touch with Google Play Support Directly? I hope someone could help me to understand this. Thanks in advance. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. Visit this group at https://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
