Google is considering the users privacy seriously. Starting from Android Marshmallow, it has segregated dangerous permissions and introduced Runtime permissions. With Android Pie, the apps which are idle can no longer access microphone, camera, and sensors. NOW, it has updated its Google Play Developer Policy which restricting SMS, CALL_LOG access only to default apps.

Wait, What?

That’s right. If you have an app in the play store, requesting SMS or CALL_LOG permissions and your app doesn’t really require these permissions, you should be removing it from the AndroidManifest file and should update the app in play store.

If you really need these permissions to fulfill certain functionalities, you should be filling 6-page Permission Declaration Form and submitting to Google Play for review.

Apps that fail to meet policy requirements or submit a Permissions Declaration Form by 9 January 2019 may be removed from Google Play.

But… Any Alternatives?

Yes. There are quite a few. Let’s begin with simple alternatives.

Want to initiate a phone call? Don’t use CALL_PHONE permission, use Dialer intent instead.

val intent = Intent().apply {

action = Intent.ACTION_DIAL

data = Uri.parse("tel:0123456789")

}

startActivity(intent)

2. Want to share content? No need for sensitive permissions, go with Share intent. More examples here.

val sendIntent: Intent = Intent().apply {

action = Intent.ACTION_SEND

putExtra(Intent.EXTRA_TEXT, "This is my text to send.")

type = "text/plain"

}

startActivity(sendIntent)

3. Need to send the text message? SMS intent to the rescue. You can send SMS, MMS with this intent. More examples here.

val intent = Intent().apply {

action = Intent.ACTION_SENDTO

data = Uri.parse("smsto:0123456789")

putExtra("sms_body", "text message")

}

if (intent.resolveActivity(packageManager) != null) {

startActivity(intent)

}

4. Okay… All those were easy. Now I want to read OTP in my app & authenticate the user. Tell me how can I proceed? Ah. No worries. Google got you covered! With SMS Retriever API, your app can automatically retrieve verification code without any Runtime permissions.

OTP verification with SMS retriever API

Prerequisites

Android smartphone with the phone number & running Google play services 10.2.X or higher. A server which can send OTP in the predefined format.

Android Implementation

Add play-services-auth as dependency in your build.gradle file.

implementation "com.google.android.gms:play-services-auth:16.0.1"

2. Get the phone number from user to send it to the server. Alternatively, you can implement the hint picker to prompt the user to choose from the phone numbers stored on the device and thereby avoid having to manually type a phone number.

3. Initialize SmsRetrieverClient and listen to the Success/Failure callback like below.

Note: Once the SmsRetrieverClient starts, it waits for ONE matching SMS until the timeout of 5 minutes.