Google's New SMS and Call Permission Policy is Crippling Apps Used by Millions

Ryne Hager, writing for AndroidPolice: Late last year, Google decided it was time to crack down on apps requesting SMS and call log permissions. Ostensibly, exceptions would be granted for categories including backups and automation, but as of now, there are still gaps which cover legitimate use cases. While some popular apps like Tasker have successfully secured exemptions, others like Cerberus have not. Instead, they've decided to strip out those permissions or risk facing the wrath of Google's upcoming January 9th banhammer, killing associated functionality and disappointing millions of long-time users to adhere to the Play Store's new policy.

The Play Console support page for the applicable set of permissions notifies developers that they can submit what is effectively an application for an exemption, categories for which are listed on the same page. (And that list of exceptions has grown since the original announcement.) Nonetheless, a further set of prohibitions are also included in the form itself, which explicitly preclude support for phone security/device location apps like Cerberus.

Security

[Luthair]

Given it isn't uncommon (unfortunately) for SMS to be used as a second factor its too unsafe to allow random applications to have access. Its also a common scam for using SMS permission to sign up for high cost services.

Cudos Google

[Dorianny]

Sorry but collection of sensitive data for profit, is a much bigger concern than a few legitimate apps being broken. Now, if only we could do something about Google's data-mining

Re:It's not for the users benefit

[iamgnat]

Users just need the ability to approve this on a per- app basis, not censorship.

I've been an Android user since about the end of 6 and it has always had that ability on my phones (Nexus 6P and Pixel 3 XL). You have to go out of the way to change the permissions though so it would be nice if it would pop up the list for you to verify the first time you run it after an install or update.

What pisses me off is the apps that refuse to work at all if they don't have a specific permission even if you don't use the related feature. For example I have a heart monitor that requires microphone permission so you can record notes, but it also allows you to write simple text notes too. If you don't give it permission to use the microphone it refuses to work at all. I've run into plenty of others too, but that's the only one where my answer couldn't simply be to delete the app.

Re:I don't see any reason!...

[habig]

How bout an app that uses SMS as a remote control channel for when you lose your phone? This handy app: https://www.androidlost.com/ is about to get neutered. According to the forums, the author is doing all the right things with respect to applying for exemptions, and is going to get whacked anyway. If an app with this one's long history of good work gets blasted, any indie author is toast.

SMS Retriever API

[Todd+Knarr]

So why can't Cerberus use the SMS Retriever API for their functionality? For what they're doing they don't need to see every SMS message or call log entry on the device, they just need to see and respond to the single SMS message sent by their servers which is exactly what the Retriever API is designed for. It requires a loop, it'd be nice if there was a way for an app to register a permanent retriever so that loop wasn't necessary, but it shouldn't require a half-decent Android developer more than a day or two to code up the functionality needed. All these devs are doing is throwing a hissy fit instead of acknowledging why Google found these restrictions necessary and working within them (or working with Google to implement just the functionality needed). I suddenly feel a need to research any app or company complaining about this to see exactly why they're so upset about losing access to a data stream that it doesn't seem they should care about in the first place.