Cannot upload app with RECEIVE_SMS permission to PlayStore

Question

I've created an Android app where the users need to login to the app using OTP. Manual input of OTP is not allowed, the app reads the OTP using RECEIVE_SMS permission.

<uses-permission android:name="android.permission.RECEIVE_SMS"></uses-permission>

Android app works fine, but I'm not able to upload the app to the Google Play Store. I'm well aware of the GDPR policy but the app only checks the SMS for OTP and no other purpose, no other data is required from SMS.

The PlayStore console is rejecting my app because of this permission, what am I doing wrong? How to clear my app permissions?

Answer 1

Take a look in This Link
to stop requiring the RECEIVE_SMS permission and use this instead: https://developers.google.com/identity/sms-retriever/overview to do OTP

Answer 2

If you really need the permission you can submit a request to Google Play allowing you to use that particular permission, you will be prompted to fill in a form if you have a new "Use Case" it will take up to 2 business days, fortunately in your case, OTP is a use case option.

I submitted through Developer Console in Release Management -> App Releases -> CREATE RELEASE

Answer 3

Since January 1st Google has restricted the usage of the SMS permission and your app will be rejected if you try to submit it with that in the manifest.

Google Play restricts the use of high risk or sensitive permissions, including the SMS or Call Log permission groups.

If your app does not require access to Call Log or SMS permissions, you must remove these permissions from your app's manifest

https://support.google.com/googleplay/android-developer/answer/9047303?hl=en