How to fix "Violation of Permissions policy" for an android application?

Question

One of our application has been removed from google play store, we have removed the unwanted permissions and updated to the store. But the application has been again rejected saying "Violation of permission policy", the manifest includes dangerous permissions but we need those permissions for app's core functionality. We are facing difficulties to identify the mistake. Below are the permission required by the app.

<uses-permission android:name="com.android.vending.BILLING" />
<uses-permission android:name="android.permission.INTERNET" />

<uses-permission android:name="android.permission.READ_PHONE_STATE"/>

<uses-permission android:name="android.permission.READ_CALL_LOG"/>

<uses-permission android:name="android.permission.RECEIVE_SMS"/>
<uses-permission android:name="android.permission.READ_SMS"/>
<uses-permission android:name="android.permission.SEND_SMS"/>

<uses-permission android:name="android.permission.READ_CONTACTS"/>

<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="com.google.android.gms.permission.ACTIVITY_RECOGNITION" />
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />

What change needs to be done to overcome this problem?

Answer 1

The problem is the SMS permission I think like READ_SMS

Duplicate of this Violation of the Permissions policy in google play

Answer 2

Your problem is this permissions:

<uses-permission android:name="android.permission.READ_PHONE_STATE"/>   
<uses-permission android:name="android.permission.READ_CALL_LOG"/>
<uses-permission android:name="android.permission.RECEIVE_SMS"/>
<uses-permission android:name="android.permission.READ_SMS"/>
<uses-permission android:name="android.permission.SEND_SMS"/>

By new googles policy you should send special form to google to approve those permissions.

Notice that they will not allow this permissions for app that the core functionality is not related to sms and phone.

More info here

Answer 3

Permission Policy : https://play.google.com/about/privacy-security-deception/permissions/

Permitted Uses: https://support.google.com/googleplay/android-developer/answer/9047303#intended

Please read above the Permissions policy and the permitted uses, and take one of the following actions:

• Option 1) Remove these permissions from your app’s manifest

If your app does not require access to Call Log or SMS data, remove the specified permissions from your app’s manifest (or migrate to an alternative implementation), then publish an updated version of your app with a higher version code using the standard release process. All active APKs in the release must be free of sensitive permissions on all tracks.

• Option 2) Submit a Permissions Declaration Form to request approval from Google Play

If your app is a default handler, or you believe your app qualifies for a permitted use, publish an updated version of your app with a higher version code. You'll be required to complete a Permissions Declaration Form as a step in the release process. Select the appropriate core functionality for your app and fill out the remainder of the form's required fields. Be sure to select the core functionalities that are appropriate for the app. Google Play will reject apps where the core functionality does not match this declaration or the use is not permitted.

Also make sure your alpha, beta and internal testing channel don't have any apks with policy violation