According to Google’s Play Console Help page, “Google Play restricts the use of high risk or sensitive permissions, including the SMS or Call Log permission groups.” To understand this policy, we recommend reading this article from the Android Developers Blog.
Hover requires the READ_SMS and RECEIVE_SMS permissions in order to read responses from USSD sessions that come back over SMS. Not all USSD services respond via SMS, but most do, so this permission is included by default. Hover does not sell or use SMS for marketing purposes of any sort.
The Hover SDK is in compliance with Google’s new policies because it uses SMS only for core functionality and the data is never sold or used for marketing. We fall into multiple categories that Google lists as exceptions to their rules, including Device Automation, SMS-based financial transactions, and Carrier and OEM services.
When you publish your app to Google Play or if your app has been removed from Google Play and you have received a notification similar to the below, you will need to bring your app into compliance by filling out the Permissions Declaration Form in the app releases section of the Google Play dashboard. For existing apps the deadline is 9 March 2019.
The Permissions Declaration process is outlined by Google in detail here. Of note, you may need to provide app review instructions, a video demonstration of your app, and/or test account credentials. We recommend having these ready before beginning the Permissions Declaration process.
Steps to filling out the Permission Declaration Form
- Choose app release and create a new release as you normally would at https://play.google.com/apps/publish
- You will automatically see the Permission Declaration Form if you have included the Hover SDK or your Android Manifest includes any of Google’s restricted permissions. So long as you are not reading or storing SMS yourself you can fill out the form as follows. Hover is not responsible for your app’s violations of Google’s policies. If you have made any changes to SMS handling in your app please change your responses accordingly.
- Under “Compliance status” choose “Yes, this release meets the SMS and Call Log permissions policy”
4. Under “Core functionality” choose the options that best match your USSD use case. The most likely options with Hover are “SMS based money management”, “Services - Carrier”, “Services - OEM”, and “Device Automation”
5. In “Instructions for app review” you need to describe how a person at Google might test your app. Since Hover only reads SMS from a related USSD service which you configure, you may need to mention that a potential reviewer needs a particular SIM.
6. “Video Instructions” This is optional, but given that a reviewer would need a particular SIM card this could be a good way to show them how your app works.
7. “Test account” gives Google test credentials to log into your app if your app requires them. Hover itself has no such requirement.
8. Read and agree to the “Declarations” section.
9. Complete the rest of the usual app release fields, then click SAVE. When you are ready to release click REVIEW.