Privacy, Security, and Deception

Privacy, Security, and Deception

We’re committed to protecting user privacy and providing a safe and secure environment for our users. Apps that are deceptive, malicious, or intended to abuse or misuse any network, device, or personal data are strictly prohibited.

Permissions

Permission requests should make sense to users. You may only request permissions that are necessary to implement critical current features or services in your application. You may not use permissions that give access to user or device data for undisclosed, unimplemented, or disallowed features or purposes.

Request permissions access to data in context (via incremental auth), so that users understand why you need the permission or data. Use the data only for purposes that the user has consented to. If you later wish to use the data for other purposes, you must ask users and make sure they affirmatively agree to the additional uses.

Additional requirements for the use of specific permissions:

Activity Requirement
Your app manifest requests the Call Log permission group (e.g. READ_CALL_LOG, WRITE_CALL_LOG, PROCESS_OUTGOING_CALLS) It must be actively registered as the default Phone or Assistant handler on the device.
Your app manifest requests the SMS permission group (e.g. READ_SMS, SEND_SMS, WRITE_SMS, RECEIVE_SMS, RECEIVE_WAP_PUSH, RECEIVE_MMS) It must be actively registered as the default SMS or Assistant handler on the device.

The following restrictions also apply to the above permissions:

Apps lacking default SMS, Phone, or Assistant handler capability may not declare use of the above permissions in the manifest. This includes placeholder text in the manifest.

Apps must be actively registered as the default SMS, Phone, or Assistant handler before prompting users to accept any of the above permissions and must immediately stop the use of the permission when it's no longer the default handler.

Apps may only use the permission (and any data derived from the permission) to provide approved critical core app functionality (e.g. critical current features of the app that are documented and promoted in the app's description). You may never sell this data. The transfer, sharing, or licensed use of this data must only be for providing critical core features or services within the app, and its use may not be extended for any other purpose (e.g. improving other apps or services, advertising, or marketing purposes). You may not use alternative methods (including other permissions, APIs, or third-party sources) to derive data attributed to the above permissions.

Exceptions to Call Log and SMS Default Handler restrictions

The objective of the above restrictions is to protect user privacy. We may grant limited exceptions to the default handler requirement in cases when an app is not the default handler, but abides by all of the above requirements and clearly and transparently provides a highly compelling or critical feature where there is currently no alternative method to provide the feature. Such features will be evaluated against any potential privacy or security impact on users. These exceptions are rare and will not be extended to all developers. Please see this Help Center page for more information.

Was this article helpful?

Thank you for your answer!