Today I got a mail like this, according to this I’m not able to use RECEIVE_SMS READ_SMS anymore in my app. In my app I’m using auto read OTP. Is there any solution for this?

Hello Google Play Developer,

In October, we announced updates to our Permissions policy that will limit which apps are allowed to request Call Log and SMS permissions. This policy will impact one or more of your apps.

Only an app that has been selected as a user's default app for making calls or text messages, or whose core functionality is approved for one of the exception use cases, will be able to request access to Call Log or SMS permissions.

Action required

Below, we've listed apps from your catalog which do not meet the requirements for permission requests. Please remove any disallowed or unused permissions from your app's manifest (specified below), migrate to an alternative implementation (e.g. SMS Retriever API for most cases of OTP verification), or evaluate if your app qualifies for an exception.

Next steps

Read through the Permissions policy and the Play Console Help Center article, which describes intended uses, exceptions, invalid uses, and alternative implementation options for usage of Call Log or SMS permissions.

Update your app or submit a Permissions Declaration Form.

Option 1) If your app does not require access to Call Log or SMS permissions: Make appropriate changes to your app by removing the specified permissions from your app's manifest or migrating to an available alternative implementation by January 9, 2019.

Option 2) If your app is a default handler or you believe your app qualifies for an exception: Please submit a request via the Permissions Declaration Form. You do not need to have implemented APK changes in order to submit a form. Declaration Forms received by January 9, 2019 may be eligible for additional time to make changes to bring their app(s) into compliance. If you have recently submitted a Permissions Declaration Form, we are in the process of reviewing your information and will respond to your application.

Make sure that your app is otherwise compliant with all other Developer Program Policies to prevent your app from being removed.

Alternatively, you can choose to unpublish the app.

Our Developer Program Policies are designed to provide a safe and secure experience for our users while also giving developers the tools they need to succeed. That is why we will remove apps that violate our policies. In cases of repeated or serious violations of our policies, we may also terminate your developer account and any related developer accounts.

We appreciate your willingness to partner with us as we make these improvements to better protect users.

Affected apps

Affected apps and permissions are listed below, up to 20; if you have additional apps, please ensure that they are also compliant with the Permissions policy.

If your app not using those permissions and the third-party library using some kind of those permission use below code for avoiding those permissions. it may affect those library smooth functioning

 <uses-permission
        android:name="android.permission.RECEIVE_SMS"
        tools:node="remove" />
    <uses-permission
        android:name="android.permission.READ_SMS"
        tools:node="remove" />
    <uses-permission
        android:name="android.permission.SEND_SMS"
        tools:node="remove" />

or else you can use alternate methods in the answers, example

SMS Retriever Api

this one is also a solution.. without submitting form we have another solution .. for this we need to genarate app id..

SMS Retriever Api

This is really new headache for developers While updating my app to play store with new version code i can't found to fill permission declaration form. I'm not using SMS and call log permissions any more but still i can't able to update my app.

How I solve this problem hope it helps some one

• First check if you have any alpha,beta or any other active testing tracks.
• If you have then go to artifact library and see how many active artifacts you have.
• Go through permissions of each of them if you find the sms or call log permission in any of them then that means you found the problem.
• Deactivated the track if you can.
• If you can't able to deactivate them create an APK with those permission and upload it to the track which contain APK with those permission previously in the artifact library.
• Then you will see the permission declaration form fill that form choose no when it asked did your app follow Google play store permission policy then roll out your application.
• Then do same for all the active tracks without permission and this time you can choose Yes in declaration form and choose the option for which you use those permission previously I'm using for OTP verification so I choose that one.
• After updating these all tracks you need to promote your app to production one by one with increasing order of version code at last only one active artifact track, only production and now you can update in that track only.

Hope it help some one.......

Its not like that you are thinking about. Go to this link and fill up and submit the from. If you app's default function is to show SMS inbox or just OTP account verification, then they will not remove your app.

Google is no more allowing more apps with SMS permission due to security and privacy issue. So if you need Phone No verification then

Firebase Auth is the best option. It's almost free

Limit:Verification code SMS messages 50 messages/IP address/minute, 500 messages/IP address/hour

https://firebase.google.com/docs/auth/android/phone-auth

According to google "You may only request permissions that are necessary to implement critical current features or services in your application. You may not use permissions that give access to user or device data for undisclosed, unimplemented, or disallowed features or purposes".

Click Here To Read Official Google Permission Doc

If your app need to read sms for SMS-based user verification / OTP verification please use SMS Retriever API which does not needed any sms permission and your app can still read SMS for OTP verification.