Late last year, Google decided it was time to crack down on apps requesting SMS and call log permissions. Ostensibly, exceptions would be granted for categories including backups and automation, but as of now, there are still gaps which cover legitimate use cases. While some popular apps like Tasker have successfully secured exemptions, others like Cerberus have not. Instead, they've decided to strip out those permissions or risk facing the wrath of Google's upcoming January 9th banhammer, killing associated functionality and disappointing millions of long-time users to adhere to the Play Store's new policy.
Google rejected our request to use SMS and call permissions, as they did for @joaomgcd's Tasker and many other apps. This basically kills one of Cerberus heads (SMS commands to recover a lost/stolen phone which is not connected to the internet) and other main features like
— Cerberus (@cerberusapp) November 14, 2018
The Play Console support page for the applicable set of permissions notifies developers that they can submit what is effectively an application for an exemption, categories for which are listed on the same page. (And that list of exceptions has grown since the original announcement.) Nonetheless, a further set of prohibitions are also included in the form itself, which explicitly preclude support for phone security/device location apps like Cerberus:
That's great, congratulations! We do not see the point of submitting the form again, now our use case is explicitly prohibited :( pic.twitter.com/NNi5mCt8ZY
— Cerberus (@cerberusapp) January 4, 2019
As a result, Cerberus has had to push out a recent update which removes those permissions and a whole pile of functionality from the phone security app, killing SMS-based commands, alerts, call backups, and opening the app via a dial code. In the developer's own words: "This basically kills one of Cerberus heads."
And Cerberus isn't alone. Plenty of other apps — even some explicitly built around SMS/MMS and phone call functionality — have been denied exceptions, and some of these are apps that easily fit within the ostensibly allowed categories stated by Google. Even so, they have been denied a continued presence on the Play Store. Tasker may have been important enough and attracted enough public attention to secure an exception, but many smaller apps that also fit exemption categories haven't had the same luck.
Developer-facing herald of the coming appocalypse.
Google's monumental failure to support independent developers is well-known at this point, but with months to prepare, one would have assumed that apps already including the permission could have undergone a manual review process. Many of the apps that seem to have been hit by the automation double-whammy of the alert and subsequent appeals denial are clear exceptions by Google's own expressed rules, while others like Cerberus should be. Even so, at the time of writing a post on the Google Issue Tracker related to the issue is now over 620 comments deep, filled with both righteously indignant developers and piles of concerned users.
Honestly, I'm tired of writing about Play Store developer support problems like these. This is a stereotypical Google problem, paired with the stereotypical Google solution: We have an issue which could be best solved with a bit of effort, time, and the expense of throwing warm bodies at it, and Google would prefer to just automate the whole thing instead, false positives be damned. (Humorously enough, this exemption application issue is a symptom of Google's greater low-effort war against privacy-violating apps on the Play Store, which itself could be handled better.) But support works best when there's something other than a robot on the other end, and even Google admits that this is a gray area where automation-defying exceptions can and should sometimes be granted. Sadly, developers are giving the company 30% cut of everything they make just to be told "no" by a robot. The very least Google can do is treat them with some respect during this appeals process, and a line to real human support as apps make this transition would be a start.
Developers that are still trudging through how best to approach the permission removal at the last minute would be well served by reading this post by u/stereomatch in the Android Developers subreddit, which is an unofficial but dense set of guidelines, experiments, first-hand accounts, and background reading for different means of working around the change, depending on your app. You can also apply for a two-month extension until March 9th via the "Permissions Declaration" exemption form, if you're running short on time. Hopefully, Google reconsiders how it's handled this situation in the meantime.