if you have a serversolution to send sms then you have Android which listen to the SMS and inform you. Without need of any permission.
Hello all,
I'm recovering this old thread because it looks that Google defined a deadline for adequate or remove apps in Google Play using SMS and Call Log permissions... and the deadline is January/Feb-2019... this means now!
READ SMS is a huge used resource to authenticate many apps, like whatsapp, line, skype and others,due many reasons:
- Getting a valid and a real phone number of an user, you have a real contact point
- You are able to garante that, if you are giving any bonus for the first installation, the user will not uninstall and install again only to gain this bonus
- The user doesn't need do know any login or password. Oly to type his phone number and be validated using SMS
And many others... the traditional flow is:
- User starts the app and type his phone number
- A https method is called, normally using post, registering a token in a server associated to his number. The token is sent to the phone using SMS
- When receiving the SMS, the app captures the token using intent (automated method) and call other POST method with phone number and the token received
- The return of this second POST contains username and password OR a new token to be used in app sessions
Then, we need at least the SMS_READ method to automatize the second call after the SMS receiving. Notice that OUR SERVER sent the SMS, but the app needs to READ the SMS data . Other workaround in to allow the user to manually fill the code received... but there are many pitfalls with this approach: the main is the possibility of the user receives the SMS in other device and fills, activating many accounts with the same phone number...
The google knows the importance of this feature BUT doesn't want to be responsible by allowing the developers to access the entire SMS storage... then, the SMS Retrieve API allows the app indirectly access it's specific message... like a proxy.
To change the approach to allow the user fills the code manually is the fast workaround, besides the problems related to this method... If
@Erel or
@DonManfred could create a B4A lib to SMS Retrieve API I'm sure that many developers will pay by this...
Regards for all...
