Google is removing apps with SMS and CALL_LOG permissions
In a recent email, they said:
Please remove any disallowed or unused permissions from your app's manifest (specified below), migrate to an alternative implementation (e.g. SMS Retriever API for most cases of OTP verification), or evaluate if your app qualifies for an exception.
Probably yes. But the point is, that you need to send the SMS from your server. The SMS is not send by Google.
So you first need a SMS-Provider configured on your server so that your server can send SMS.
Yes, that´s true. And it is included in Firebase UI already.
In this case, Firebase UI - Phoneauthentification, the SMS is send by Firebase. And the Firebase UI Components are handling the incoming SMS-Code automatically.
At least it does work here in Germany. I can´t answer if it does work in every country. And i only used a few Auts with this method. Just to test it. It is not used in any published app.