If you are using the functionality of verifying non Truecaller users also via the SDK, your app would need specific phone permissions as has been described in this section. If you are using the Truecaller SDK for verification of existing Truecaller users only ( 1-tap flow ), you can skip this section.
As you upload the new app build to PlayStore with user verification feature via Truecaller SDK and the requisite permissions, you might be asked to fill an app permission declaration form.
We are sharing some tips on how to appropriately justify the need for these permissions for your verification flow :
#1: In one sentence, please describe the core functionality of your app. To be defined by you as a publisher of your app
#2: What is the core functionality in your app requiring the Call Log and / or SMS permissions? Functionality in your Android app: Account verification via phone call
With this, we intend to do user mobile number verification for creating new accounts on <your app name> or logging-in users into their existing <your app name> account.
We are implementing this flow explicitly in-line with Google’s allowed usage of call log permission for account verification via phone call, as stated here: https://support.google.com/googleplay/android-developer/answer/9047303?hl=en
Step 1: user enters mobile number Step 2: <your app> requests users for READ_CALL_LOG permission Step 3: Initiate drop call (missed call) from 3rd party service to respective number Step 4: Drop call hits user’s device and is disconnected automatically using the above permission Step 5: User mobile number is verified and starts using <your app>
<your app name> intends to verify users’ mobile number so as to login/ signup them, by making a drop call to their number and detecting the incoming verification call in the background. In order to do so, Call Log permission is required to understand the incoming call, verify the number and then automatically reject the call to smoothly complete the verification for the users.
#3: Do any of the following disallowed use cases apply to your app’s core functionality request for Call Log or SMS permissions? NO
#4: Do any of the following other use cases apply to your app’s core functionality request for Call Log or SMS permissions? OTP & Account verification via Phone Call (select this from the given list of options)
#5: Is your app’s use of Call Log or SMS permissions to provide functionality required by law or regulation? No
#6: Other We use drop call based verification of users’ mobile number for account creation or logging into their <your app name> accounts. Such method of mobile number verification results in better verification success rates in our key markets like India, etc.
Android guidelines for asking app permissions from user https://developer.android.com/training/permissions/requesting