The struggle to block spam calls on Android

I have had a rough week as a hobby Android developer.

TLDR: My app has been rejected from Google Play because it requires the read call log permission, and I’m going crazy trying to get Google to restore it.

In October 2018 Google announced restrictions on several of their permissions, meaning that apps on sale on Google Play would be more restricted in what they could do and what phone data they would have access to.

Google’s goal with these new restrictions is to protect its customers, the users who buy apps from Google Play. Android developers have historically had a lot of freedom to create apps that use the core functionality of the OS, for example to send text messages on behalf of the user and read the user’s contact list.

Because of the openness of the OS, Android apps always have been able to achieve functionality that is impossible to do on an iPhone. At the same time, the openness has given malicious developers the possibility of stealing user data and do other harm to users . The most famous example of this is probably how Facebook stole many users’ contact lists and text messages.

I have for several years developed an Android app for detecting and blocking spam calls and calls from telemarketers, called I also have an app for iOS.

The Android app uses the READ_CALL_LOG permission to be able to detect the incoming phone number. The read call log permission is one of the permissions that are now restricted, and at the moment my app is kicked out of Google Play.

For a developer to be allowed to use the read call log permission, there are two options. The main one is to create a phone app. From Google’s guidelines:

Permitted uses of the SMS & Call Log Permissions

For apps requesting access to the SMS or Call Log permissions, the intended and permitted uses include default SMS handling, default phone handling, or Assistant handling capability.
Apps must be actively registered as the default SMS, Phone, or Assistant handler before prompting users to accept any of the above permissions and must immediately stop the use of the permission when they no longer are the default handler.

Google developer guidelines:

This is far from the use case of my app, a single purpose app that is running in the background and blocking unwanted calls.

Luckily, there is another option. Google offers some exceptions from the main rule.

Google Play may provide a temporary exception to apps that aren’t Default SMS, Phone, or Assistant handlers when:
Use of the permission enables the core app functionality listed below; and
There is currently no alternative method to provide the core functionality

Use: Caller ID, spam detection, and/or spam blocking

Eligible permissions: READ_CALL_LOG

This use case is exactly my app! Wohoo!

I uploaded a new version of my app to Google Play Console. This is how you start the application process.

I described how to use my app and submitted the application . Since my app has one single function, which matches one of the allowed use cases listed on Google’s guideline pages, I thought this would be a walk in the park.

The answer from Google came the next day:

Publishing status: Rejected

Whaaaat? Why? I kept reading:

We couldn’t verify the declared core functionality of your app during our review.

I applied again, with a slightly different wording.


I applied again, with a video showing exactly how to use the app.


Now I started changing the app, removing functionality to make certain that the reviewers couldn’t misunderstand what the core functionality of the app was (I mean, it already did just a single thing, so it wasn’t that much to remove).

I applied again.


I kept getting the same one-sentence response from Google, that they “couldn’t verify the core functionality of the app”.

I created a 10-minute video showing in detail what every setting in the app did and how it blocked calls and how it showed information about telemarketers.

I applied again.


This time with a different response:

Based on our review, we found your app’s expressed user experience did not match your declared core functionality Caller ID, spam detection, and spam blocking.

What the what?

Now I’m just lost. I have created an app that does nothing else than “Caller ID, spam detection and spam blocking”.

The app is also extremely privacy focused and doesn’t send any data out, not even crash data or usage analytics.

It is exactly the opposite of the kind of app that Google want to combat.


  1. Did you solved your problem? Im having exactly the same problem, and i got β€œrejected” millions of time. my app is 100% innocent. if you solved this problem, please enlighten me!

    1. My app finally got accepted. The solution was to strip away all other functionality than the allowed ones: “Caller ID, spam detection, and/or spam blocking”

      Then I made a video showing the reviewers how the app displayed caller id, that it detected spam calls and blocked spam calls.

      1. Hi,
        Were /what are the files were you removed unnecessary functionality?
        – are they within AndroidManifest file? thank you.

      2. I mean functionality in my app, in my own code. For example I had a search function in the app, which prefilled the last incoming phone number in the search box. I removed this, because it used sensitive data (the phone log) and it was not the core functionality of the app.

  2. Hi sir,
    will you please share link of the video that you sent to google for review.
    that will be better understanding for me.

Leave a Reply to Bjarte Aune Olsen Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.