Security tightening

Original article by Google: https://support.google.com/googleplay/android-developer/answer/9047303

Simply speaking, starting from March 2019. the only application which will be allowed to actually send SMS messages is the phone's native (or default handler) app. Google may approve some specific exceptions but, at their own discretion ofcourse, and without any promises.

All other apps, such as GsmContrAll, will have to pre-fill the sms text and number and invoke the phone's 'factory' sms application, which will then be waiting for user's confirmation to send. This ensures that nothing gets sent out without the user explicitly seeing and allowing it. Unfortunately, this was needed due to many misbehaving and malicious programs out there. Therefore, applications wishing to use one of those critical permissions, must be updated accordingly or face permanent removal from the Play Store.

Unfortunately again, this affects the rest of us, who have good intentions.

GsmContrAll is transparent and, as promised, does not do anything behind your back. By following this principle, and according to the new security rule, we have implemented the changes required by Google: SEND_SMS permission was removed.

What has changed:

  • one additional click is needed to send the sms, using the new method, and default settings. This is not much to give, for full transparency.
  • alternatively, you can edit the buttons and choose "send immediately" option. In that way, the familiar confirmation dialog within GsmContrAll itself will be skipped, but the text and number will still be visible in the phone's native app, just before sending.
  • one good consequence is that, in most dual-sim phones today, sending sms through the native application allows for easy deciding from which sim to send. Even more, the decision can be made everytime, and in the last moment.
  • in the same manner as above, sms text can be edited just before sending

Limitations:

At the moment of writing (March 2019), and after a lot of research, we are still not aware of official ways to:

  • pre-determine the sending sim card from within the GsmContrAll, before the native sms app is invoked
  • prevent the editing of sms content before sending, once you are in the native sms app
  • hiding the sms content from the user, before sending. This is one of the strongest points in Google's transparency argument, and there is just no way around it in the current situation.