I have tried to publish my app, in the end the APK that is compiled by VS/Xamarin says it uses permission READ_PHONE_STATE, therefore requires a privacy statement URL to be present to roll out the app.
This is annoying because, in my manifest I did not have this permission in there. I don't think my application requires it, only use the INTERNET permission. I have set the target and min SDK explicitly but it doesn't change the fact when I upload the APK to google it shows a couple more permission was added to my app including READ_PHONE_STATE.
Anyone knows how I can track down what is adding it?