What Is ROLE_CALL_SCREENING? The Android API That Blocks Calls Before Your Phone Rings
ROLE_CALL_SCREENING is an Android system permission that grants an app the ability to intercept incoming calls before the device rings, analyze the caller, and decide whether to allow, silence, or reject the call — all without the user seeing or hearing anything.
How It Works: The Technical Sequence
When a call arrives at an Android device where an app holds the ROLE_CALL_SCREENING role, Android invokes that app's CallScreeningService before presenting the call to the user. The sequence:
- Call intercepted. Android intercepts the incoming call and invokes
onScreenCall(Call.Details)on the app'sCallScreeningService. - Metadata delivered. The
Call.Detailsobject contains the caller handle (number), STIR/SHAKEN verification status, and call direction. No audio is provided at this stage. - Analysis runs on-device. The app analyzes the caller's number against its on-device engine — behavioral patterns, number intelligence, historical signals, blocklist matching.
- Response returned. The app calls
respondToCall(CallResponse)specifying: allow the call, reject it silently, skip it to voicemail, or suppress the caller ID notification. - Decision enforced by Android. Android enforces the response. If rejected, the call is dropped before the ringer fires. The user never sees it.
STIR/SHAKEN Attestation Available to CallScreeningService
One of the most important signals available to a CallScreeningService implementation is the STIR/SHAKEN attestation level. This is a cryptographic caller identity verification system mandated by the FCC, where originating carriers sign calls with a trust level:
| Level | Meaning | Risk Signal |
|---|---|---|
| A — Full Attestation | Carrier verified the caller owns the number | Low |
| B — Partial Attestation | Carrier verified the call origin, not number ownership | Medium |
| C — Gateway Attestation | Call entered the network from an unknown source | High |
| No Attestation | Call lacks any STIR/SHAKEN signature | Very High |
Callro's Gauntlet Engine uses STIR/SHAKEN attestation as one of its 26 analysis layers. A call with no attestation entering the on-device pipeline immediately receives elevated scrutiny across all subsequent layers. See What Is the Gauntlet Engine? for the full breakdown.
Why This API Matters for Privacy
Before ROLE_CALL_SCREENING existed, spam blockers on Android typically used one of two problematic approaches:
- Call forwarding: Route all calls through the app's servers before delivering them to the device. Requires carrier configuration. Every call metadata event is logged by a third-party server.
- Post-ring identification: Allow the call to ring, display a spam label, and let the user decide. The phone still rings. Useless for protecting someone who answers every call.
ROLE_CALL_SCREENING eliminates both problems. The call is intercepted locally before it rings, analyzed on-device, and the decision is made without any server contact. For a deeper look at how this enables privacy-first call blocking, see What Is On-Device Call Screening?
Frequently Asked Questions
What is ROLE_CALL_SCREENING?
ROLE_CALL_SCREENING is an Android system permission that grants an app the ability to intercept incoming calls before the device rings, analyze the caller, and decide whether to allow, silence, or reject the call — all without the user seeing or hearing anything. It is the correct, officially-supported mechanism for building spam call blockers on Android.
What is CallScreeningService?
CallScreeningService is the Android API class that an app implements to use the ROLE_CALL_SCREENING permission. When an incoming call arrives, Android invokes the CallScreeningService on the app holding the ROLE_CALL_SCREENING role, passing a Call.Details object containing the caller's number, STIR/SHAKEN attestation, and other metadata. The app must return a CallResponse within the API's deadline, specifying whether to allow or block the call.
When was ROLE_CALL_SCREENING introduced?
The ROLE_CALL_SCREENING system role was introduced in Android 10 (API level 29) as part of the RoleManager system. It replaced the older, more limited approach of registering a CallScreeningService via the manifest. The role-based system ensures only one app can hold the screening permission at a time and requires explicit user consent.
Can only one app hold ROLE_CALL_SCREENING at a time?
Yes. Android enforces that only one app can hold the ROLE_CALL_SCREENING role at a time. When a new app requests the role, Android prompts the user to confirm, and any previously-holding app is automatically revoked. This prevents conflicts between competing call screening apps.
Does ROLE_CALL_SCREENING require contacts access?
No. ROLE_CALL_SCREENING does not require access to the user's contacts. The CallScreeningService API provides the caller's number and carrier-level metadata (including STIR/SHAKEN attestation) without requiring the READ_CONTACTS permission. Apps that request contacts access are doing so for their own purposes beyond what the API requires.
How is ROLE_CALL_SCREENING different from carrier spam blocking?
Carrier spam blocking (such as T-Mobile Scam Shield or AT&T ActiveArmor) operates at the network level before the call reaches the device. ROLE_CALL_SCREENING operates on the device after the call arrives but before the ringer fires. The two can complement each other: carrier blocking catches calls before they reach the phone, while on-device ROLE_CALL_SCREENING provides a second line of defense with app-specific analysis that the carrier cannot perform.
Built on the Right API
Callro uses Android's native ROLE_CALL_SCREENING API — the correct, privacy-preserving mechanism for stopping spam before your phone rings. Try it free for 7 days.