App removed from PlayStore because of library not in the project

Question

I received an email from Play Store stating that:

We found that your app is using Tencent TBS SDK which contains code to download executable code (e.g. dex, JAR, .so files) from a source other than Google Play.

We never intended to use this library, in fact it doesn't show up in the dependencies tree (./gradlew app:dependencies), but after we package the APK few references appear in the following files:

app/build/intermediates/transforms/dexMerger/xxx/release/0/classes2.dex
app/build/intermediates/transforms/proguard/xxx/release/0.jar
app/build/outputs/mapping/xxx/release/seeds.txt
app/build/outputs/mapping/xxx/release/mapping.txt
app/build/outputs/mapping/xxx/release/usage.txt
app/build/outputs/mapping/xxx/release/resources.txt

how do I find out which dependency is using this library? I tried to exclude it in gradle but nothing happens.

Answer 1

Unfortunately I didn't find a clean way to find the library mentioned by the Play Store support. Every time I compiled the project, I would find the methods signature in the dex file. So I went for the empirical way:

• Created an empty project with all of the gradle dependencies + modules
• Compiled the project while commenting few of the dependencies out
• When the dex file didn't reference the library I was looking for, I knew I had found the culprit

Couple of notes:

• the Play Store must've added this check in the last few weeks, since I had been using this library for the past 2 years.
• The sources of the found dependency didn't mention in their signature that library

Answer 2

I was working on flutter project, facing the same issue, but found that flutter_filereader was the package which was creating issue.

I simple removed this package to resolve the problem.