App rejected on play store because of background location permission

Question

I'm having trouble putting a new version of an app in the play store and was hoping someone could help me out. The previous versions of this app were basically a different app, the new version is built from the ground up. When I upload the app bundle for review I eventually get a status update that there is an issue with the background location permission, and that it is missing from the permission declaration form (because i removed it, it should not be needed anymore). It states there is at least one feature that uses this access. In the affected APK(s) it shows a bundle that was published over a year ago which is confusing me.

The "new" app is using the ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION permissions with the compileSdkVersion 30, minSdk 21 and targetSdk 30. This version should not be using background location access so additionally I've added the following line to the AndroidManifest.xml:

<uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" tools:node="remove"/>

I also have the the tools declared inside the manifest tag at the top of the file.

when I run the app and look at it's permissions under apps/myapp/permissions i see the coarse and fine location access, but no background access . The background access is also not in the list of permissions when exploring the bundle in the play store and not to be found when analysing the bundle and manifest in AndroidStudio.

When going through the packages I can't find an indication of a package that might be inserting this permission.

I'm wondering if there is a better way for me to debug this instead of uploading to the play store for review and what I might be missing here for the approval.

Answer 1

Android 10 (API level 29) introduced some changes to location permissions. The effect of that change for apps targeting older versions of Android is as follows:

If your app runs on Android 10 or higher but targets Android 9 (API level 29) or lower, the platform applies the following behavior:

• If your app declares a element for either ACCESS_FINE_LOCATION or ACCESS_COARSE_LOCATION, the system automatically adds a element for ACCESS_BACKGROUND_LOCATION during installation.
• If your app requests either ACCESS_FINE_LOCATION or ACCESS_COARSE_LOCATION, the system automatically adds ACCESS_BACKGROUND_LOCATION to the request.

So any version of your app still available in Google Play which uses ACCESS_FINE_LOCATION and/or ACCESS_COARSE_LOCATION, and has a targetSdkVersion <= 28 will now automatically have the ACCESS_BACKGROUND_LOCATION on devices running Android 10 or above. Whether it actually reads location data in the backgrund is a different matter; the important thing here is that it declares the permission.

These rules apply to all your release tracks - whether it's the production track, the alpha/beta track, an internal test track, etc. If any of them fits the criteria listed above, you'll have to publish an updated version of your app on that release track.

Answer 2

If you are absolutely sure that you are not using the permission anywhere inside your code. It's time to check you dependencies, if any one of them is using this permission.