Software engineering as a service

Custom-built software that fits exactly your needs. Get in touch today.


Transitive dependencies and Play Store violations

Android Dec 2, 2022

The Play Store's policy violation handling has been significantly improved in the last few years. Instead of a sudden ban and removal from the store, you get an email warning you about the violation and a deadline for fixing it.

Most of the time, these violations are not directly due to code in the app but rather to a library that the app is using. This is the easy scenario. The violation warning email will even suggest, most of the time, the fixed version that you need to update for the violation to go away.

But there are times when the library mentioned in the violation warning email is not directly used by the app. This is the most tricky case where it's a transitive dependency on one of the directly used libraries.

To figure out where the violating library is used, there's a way for Gradle to build the dependency tree. Then you need to update the direct dependency, where hopefully the fixed transitive dependency is used.

Firstly, make the Gradle window within the IDE visible by going to View -> Tool Windows -> Gradle. Then select the app (or another module) -> help -> dependencies. Alternatively, you can just run ./gradlew app:dependencies in the terminal window.

The Gradle command to print the dependency tree 

This will print in the Run tool window a tree-like structure that shows which library is used by each dependency.

[...]
+--- com.google.android.gms:play-services-gcm:17.0.0
|    +--- androidx.collection:collection:1.0.0 -> 1.1.0 (*)
|    +--- androidx.core:core:1.0.0 -> 1.8.0 (*)
|    +--- androidx.legacy:legacy-support-core-utils:1.0.0 (*)
|    +--- com.google.android.gms:play-services-base:17.0.0 -> 18.0.1 (*)
|    +--- com.google.android.gms:play-services-basement:17.0.0 -> 18.1.0 (*)
|    +--- com.google.android.gms:play-services-iid:17.0.0
|    |    +--- androidx.collection:collection:1.0.0 -> 1.1.0 (*)
|    |    +--- androidx.core:core:1.0.0 -> 1.8.0 (*)
|    |    +--- com.google.android.gms:play-services-base:17.0.0 -> 18.0.1 (*)
|    |    +--- com.google.android.gms:play-services-basement:17.0.0 -> 18.1.0 (*)
|    |    +--- com.google.android.gms:play-services-stats:17.0.0 -> 17.0.2 (*)
|    |    \--- com.google.android.gms:play-services-tasks:17.0.0 -> 18.0.1 (*)
|    \--- com.google.android.gms:play-services-stats:17.0.0 -> 17.0.2 (*)
[...]
Sample of the dependency tree

Here, you can search to find the violating library and update the direct dependency, which hopefully will fix the issue.

The visual way

There's a completely visual way to get to that dependency tree by going to File -> Project Structure -> Dependencies -> Resolved Dependencies. But this view, even if it's convenient to browse, it's not convenient when searching for a specific dependency that might be hidden many layers below the direct dependency.

This view, even if it's convenient to browse, it's not convenient when searching for a specific dependency

Hopefully, I made your dev life a bit easier when searching for a violating dependency in your Android app.

Happy coding!

Tags

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.