Incorrect permissions when uploaded to PlayConsole

I’ve uploaded a React Native app built in via Expo. I’ve set permissions to none:

  "expo": {
   "android": {
      "permissions": []
      ... other settings
    ... other settings

But when I upload the app-bundle to the PlayConsole it lists the app with 15 permissions:

android.permission.FOREGROUND_SERVICE android.permission.INTERNET
android.permission.REQUEST_INSTALL_PACKAGES android.permission.STORAGE
android.permission.USE_BIOMETRIC android.permission.WAKE_LOCK

I cannot identify a reason why the permissions setting is being ignored?

1 Like

any suggestions appreciated!

We’ve run into the same problems and our app got suspended because of this (we didn’t notice these permissions until later). This causes Google to consider the app harmful and deceptive, since it starts on boot and requests permission to install additional pacakges.

Is there something wrong with the Expo build service?

yeah, Expo seems to be fundamentally flawed - and that no-one from Expo was responded makes me think maybe they don’t have a fix…

I submitted an issue on their GitHub repo as well.

1 Like

fantastic - hanks for the link


There’s some info on the permissions here:

      List of additional permissions the standalone app will request upon installation,
      along with the minimum necessary for an Expo app to function.

      To use ALL permissions supported by Expo, do not specify the "permissions" key.

      To use ONLY the following minimum necessary permissions and none of the extras supported
      by Expo, set "permissions" to []. The minimum necessary permissions do not require a
      Privacy Policy when uploading to Google Play Store and are:

      • receive data from Internet
      • view network connections
      • full network access
      • change your audio settings
      • draw over other apps
      • prevent device from sleeping

      To use the minimum necessary permissions ALONG with certain additional permissions,
      specify those extras in "permissions", e.g.


      ExpoKit: to change the permissions your app requests, you'll need to edit
      AndroidManifest.xml manually. To prevent your app from requesting one of the
      permissions listed below, you'll need to explicitly add it to `AndroidManifest.xml`
      along with a `tools:node="remove"` tag.

As far as I know those are all required for functionality that is built in to Expo (e.g. OTA updates, etc.). I think that if you want an app that does not have the above permissions you will need to eject to the Bare workflow.

EDIT: I’m not sure what some of the permissions listed in your first message are for and at least android.permission.REQUEST_INSTALL_PACKAGES is quite surprising.

Here is the support page for Play Store that talks about deceptive behaviour: Deceptive Behavior - Play Console Help


Google does not allow you to download and install new code for an app from outside Play Store. Android and Google Play actually have a feature for this called app bundles, which is what should be used here.

You can say what you want about these rules, but those are the ones that Google decided on and you might get suspended for breaking them (which is what happened to us).

Hi people, first of all I’m sorry for the issues related to permissions on Android. I wrote a reply in GitHub with some context why these permissions are added, what we are going to do next and how you can work around this issue (currently in bare only). Hope this might help some people here as well! See Suspicious permissions added in release build for Android · Issue #8942 · expo/expo · GitHub


This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.