Google Play warning: FOREGROUND_SERVICE permission used for push notifications, app receives notifications even after killed

by

Summary

Google Play flagged our React Native app for misuse of FOREGROUND_SERVICE permissions, despite functional push notifications. The app received notifications post-termination due to a foreground service, violating Play Store policies. Key issue: improper permission declaration and overuse of foreground services.

Root Cause

  • Unnecessary FOREGROUND_SERVICE_DATA_SYNC permission included in AndroidManifest.xml.
  • Foreground service misuse: Used for push notifications, which Google considers non-essential background work.
  • Lack of clear justification in Play Console and app description for permission usage.

Why This Happens in Real Systems

  • Misinterpretation of Android permissions: Developers often assume foreground services are required for reliable push notifications.
  • React Native limitations: Default FCM integration may encourage foreground service usage without alternatives.
  • Google’s strict policies: Foreground services are reserved for critical, user-visible tasks (e.g., media playback), not background notifications.

Real-World Impact

  • App rejection or removal from Google Play.
  • User trust erosion: Permission misuse raises privacy concerns.
  • Maintenance overhead: Non-compliant apps require frequent policy updates.

Example or Code (if necessary and relevant)

How Senior Engineers Fix It

  1. Remove FOREGROUND_SERVICE permissions unless absolutely necessary.
  2. Use WorkManager for background tasks instead of foreground services.
  3. Leverage Firebase Cloud Messaging (FCM) directly without a foreground service.
  4. Update Play Console declaration to explicitly state permission usage (e.g., “Notifications require POST_NOTIFICATIONS”).
  5. Test with app killed: Ensure notifications work via FCM’s default behavior.

Why Juniors Miss It

  • Over-reliance on templates: Copying boilerplate code without understanding Android’s permission model.
  • Lack of policy awareness: Unfamiliarity with Google’s foreground service restrictions.
  • Fear of breaking functionality: Assume foreground services are mandatory for reliable notifications.

Leave a Comment