Transitive ML Kit barcode scanning dependency causes false crashes in Google Play pre-launch testing

[designorant]

• I have updated Purchases SDK to the latest version
• I have read the Contribution Guidelines
• I have searched the Community
• I have read docs.revenuecat.com
• I have searched for existing Github issues

Describe the bug

Apps that use react-native-purchases on Google Play (without Amazon Store) get a transitive play-services-mlkit-barcode-scanning dependency pulled into the APK. This registers GmsBarcodeScanningDelegateActivity in the merged AndroidManifest.

Google Play's automated pre-launch testing discovers this activity and tries to launch it, producing a fatal ActivityNotFoundException that appears in crash reporting (Sentry) and the Play Console pre-launch report.

1. Environment

   1. Platform: Android
   2. SDK version: react-native-purchases 9.10.3
   3. OS version: Android 11 (OnePlus 8 Pro — Google Play automated pre-launch crawler)
   4. Xcode/Android Studio version: N/A
   5. React Native version: 0.76.9 (Expo SDK 52)
   6. SDK installation: Expo autolinking
   7. How widespread is the issue: Affects all Android apps using react-native-purchases that don't use Amazon Store. The crash itself only appears during Google Play's automated pre-launch testing (not real users), but it pollutes crash reports and pre-launch results.

2. Debug logs

   Not applicable — this is not a runtime issue in the app. It's an ActivityNotFoundException triggered by Google Play's automated crawler trying to launch an activity that was registered in the merged AndroidManifest by the transitive barcode scanning dependency.

   Fatal Exception: android.content.ActivityNotFoundException
   Unable to find explicit activity class
   {com.example.myapp/com.google.android.gms.vision.barcode.ui.GmsBarcodeScanningDelegateActivity};
   have you looked in your output AndroidManifest.xml?
   

3. Steps to reproduce

   1. Create a React Native app using react-native-purchases targeting Google Play only (no Amazon Store)
   2. Build a release APK/AAB
   3. Upload to Google Play (or inspect the merged AndroidManifest)
   4. Google Play's pre-launch testing discovers GmsBarcodeScanningDelegateActivity in the manifest and tries to launch it
   5. Expected: No barcode scanning activity in the manifest since the app doesn't use barcode scanning
   6. Actual: The activity is registered because play-services-mlkit-barcode-scanning is pulled in transitively

4. Other information

   Dependency chain:

   react-native-purchases (9.10.3)
     └─ purchases-hybrid-common (17.41.0)
          └─ purchases-store-amazon (api() — transitive to consumers)
               └─ amazon-appstore-sdk (3.0.5)
                    └─ com.google.android.gms:play-services-mlkit-barcode-scanning
                    └─ com.google.mlkit:barcode-scanning
   

   The root cause is in purchases-hybrid-common's hybridcommon/build.gradle.kts, which declares the Amazon store module as an api() dependency:

   "bc8Api"(libs.purchases.amazon.bc8)
   "bc7Api"(libs.purchases.amazon.bc7)

   This makes the entire Amazon Store dependency tree (including ML Kit barcode scanning via amazon-appstore-sdk) transitive to all consumers, even those only publishing to Google Play.

   Workaround — in the app's android/app/build.gradle:

   configurations.all {
       exclude group: 'com.google.android.gms', module: 'play-services-mlkit-barcode-scanning'
       exclude group: 'com.google.mlkit', module: 'barcode-scanning'
   }

   Suggested fix options:

   1. Exclude barcode scanning in purchases-hybrid-common if the Amazon Store module doesn't actually use it
   2. Switch the Amazon Store dependency from api() to implementation() so it doesn't leak transitively — apps that need Amazon Store can add it explicitly
   3. At minimum, document the workaround for apps that only target Google Play

Additional context

The crash is not user-facing — it only occurs during Google Play's automated pre-launch testing, which discovers all registered activities in the merged AndroidManifest and attempts to launch them. However, it pollutes crash reports and may cause concern when reviewing pre-launch results in the Play Console.

[RCGitBot]

👀 We've just linked this issue to our internal tracker and notified the team. Thank you for reporting, we're checking this out!

[designorant]

Expo Config Plugin Workaround

For Expo users where android/ is generated by prebuild, here's a config plugin that injects the exclusion automatically:

plugins/withExcludeBarcodeScanningDep.js

const { withAppBuildGradle } = require('@expo/config-plugins')

module.exports = (config) => {
  return withAppBuildGradle(config, (config) => {
    config.modResults.contents = config.modResults.contents.replace(
      /\ndependencies\s*\{/,
      [
        '',
        'configurations.all {',
        "    exclude group: 'com.google.android.gms', module: 'play-services-mlkit-barcode-scanning'",
        "    exclude group: 'com.google.mlkit', module: 'barcode-scanning'",
        '}',
        '',
        'dependencies {',
      ].join('\n'),
    )
    return config
  })
}

Then add "./plugins/withExcludeBarcodeScanningDep" to the plugins array in app.json and run npx expo prebuild.

[JayShortway]

Hi, thank you for reporting this and for providing the workarounds! In the short term that's unfortunately the best solution. As you said, at least it's not a real runtime issue.