Chinese government has made the rule stricter for android apps. So, you have to declare everything sensitive that your app access to the user in the privacy policy at app launch. If you try to access anything sensitive before user accepts the privacy policy, then your app will most likely be rejected.
So, we faced similar issue with a react native library which was using accelerometer on app load for some information and that app didn’t have a way to lazy initialize the module.
You issue could be different than mine, but the main thing here is lazy initialization of modules. With new architecture of react native it may become very easy but for now each module is initialized at start time.
To fix the issue we had to patch the lib and only call the required function after the privacy policy has been accepted. For patching we have used ‘patch-package’ package.
One of our libraries was using accelerometer information which had to be disabled and only run the initialization function after the policy has been accepted.
If you face any issue regarding any of the sensor information/device information access before privacy policy issue, then best would be search the whole solution (including node_modules for the issue mentioned in audit report).
There could be some cases that you don’t find with the exact keyword, because some of the android API under the hood may using some other android API to perform some action e.g., accelerometer is used to detect the device orientation. So, you may have to dig deep into the packages.
Comment here if you face some kind of issue and its fix, so that others can fix their similar problems.
Cheers and Peace out!!!