proprietary component slipped in: GMS

[IzzySoft]

My scanner just reported to me that somehow GMS has slipped into your app, so I have to mark it with the NonFreeComp ant-feature for now. Can you please check what dragged it in and, hopefully, get rid of it again?

Hm, looks like it might be intentional even:

try {
    def servicesJSON = file('google-services.json')
    if (servicesJSON.text) {
        apply plugin: 'com.google.gms.google-services'
    }
} catch(Exception e) {
    logger.info("google-services.json not found, google-services plugin not applied. Push Notifications won't work")
}

May I suggest you an alternative push service which is entirely FOSS? It meanwhile even offers a FOSS implementation of FCM which you could use as fallback in case no other distributor was found on the device. I use @UnifiedPush for quite a while via the NTFY distributor, works excellent. One can freely choose a Push Client/Manager and even self-host its server.

[atticuscornett]

Hmmm... I don't send push notifications so I assume that is part of Capacitor's default build config. I will look into it. My apologies for letting that slip through!

[atticuscornett]

I just checked - it seems that is the default build configuration for CapacitorJS. (I assume to make it easy to implement push notifications.) I have no google-services.json, so in theory (assuming I understand the code correctly), there should be no GMS library in the built APK. Still, to be extra sure, I have removed those lines from the build file and checked that Atmos Weather still builds properly. I will double-check that everything works and push out an update soon to be sure that the library is removed.

[IzzySoft]

You can use apktool d <apk-file> to create the smali structures and then dive into the smali dirs to see if there are any references left. You can of course also use my library scanner, which automates that, see Identify modules in apps for details.

[atticuscornett]

Looked through the smali dirs with apktool and didn't notice any references to com.google.gms.google-services. Tried to use your automated scanner as well, but noticed a few errors pop up when I ran it. (Seemed to be trying to run Linux commands, but I use Windows. Or perhaps I set it up incorrectly.) Still need to double-check that the new build works, but I will probably put out an update in the next few days.

[IzzySoft]

Seemed to be trying to run Linux commands

I use it on Linux indeed. Need to check if it runs explicit Linux commands (probably the wrapper for apktool is the culprit here)… OK, there we go:

$apktool = '/web/ftp/repo/fdroid/lib/radar/tool/apktool';
$libdir  = '/web/ftp/repo/fdroid/lib';

These are the paths you'd need to adjust. They are Linux/Unix paths (using forward slashes). I see in the script I use those as well, I could replace them with PATH_SEPARATOR to let PHP choose the correct one. But then it uses find (which IMHO is not available on Windows by default in a GNU compatible variant (and I won't integrate PowerShell, sorry), though there are GNU-Tools packages providing it) and rm (which I could move to a function with OS-specific calls, or make it "PHP native" (there is no recursive deletion, I had to walk the tree then myself). OTOH, it should run fine in Cygwin (e.g. using Mobaxterm or the likes).

If you'd be OK using the findutils package and want to test it, I could attempt a "rewrite" as outlined.

[atticuscornett]

Actually, no worries - I got the scanner working on my Raspberry Pi (and emulating Linux on Windows should be easy enough for others with WSL.) Strangely, it indicates that GMS is still in the APK. I missed something it seems. I will look into this further.

[atticuscornett]

Ah, I caught the culprit. It seems to be @capacitor/geolocation that has another reference buried deep in it somewhere. CapacitorJS supports Cordova plugins, so it should hopefully be as simple as swapping that plugin back to the Cordova plugin.

[atticuscornett]

I swapped Capacitor's geolocation plugin for Cordova's plugin, and the scanner now says that no offending libraries have been found. I also tested it on Android and the app still functions as expected. The fix has been released as Atmos Weather v2.0.1 (https://github.com/atticuscornett/AtmosWeather/releases/tag/v2.0.1).

[IzzySoft]

Interesting. The Flutter plugin by the same name (geolocation) had the very same issue (see here in my snippet, and also in the comments below it). Might give you some clues even if Flutter ≠ Capacitor.

PS: Eh, crossed, you already found a solution, great! Going to pull it now and cross-check.

[IzzySoft]

Confirmed, AF removed (effective with the next sync). Thanks!