Firebase analytics

[BoFFire]

Hi :) A lot of users may want don't have this Firebase analytics included.

Check Exodus Report : https://reports.exodus-privacy.eu.org/reports/25391/

[tateisu]

this app uses Firebase cloud messaging for push messaging, but does not use any analytics.

please check app/build.gradle for dependency of this app.

[tateisu]

currently there is no alternative OSS choice for push messaging, ST will continue to use FCM.

[tateisu]

The dependencies of firebase messaging library become fewer than before. The analytics code might be decreased. but i think some core code is still required for messaging function.

[IzzySoft]

@tateisu you might wish to take a look at my snippet for alternative push services (and more). I'd recommend @UnifiedPush – for the Playstore release you could bundle it with their FCM distributor (so no changes for your users there), while letting users of "ungoogled devices" chose the Push Client/Manager they prefer.

As for FCM and Firebase Analytics: your app still has the latter included. You will have to explicitly disable it for the code to be removed. But should you decide for UP, that question might become moot :wink:

[tateisu]

Which of those push systems can awaken the deep sleeping devices? That's why I choose FCM.

[IzzySoft]

I'd assume all of them (that's up to the "distributor" with UnifiedPush – I've got no idea how the other two replacements work as I never used them). Apart from being non-free (and thus tainting FOSS apps), FCM is simply not available on ungoogled devices – which is what makes UnifiedPush much preferable. For those preferring FCM, there's always the FCM distributor.

[tateisu]

I tried example app of UnfiedPush, but it's not working.

2022-06-02 03:10:32.604 12913-12913/org.unifiedpush.example D/UP-Embedded_distributor: Registering to the embedded distributor
2022-06-02 03:10:32.646 12913-12936/org.unifiedpush.example E/FirebaseMessaging: Failed to get FIS auth token
    java.util.concurrent.ExecutionException: com.google.firebase.installations.FirebaseInstallationsException: Firebase Installations Service is unavailable. Please try again later.
        at com.google.android.gms.tasks.Tasks.zzb(Unknown Source:61)
        at com.google.android.gms.tasks.Tasks.await(Unknown Source:23)
        at com.google.firebase.messaging.GmsRpc.setDefaultAttributesToBundle(com.google.firebase:firebase-messaging@@23.0.0:10)
        at com.google.firebase.messaging.GmsRpc.startRpc(com.google.firebase:firebase-messaging@@23.0.0:1)
        at com.google.firebase.messaging.GmsRpc.getToken(com.google.firebase:firebase-messaging@@23.0.0:1)
        at com.google.firebase.messaging.FirebaseMessaging.lambda$blockingGetToken$9$com-google-firebase-messaging-FirebaseMessaging(com.google.firebase:firebase-messaging@@23.0.0:1)
        at com.google.firebase.messaging.FirebaseMessaging$$ExternalSyntheticLambda5.start(Unknown Source:6)
        at com.google.firebase.messaging.RequestDeduplicator.getOrStartGetTokenRequest(com.google.firebase:firebase-messaging@@23.0.0:6)
        at com.google.firebase.messaging.FirebaseMessaging.blockingGetToken(com.google.firebase:firebase-messaging@@23.0.0:7)
        at com.google.firebase.messaging.FirebaseMessaging.lambda$getToken$3$com-google-firebase-messaging-FirebaseMessaging(com.google.firebase:firebase-messaging@@23.0.0:1)
        at com.google.firebase.messaging.FirebaseMessaging$$ExternalSyntheticLambda10.run(Unknown Source:4)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:462)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:301)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
        at com.google.android.gms.common.util.concurrent.zza.run(Unknown Source:6)
        at java.lang.Thread.run(Thread.java:920)
     Caused by: com.google.firebase.installations.FirebaseInstallationsException: Firebase Installations Service is unavailable. Please try again later.
        at com.google.firebase.installations.remote.FirebaseInstallationServiceClient.createFirebaseInstallation(FirebaseInstallationServiceClient.java:213)
        at com.google.firebase.installations.FirebaseInstallations.registerFidWithServer(FirebaseInstallations.java:533)
        at com.google.firebase.installations.FirebaseInstallations.doNetworkCallIfNecessary(FirebaseInstallations.java:388)
        at com.google.firebase.installations.FirebaseInstallations.lambda$doRegistrationOrRefresh$2$com-google-firebase-installations-FirebaseInstallations(FirebaseInstallations.java:377)
        at com.google.firebase.installations.FirebaseInstallations$$ExternalSyntheticLambda1.run(Unknown Source:4)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
        at java.lang.Thread.run(Thread.java:920) 
2022-06-02 03:10:32.680 12913-12913/org.unifiedpush.example E/UP-Embedded_distributor: FCMToken registration failed: java.util.concurrent.ExecutionException: java.io.IOException: SERVICE_NOT_AVAILABLE

[tateisu]

• It requires a complete rewrite of the app server.
• It requires an provide additional FCM relay server.
• I'm not going to offer ST's "noFcm" build. A single build that can be updated to each other through the Play Store version and other distribution channels is my preferred for distribution.

[tateisu]

The trend about de-Google is not so much felt in Japan. And ST users are heavily biased towards Japan. According to Play Store stats, 2348 of the 4062 users are from the Japan region. I don't have statistics on the number of installs via F-droid or GitHub. in this situation, it's a heavy burden for me to spend many time for de-Google.

[tateisu]

UnifiedPush receives notifications via any external app, but there is no mechanism to check if the received message can be trusted. If a message is sent from an external app that the user hasn't selected, they won't notice it. If the access to the server increases due to the malicious Intent, the server side rate-limit will be applied and it will be painful. Is it a user-acceptable risk?

[tateisu]

(This is a memo, not a discussion) The data sent by Mastodon to the app server via WebPush is signed and contains an HTTP header for its verification. However, if the app server formats the data to include it all, it may not fit in the payload size allowed by the Push Provider. To avoid this problem, the app server becomes a data store, and if the data is too long, the app serverneed to change the data sent from the app server to the app to "URL that can be use to get the data".

(これは議論ではなくメモです) MastodonからWebPushでアプリサーバに送られるデータには署名があり、その検証のためのHTTPヘッダを含みます。 ところがアプリサーバがその全てを含む形にデータを整形すると、それはPush Provider が許容するペイロードサイズに収まらないことがあります。 この問題を回避するにはアプリサーバがデータストアとなり、データが長すぎる場合にはアプリサーバからアプリに送り出すデータを「データを取得できるURL」に変更する必要があります。

[IzzySoft]

@tateisu I'm no dev, so I have no idea about the internals or how to implement. I know a few apps using UP, and I didn't hear about any problems they were facing. As for "trend": True, I cannot tell about JP. But for me personally, one of the reasons I avoid to install/use an app is that it contains Firebase (or any other proprietary components like that, e.g. GMS or, worse, Facebook SDK etc).

[BoFFire]

Update about using UnifiedPush : https://fosstodon.org/@unifiedpush/109691465419893051

More détails : https://floss.social/@mattj/109666686416465083