Closed IzzySoft closed 1 year ago
Looks like nobody cares? Any news on this? @tananaev ?
Haven't had time to look into it. Feel free to investigate if you have time.
Wish I had, but too many task already… Wait, quick check found this in presentation/build.gradle#L192
:
implementation 'com.google.firebase:firebase-messaging'
implementation 'com.google.firebase:firebase-analytics'
shouldn't that be withAnalyticsImplementation
?
Could be. I'll need to check. This is a fork of the original project, so I'm not that familiar with the code.
Thanks Anton! I'm not even an Android dev. But from what I've learned on reading gradle files, implementation
always applies to all flavors (so the two above would also be in the NoAnalytics) – while if you want to have them in specific flavors only, you have to prefix them accordingly (like withAnalyticsImplementation
in our case here). Hence the solution could be as easy as that – or the other flavor could break if those parts are addressed there by other means. Worth a try, though.
Actually we use firebase for push notifications, so I guess they automatically include analytics. So, this is expected.
@tananaev close, but no cigar. It's including analytics by default, true – but that can be configured (I know that because I have several apps in my repo which use FCM but have no Analytics enabled). I'm no Android dev, so I cannot tell you how – but AFAIR it was quite simple.
So may I ask you to (reopen and) reconfigure Firebase? You might even consider switching to UnifiedPush for push notifications, giving the user the chance to pick the provider they prefer (apart from FCM, this also supports Gotify which even has a client available at F-Droid, plus NoProvider2Push).
We can probably do this:
https://firebase.google.com/docs/analytics/configure-data-collection?platform=android
That should do it, yes: with all collections etc permanently disabled, the code should be left out. And yes, that's about what I remembered: just 2 settings need to be applied. Looks like 3 now maybe, but well :wink: Thanks!
So any chance this will happen? There hasn't been a release since. You're still maintaining it, right?
We're maintaining it, but I don't have time to work on this.
Thanks! And yeah, I know that feeling… All the best then, and may Santa bring a sack of time to all of us!
There's still the trackers in the noAnalytics
APK:
Offending libs:
---------------
* Firebase Data Transport (/com/google/android/datatransport): NonFreeNet
* Google Cloud Messaging (/com/google/android/gms/cloudmessaging): NonFreeDep,NonFreeNet
* Google Mobile Services (/com/google/android/gms): NonFreeDep
* Firebase (/com/google/firebase): NonFreeNet,NonFreeDep
* Firebase Analytics (/com/google/firebase/analytics): NonFreeDep,Tracking
* Firebase Installations (/com/google/firebase/installations): NonFreeNet
6 offenders.
So any chance to get rid of Firebase Analytics in this one at least?
There's no noAnalytics
version anymore. What are you talking about?
I'm talking about that there's no noAnalytics
version anymore – and the latest one available in my repo has those above "offending libs". That was fetched 2021-07-23 – so there basically was no update for almost 2 years now, as this issue got stalled (and now closed). Taking a look at the APK at the latest release:
Offending libs:
---------------
* Crashlytics (/com/crashlytics): NonFreeDep,Tracking
* Firebase Data Transport (/com/google/android/datatransport): NonFreeNet
* Google Cloud Messaging (/com/google/android/gms/cloudmessaging): NonFreeDep,NonFreeNet
* Google Mobile Services (/com/google/android/gms): NonFreeDep
* Firebase (/com/google/firebase): NonFreeNet,NonFreeDep
* Firebase Analytics (/com/google/firebase/analytics): NonFreeDep,Tracking
* Firebase Installations (/com/google/firebase/installations): NonFreeNet
7 offenders.
So now it has even Crashlytics added. If you say that won't change, I'll have to remove the app from my repo – as that's beyond what the inclusion criteria permit. And it makes no sense to keep a totally outdated version there.
As for Cloud Messaging: There's always @UnifiedPush (which you could pre-configure with their FCM distributor for Playstore, and without for FOSS) – giving you the chance to get rid of all those proprietary libs at once (for the FOSS build). Would that be an option for you? Then I'd love to keep your app in my repo.
So again: any chance?
Feel free to remove the app. Unfortunately I don't have time to work on this.
OK, will do that then. Should you find time one day and have it fixed, please drop me a note so I can re-establish your app. Meanwhile, all the best for you!
Taking a look at the Smali generated using
apktool
, the "noAnalytics" APK seems to come with analytics and other GMS stuff:Extract from Smali (click to open)
Could you please verify and, if possible, remove this? Thanks!
PS: Oh, and one minor engine at VT thinks it found a trojan. Most likely a NSA backdoor :speak_no_evil: – eh, I mean a false positive…