IzzySoft
commented
3 years ago Looks like nobody cares? Any news on this? @tananaev ?
Closed IzzySoft closed 1 year ago
IzzySoft
commented
3 years ago Looks like nobody cares? Any news on this? @tananaev ?
tananaev
commented
3 years ago Haven't had time to look into it. Feel free to investigate if you have time.
IzzySoft
commented
3 years ago Wish I had, but too many task already… Wait, quick check found this in presentation/build.gradle#L192:
implementation 'com.google.firebase:firebase-messaging'
implementation 'com.google.firebase:firebase-analytics'shouldn't that be withAnalyticsImplementation?
tananaev
commented
3 years ago Could be. I'll need to check. This is a fork of the original project, so I'm not that familiar with the code.
IzzySoft
commented
3 years ago Thanks Anton! I'm not even an Android dev. But from what I've learned on reading gradle files, implementation always applies to all flavors (so the two above would also be in the NoAnalytics) – while if you want to have them in specific flavors only, you have to prefix them accordingly (like withAnalyticsImplementation in our case here). Hence the solution could be as easy as that – or the other flavor could break if those parts are addressed there by other means. Worth a try, though.
tananaev
commented
3 years ago Actually we use firebase for push notifications, so I guess they automatically include analytics. So, this is expected.
IzzySoft
commented
3 years ago @tananaev close, but no cigar. It's including analytics by default, true – but that can be configured (I know that because I have several apps in my repo which use FCM but have no Analytics enabled). I'm no Android dev, so I cannot tell you how – but AFAIR it was quite simple.
So may I ask you to (reopen and) reconfigure Firebase? You might even consider switching to UnifiedPush for push notifications, giving the user the chance to pick the provider they prefer (apart from FCM, this also supports Gotify which even has a client available at F-Droid, plus NoProvider2Push).
tananaev
commented
3 years ago We can probably do this:
https://firebase.google.com/docs/analytics/configure-data-collection?platform=android
IzzySoft
commented
3 years ago That should do it, yes: with all collections etc permanently disabled, the code should be left out. And yes, that's about what I remembered: just 2 settings need to be applied. Looks like 3 now maybe, but well :wink: Thanks!
IzzySoft
commented
1 year ago So any chance this will happen? There hasn't been a release since. You're still maintaining it, right?
tananaev
commented
1 year ago We're maintaining it, but I don't have time to work on this.
IzzySoft
commented
1 year ago Thanks! And yeah, I know that feeling… All the best then, and may Santa bring a sack of time to all of us!
IzzySoft
commented
1 year ago There's still the trackers in the noAnalytics APK:
Offending libs:
---------------
* Firebase Data Transport (/com/google/android/datatransport): NonFreeNet
* Google Cloud Messaging (/com/google/android/gms/cloudmessaging): NonFreeDep,NonFreeNet
* Google Mobile Services (/com/google/android/gms): NonFreeDep
* Firebase (/com/google/firebase): NonFreeNet,NonFreeDep
* Firebase Analytics (/com/google/firebase/analytics): NonFreeDep,Tracking
* Firebase Installations (/com/google/firebase/installations): NonFreeNet
6 offenders.So any chance to get rid of Firebase Analytics in this one at least?
tananaev
commented
1 year ago There's no noAnalytics version anymore. What are you talking about?
IzzySoft
commented
1 year ago I'm talking about that there's no noAnalytics version anymore – and the latest one available in my repo has those above "offending libs". That was fetched 2021-07-23 – so there basically was no update for almost 2 years now, as this issue got stalled (and now closed). Taking a look at the APK at the latest release:
Offending libs:
---------------
* Crashlytics (/com/crashlytics): NonFreeDep,Tracking
* Firebase Data Transport (/com/google/android/datatransport): NonFreeNet
* Google Cloud Messaging (/com/google/android/gms/cloudmessaging): NonFreeDep,NonFreeNet
* Google Mobile Services (/com/google/android/gms): NonFreeDep
* Firebase (/com/google/firebase): NonFreeNet,NonFreeDep
* Firebase Analytics (/com/google/firebase/analytics): NonFreeDep,Tracking
* Firebase Installations (/com/google/firebase/installations): NonFreeNet
7 offenders.So now it has even Crashlytics added. If you say that won't change, I'll have to remove the app from my repo – as that's beyond what the inclusion criteria permit. And it makes no sense to keep a totally outdated version there.
As for Cloud Messaging: There's always @UnifiedPush (which you could pre-configure with their FCM distributor for Playstore, and without for FOSS) – giving you the chance to get rid of all those proprietary libs at once (for the FOSS build). Would that be an option for you? Then I'd love to keep your app in my repo.
So again: any chance?
tananaev
commented
1 year ago Feel free to remove the app. Unfortunately I don't have time to work on this.
IzzySoft
commented
1 year ago OK, will do that then. Should you find time one day and have it fixed, please drop me a note so I can re-establish your app. Meanwhile, all the best for you!
Taking a look at the Smali generated using
apktool, the "noAnalytics" APK seems to come with analytics and other GMS stuff:Extract from Smali (click to open)
Could you please verify and, if possible, remove this? Thanks!
PS: Oh, and one minor engine at VT thinks it found a trojan. Most likely a NSA backdoor :speak_no_evil: – eh, I mean a false positive…