non-free and tracking dependencies added with current release

[IzzySoft]

Today's release added several non-free dependencies, bringing Mastify into a pretty dark-gray area (borderline to removal from my repo), making it no longer fully FOSS:

Offending libs:
---------------
* Crashlytics (/com/crashlytics): NonFreeComp,Tracking
* Firebase Data Transport (/com/google/android/datatransport): NonFreeNet
* Google Mobile Services (/com/google/android/gms): NonFreeComp
* Firebase (/com/google/firebase): NonFreeNet,NonFreeComp
* Firebase Analytics (/com/google/firebase/analytics): NonFreeComp,Tracking
* Firebase Installations (/com/google/firebase/installations): NonFreeNet

6 offenders.

While I close an eye for 1 or 2 of those, 6 is too much. I will now remove this version from my repo and disable updates. Please remove those again, or provide the APK of a build-flavor without them.

If you can tell me what those were needed for, I might be able to point to some FOSS alternatives.

Thanks in advance!

[IzzySoft]

@whitescent any note on this? I had updates set to static here (meaning monthly checks instead of daily ones) to give you a chance to get this fixed. Now I had to remove the APK again as it got pulled with the monthly check. If there's not even a response here, next time I'll simply have to remove the app from my repo again. So any chance for a FOSS variant?

[whitescent]

Starting with version 1.4.24, Mastify only includes Firebase Crashlytics, and data collection is turned off by default, it is opt-in mode, and users can turn it on or off at any time.

Mastify only introduces firebase crashlytics to collect all possible errors since the alpha version. It is to improve the stability of the app, and this option is turned off by default. Apart from this, there are no other private libraries.

If this does not meet the standards of F-Droid, please remove mastify from your store. My current focus is on advancing the app's development, but when time allows in the future, I will look into creating a build variant specifically for F-Droid standards. This version will exclude GMS and Firebase, and won't upload any error logs.

[IzzySoft]

Apart of Crashlytics and other closed-source (ans thus proprietary) services, there are several ones available which are FOSS, see e.g. Acceptable Analytics. With the proprietary ones, can you guarantee you're in control what's collected and uploaded? Rhetorical question; you can't. You have to believe what their providers promise. Which have been caught with both hands in the cookie jar more than once, despite assuring us otherwise.

You certainly have the best in mind here, and I don't say I do not trust you – but I do not trust those data collectors, even if "turned off". Apart from the fact that proprietary components indeed are not meeting F-Droid's standards. Also some might think if it wasn't important to do without here, what might happen later – but that of course is hypothetical.

So is sticking to those proprietary components (understood, until you have time to care for a separate build flavor) your last word? Then indeed the options would be to either disable updates for your app entirely until then or, as you suggested, to remove it. In either case, those who expressed their joy for another FOSS client showing up in my repo will be rather disappointed – but that can't be helped then.

Anyway, thanks for your open answer!

[IzzySoft]

@whitescent any word? I'll have to disable updates altogether until solved.

[IzzySoft]

@whitescent as there still was no update on this and the monthly checker pulled in the affected APK again so I had to remove it manually, I'm now disabling updates altogether. Please let me know once a proper release is in place so I can re-enable updates. Will set myself a reminder to check back with you in, say, 2 months. Should you insist in keeping all those things in, I'm afraid I'll have to remove Mastify from IzzyOnDroid.